Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Azure DNS needs DNSSEC support

      DNSSEC is required to be able to secure your DNS requests. At the moment this is not available. We cannot move until our domains to Azure DNS untill these requirements have been met.

      6,131 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      273 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    2. Stop/Start Virtual Network Gateway - to don't pay when it not in use

      There are two charges related to the Azure VPN service: the compute resource charge at $0.05/hour, and the egress data volume charge. Both are based on resource consumption, Unfortunately, even if the VPN tunnels are not connected, the gateway compute resource is still being consumed and will cost ~$38 monthly!

      This is not really "Pay only for what you use".

      Need functionality to “STOP” (and of course "START") a gateway if the customer is certain that the gateway will not be in use.

      2,734 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      142 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Support WebSocket connections on Azure Front Door

      Add support for WebSocket connections with load balancing on Azure Front Door

      2,088 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      69 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow Mutual SSL Auth on Application Gateway

      At the moment SSL termination is possible with Application Gateway but it doesn't cater for instances where client authentication is required (mutual auth). So if client auth is required, SSL needs to be passed through and terminated on each of the web servers. This increases load across the server farm and makes management of certificates more difficult since all certs need to be maintained on all servers. I believe this function is available with API Management but the additional cost is hard to justify if one doesn't require the other additional features. So having mutual SSL auth capability built into…

      1,766 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      101 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Bastion supporting vnet peering for Hub & Spoke design

      Please allow us to deploy Bastion in Hub & Spoke vnet design. It makes sense to deploy Bastion in Hub vnet only. Than we can access VMs in spoke vnets from Bastion. Hub & Spoke design is Azure recommended Reference architecture, make sense to support it.

      1,656 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      46 comments  ·  Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    6. Azure should be its own domain registrar

      Windows Azure should offer domain registrar services so users don't have to maintain our domain names with a separate company. This also has the potential to greatly streamline the process of setting up a website on Azure.

      1,639 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      53 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    7. Load Balancer and Public IP SKU.

      There must be an option of Upgrading Public IP SKU from Basic to Standard without losing Static PIP as it is a creating a big road block when we do any planning like moving existing PIP behind any NVA Standard Load balancer.
      If any existing Production Server are already running on Basic PIP then it is very tough to make any decisions to upgrade SKU or move it behind any Standard ELB.

      Need suggestion here how and till what time we can overcome here.

      1,639 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      81 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    8. Extend Azure DNS to support zone transfers so it can be used as seconday DNS

      If Azure DNS supported zone transfers, then if could be used both as a reliable secondary DNS service, or as an external proxy service for AD split-brain, or on-premise hosted DNS configurations.

      1,572 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      76 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    9. Provide a 301 (Permanent) redirect service for apex (naked) domains

      Discussed in the Azure DNS docs: https://azure.microsoft.com/en-us/documentation/articles/dns-getstarted-create-recordset/#comment-2294403853

      Right now, you must use a static IP address if you want to point an apex (naked) domain (e.g., mycompany.com) to a Cloud Service (e.g., mycloudservice.cloudapp.net). Static IP's are stable as long as the Cloud Service isn't deprovisioned; however, for maximum security, simplicity, and maintainability (i.e., even if a cloud service is deprovisioned), it would be awesome if we could have 301 redirects for the apex domain to a the www CNAME endpoint and not need to be concerned with the IP address of the Cloud Service at all. The scenario goes like…

      1,397 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      32 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    10. Azure Private DNS Zone resolution from OnPremise

      Make it possible to enable the Name Resolution from onpremise if i have an azure private dns Zone.

      It should be possible to make an Forward from onpremise dns to an azure private dns Zone.

      1,368 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  56 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    11. Allow file transfer to Azure Bastion sessions

      Not being able to transfer files to a VM using a Bastion session really limits the usability. Please enable this feature.

      1,324 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  37 comments  ·  Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    12. Application Gateway: Support wildcard hosts in listeners

      Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)

      So, to support this, we have a wildcard SSL certificate for each zone e.g. *.z1.contoso.com, *.z2.contoso.com.

      In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear…

      1,132 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      57 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Add a Network Security Group tag for Windows Update

      I'd like to be able to block all outbound traffic on my NSG but still allow windows update to work. This is difficult to do as the windows update depends on quite a few DNS names and the IP address of these apparently changes often.

      If I could specify an "Allow" rule for a service tag called "WindowsUpdate" or similar with a higher priority than my "DenyAll" rule this would acheive this.

      1,054 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      77 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    14. Allow DNS servers to be advertised per subnet instead of VNET

      Instead of advertising the DNS servers per VNET, is there anyway we can specify what DNS servers should be advertised per subnet? In most cases, I would create a VNET and use NSGs to segregate out my traffic.

      The problem with specifying the DNS servers for the whole VNET, is now I am required to create a completely separate VNET for a DMZ, as my internal DNS servers are being advertised to those machines. In this case, being able to specify DNS servers at a subnet level will allow more flexibility in regards to creating one VNET instead of multiple…

      820 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      31 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    15. change virtual machine virtual network through portal

      Today, I needed to change a virtual network to a existing Virtual Machine. I had to delete this VM, create a new one using attached disks from the old one and set the Virtual Network. It would be nice if we had another way to do that, using Portal for example.

      819 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      16 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    16. Azure Application Gateway WAF Mode Increase Limit on SecRequestBodyLimit

      When we have the WAF set to prevention mode some of our HTTP post are denied with code 413.

      Request body no files data length is larger than the configured limit (131072).. Deny with code (413)

      Can you make these two settings configurable on the WAF?

      SecRequestBodyLimit
      SecRequestBodyNoFilesLimit

      Thanks
      Mark

      803 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      50 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Let's Encrypt Integration for HTTPS certificates

      It should be possible to define a list of SSL hostnames. Application Gateway should automatically acquire and renew certificates for all given hostnames (most probably through the HTTP domain validation process).

      For every request, Application Gateway should use the correct certificate based on the hostname.

      Supporting multiple hostnames is critical to use Let's Encrypt with multi-site routing.

      802 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. TLS 1.3 and HSTS Support for Azure Application Gateway

      This is about a feature request for an Azure Application Gateway to support TLS 1.3 and HSTS.
      At least HSTS is just a secure header which should be trivial to implement.
      I`m looking forward to a feedback.

      755 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      21 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    19. Allow creation of NSG rules based on FQDN along with Ports

      NSG gives option to configure NSG rules with IPAddress and Ports. Same like that we need option to configure Inbound/Outbound NSG rules based on the FQDN. Because most of our customers wants to block Internet access from their Azure IaaS VMs, If we do so, we lose the ability to configure Azure Disk Encryption, Azure Keyvault, Azure File Storage Services, Azure Websites...etc. Because all these Azure services requires its endpoints (FQDN) to be reachable from inside the VM

      724 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      13 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    20. Hibernate/pause a resource group or subscription

      After talking to one of your Senior Support Engineers, they suggested I made a feature request for this.

      I'd like to be able to pause, hibernate or otherwise stop a resource group or subscription so that it incurs minimal costs when not in use. I'm suggesting resource group or subscription as one may be easier to implement than the other. Ideally this would be done through ARM but I’d settle for doing it via PowerShell if needed.

      I appreciate that VMs can be deallocated but we found that a customer's solution was still using approximately £200 a month due to…

      700 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      13 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 77 78
    • Don't see your idea?

    Feedback and Knowledge Base