Identify Connectivity Issues with ISE Network Health Blade

By having dedicated capacity, organizations are less prone to load impacts by other customers. In addition, having an ISE being deployed within a VNet allows for more robust connectivity to other networks, including your on-premises network, provided it is also connected to the same VNet. However, it also means that if an organization blocks specific network ports, it can have an ill-effect on your ISE’s behavior.

Microsoft has outlined specific ports that must be open, in order to ISE to perform properly. If these network ports are blocked, organizations may experience issues like viewing run history inputs/outputs or being able to access Integration Accounts during runtime. Unfortunately, this causes havoc when trying to execute an XSLT data transformation, amongst other things.

So how can organizations detect when there are issues related to network ports? The answer lies in the Network Health blade that exists within the Integration Service Environment experience. Here, the Azure Portal will display the status of all of the subnets that are required for logic apps to run properly. If you do run into this problem, you need to take a look at your Network Security Group (NSG) Inbound and Outbound security rules and ensure that the appropriate ports are open based upon Microsoft’s requirements.

Once you have made the required changes, you need to Refresh the Network Health blade to ensure the Status of all Subnets have turned to Healthy.

Conclusion

While Azure Logic Apps ISE is a managed service provided by Microsoft, organizations need to ensure they are not being too aggressive with blocking inbound and outbound ports for the ISE to properly function.