You are here: Cloud Platforms > Microsoft Azure > Example Deployment

Example Deployment

This section demonstrates an example of PVSPassive Vulnerability Scanner running on a virtual machine functioning as a NAT gateway instance within a Microsoft Azure Virtual Network.

In the examples used in the instructions for setting up a NAT gateway, the Virtual Network pvsVNet was created, which has the network range Additionally, the virtual machine instance pvsNatGateway was created in the pvsPublic subnet to function as the NAT gateway. In this example, three other virtual machine instances were created within the pvsPrivate subnet. None of the virtual machine instances in pvsPrivate are assigned an external IP address and all outgoing traffic is routed through pvsNatGateway .

In this example, there are four virtual machine instances within pvsVNet:

VM Instance Name Internal IP Has External IP?
pvsNatGateway Yes
exampleInstance No
exampleInstance2 No
exampleInstance3 No

PVS is running on pvsNatGateway and has the following configuration:

Configuration Parameter Value
Monitored Network Interfaces eth0
Monitored Network IP Addresses and Ranges

With this configuration, PVS will monitor traffic

  • from the internal virtual machine instances to the Internet,
  • between pvsNatGateway and the internal virtual machine instances,
  • from the Internet to internal virtual machine instances if you have enabled port forwarding on the NAT gateway to make them Internet accessible,
  • and between pvsNatGateway and the Internet.

    Note: Azure policy prevents interfaces from operating in promiscuous mode. As a result, PVS can't monitor traffic between other virtual instances.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.