Recently Viewed Topics
This section demonstrates an example of PVSPassive Vulnerability Scanner running on a virtual machine functioning as a NAT gateway instance within a Microsoft Azure Virtual Network.
In the examples used in the instructions for setting up a NAT gateway, the Virtual Network pvsVNet was created, which has the network range 10.240.0.0/16. Additionally, the virtual machine instance pvsNatGateway was created in the pvsPublic subnet to function as the NAT gateway. In this example, three other virtual machine instances were created within the pvsPrivate subnet. None of the virtual machine instances in pvsPrivate are assigned an external IP address and all outgoing traffic is routed through pvsNatGateway .
In this example, there are four virtual machine instances within pvsVNet:
|VM Instance Name||Internal IP||Has External IP?|
PVS is running on pvsNatGateway and has the following configuration:
|Monitored Network Interfaces||eth0|
|Monitored Network IP Addresses and Ranges||10.240.0.0/16|
With this configuration, PVS will monitor traffic
- from the internal virtual machine instances to the Internet,
- between pvsNatGateway and the internal virtual machine instances,
- from the Internet to internal virtual machine instances if you have enabled port forwarding on the NAT gateway to make them Internet accessible,
and between pvsNatGateway and the Internet.
Note: Azure policy prevents interfaces from operating in promiscuous mode. As a result, PVS can't monitor traffic between other virtual instances.