Currently, the ISE does not provide any alert in case of any events that led to having unhealthy subnet(s)
the provided logic app will call HTTP management endpoint from azure
How to build the logic app
the logic app will run periodically and get the content of the endpoint
https://management.azure.com/subscriptions/../resourceGroups/../providers/Microsoft.Logic/integrationServiceEnvironments/../health/network?api-version=2018-07-01-preview
I am using the action HTTP with Azure AD
the action will get a JSON content that shows the net health status
{
"CSS-ISE-Sub4": {
"networkDependencyHealthState": "Healthy",
"outboundNetworkDependencies": [
{
"category": "AzureStorage",
"displayName": "Azure Storage",
"endpoints": [
{
"domainName": "bvzkkzolbtymq00by.blob.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "bvzkkzolbtymq00by.queue.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "bvzkkzolbtymq00by.table.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "bvzkkzolbtymqregby.blob.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "bvzkkzolbtymqregby.queue.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "bvzkkzolbtymqregby.table.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "bvzkkzolbtymqaftsby.blob.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "bvzkkzolbtymqaftsby.queue.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "bvzkkzolbtymqaftsby.table.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
}
]
},
{
"category": "AzureActiveDirectory",
"displayName": "Azure Active Directory",
"endpoints": [
{
"domainName": "graph.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
}
]
},
{
"category": "SSLCertificateVerification",
"displayName": "SSL Certificate Verification",
"endpoints": [
{
"domainName": "ocsp.msocsp.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "mscrl.microsoft.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "crl.microsoft.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "www.microsoft.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "crl3.digicert.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "ocsp.digicert.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "cacerts.digicert.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "www.thawte.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
}
]
},
{
"category": "DiagnosticLogsAndMetrics",
"displayName": "Diagnostic Logs And Metrics",
"endpoints": [
{
"domainName": "az-prod.metrics.nsatc.net",
"ports": [
"443"
],
"accessibility": "Available"
}
]
},
{
"category": "IntegrationServiceEnvironmentConnectors",
"displayName": "Integration Service Environment Connectors",
"endpoints": [
{
"domainName": "flow-bvzkkzolbtymq-by-apim-runtime.westus.environments.microsoftazurelogicapps.net",
"ports": [
"443"
],
"accessibility": "Available"
}
]
}
],
"outboundNetworkHealth": {
"state": "Healthy"
}
},
"CSS-ISE-Sub2": {
"networkDependencyHealthState": "Healthy",
"outboundNetworkDependencies": [
{
"category": "SQL",
"displayName": "SQL",
"endpoints": [
{
"domainName": "apirpsql2ez4bajpcjjlkmaa.database.windows.net",
"ports": [
"1443"
],
"accessibility": "Available"
}
]
},
{
"category": "RecoveryService",
"displayName": "Recovery Service",
"endpoints": [
{
"domainName": "https://global.metrics.nsatc.net/",
"ports": [
"1886"
],
"accessibility": "Available"
}
]
},
{
"category": "RecoveryService",
"displayName": "Recovery Service",
"endpoints": [
{
"domainName": "https://prod3.metrics.nsatc.net:1886/RecoveryService",
"ports": [
"1886"
],
"accessibility": "Available"
}
]
},
{
"category": "AzureStorage",
"displayName": "Azure Storage",
"endpoints": [
{
"domainName": "apimstufsse40dnm8wl2aozs.blob.core.windows.net",
"ports": [
"443"
],
"accessibility": "Available"
},
{
"domainName": "apimstufsse40dnm8wl2aozs.file.core.windows.net",
"ports": [
"445"
],
"accessibility": "Available"
},
{
"domainName": "apimstufsse40dnm8wl2aozs.queue.core.windows.net",
"ports": [
"443"
],
"accessibility": "Available"
},
{
"domainName": "apimstufsse40dnm8wl2aozs.table.core.windows.net",
"ports": [
"443"
],
"accessibility": "Available"
},
{
"domainName": "gcs.prod.monitoring.core.windows.net",
"ports": [
"443"
],
"accessibility": "Available"
}
]
}
],
"outboundNetworkHealth": {
"state": "Healthy"
}
},
"CSS-ISE-Sub3": {
"networkDependencyHealthState": "Healthy",
"outboundNetworkDependencies": [
{
"category": "AzureStorage",
"displayName": "Azure Storage",
"endpoints": [
{
"domainName": "blob.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "queue.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "table.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "file.core.windows.net",
"ports": [
"80",
"443"
],
"accessibility": "Available"
}
]
},
{
"category": "SQL",
"displayName": "Azure SQL Database",
"endpoints": [
{
"domainName": "database.windows.net",
"ports": [
"1433"
],
"accessibility": "Available"
}
]
},
{
"category": "AzureManagement",
"displayName": "Azure Management",
"endpoints": [
{
"domainName": "management.core.windows.net",
"ports": [
"443"
],
"accessibility": "Available"
},
{
"domainName": "admin.core.windows.net",
"ports": [
"443"
],
"accessibility": "Available"
},
{
"domainName": "management.azure.com",
"ports": [
"443"
],
"accessibility": "Available"
}
]
},
{
"category": "AzureActiveDirectory",
"displayName": "Azure Active Directory",
"endpoints": [
{
"domainName": "graph.windows.net",
"ports": [
"443"
],
"accessibility": "Available"
}
]
},
{
"category": "RegionalService",
"displayName": "Regional Service",
"endpoints": [
{
"domainName": "gr-prod-bay.cloudapp.net",
"ports": [
"443"
],
"accessibility": "Available"
},
{
"domainName": "az-prod.metrics.nsatc.net",
"ports": [
"443"
],
"accessibility": "Available"
}
]
},
{
"category": "SSLCertificateVerification",
"displayName": "SSL Certificate Verification",
"endpoints": [
{
"domainName": "ocsp.msocsp.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "mscrl.microsoft.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "crl.microsoft.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "www.microsoft.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "crl3.digicert.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "ocsp.digicert.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "cacerts.digicert.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
},
{
"domainName": "www.thawte.com",
"ports": [
"80",
"443"
],
"accessibility": "Available"
}
]
}
],
"outboundNetworkHealth": {
"state": "Healthy"
}
}
}
lots of information can be obtained from this JSON but we will be only interested in networkDependencyHealthState
After parsing the JSON we need to check the health of the three subnets
{
"and": [
{
"equals": [
"@concat(body('Parse_JSON')?['CSS-ISE-Sub2']?['networkDependencyHealthState'],body('Parse_JSON')?['CSS-ISE-Sub3']?['networkDependencyHealthState'],body('Parse_JSON')?['CSS-ISE-Sub4']?['networkDependencyHealthState'])",
"HealthyHealthyHealthy"
]
}
]
}
you can use multiple "Ands" as well
BTW parsing the JSON is not necessary
Last step
the last step will be sending an email and terminate the flow
Updated Nov 11, 2020
Version 1.0
Mohammed_Barqawi
Microsoft
Microsoft