Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Change existing Public IP SKU from Basic to Standard

      We have already setup our business in Azure and utilize Public IPs in our infrastructure that are used by many different clients. With the release of Standard SKU Load Balancer and the requirement for Standard SKU Public IPs, we cannot proceed to upgrade our setup. A change in IPs would mean weeks or even months in planning/communication and reconfiguration of firewalls,VPNs,application restrictions.

      556 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      28 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    2. Allow multiple reserved IP addresses be assigned to a single VM

      Currently you can only have one reserved (static) public IP for a given Azure VM. This limits any case where you would want to run multiple SSL enabled sites/applications on the standard 443 port.

      I understand there is support for SNI SSL with host headers but not all applications and devices support this feature. Current competition in you market allow up to 5 IPs. A limit I believe is still arbitrarily low given the power of your larger VM instances available.

      122 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    3. Feature Central IP Object usable for ALL Azure Resources

      Central IP Object usable for ALL Azure Resources

      In this new feature (ex : Azure IP Object management) user can create IP Object (List of Ips or Subnet) this object can be added in any Azure Resources who have a Firewall (Azure SQL, Storage Account, WebApp,...)

      For Exemple:
      You create an Object "Company Public IPs" and you add in this object All your company Public IP.
      In your Azure resources Firewall (WebApp, AzureDB, NSG,...) you specify this Object to allowing access.

      If tomorrow you need to add a new public IP you just need to add this new public IP…

      78 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    4. Block out access to azure resources from outside

      I am looking for a way to completely block out access to azure resources from outside of Japan. An access from abroad is most likely from a person who are not from our company.

      Recently, I am terribly worried because there are a lot of illegal access from the outside country. It's very reassuring to have the ability to shut off foreign access in Azure. This scenario is difficult to achieve because the NSG feature has a limit in a number of IP addresses which can be restricted.

      44 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    5. Provide a rest api to access the list of Azure IP Addresses

      Please provide an api that will us to gather the full list of azure ip addresses, the ones added in the last week, and the ones deleted in the last week. This would be used to automate the weekly changes we need to make to accommodate these changes.

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    6. Manage allowed IP addresses - show and allow to add current IP address with one click (like in the old portal)

      Now you have to know your current IP address and enter it manually to allow access to SQL - means you need to find out your ip first.

      In the old portal you have the option to add your current IP address with one click (see attached screenshot).

      I would love it if you bring this feature to the new portal.

      32 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    7. NVA Public IP

      Ability to assign Public IP to an NVA interface, without going through the Azure Internal NAT. Like Onpremise Firewall. Currently, Azure creates interfaces with Private and Public IP, but only permit assigns Private IP to the NVA interfaces.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    8. difrentiate IP ranges per service

      At the moment if we want to restrict access to Azure services we need to whitelist entire Region. PCI certification requirements require to limit also outgoing access to the specific IP addreses to avoid possibility that attacker will be able to exfiltrate data from attacked machine.
      With current scenario (whitelisting entire region) attacker can put FTP or HTTP upload server in the same region of the Azure and successfully upload data there. If ranges would be specific for services (e.g. Sql Azure, Key Vault, etc) then such exfiltration wouldn't be possible as we could restrict access to the services which…

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    9. Public IP Address Lock Period After Deletion

      It would be valuable to have a lock period for a public IP address that has been deleted from Azure. A use case would be if a user accidentally removes a public IP address from the Azure Portal, az cli, terraform, etc., a lock period of ~30 minutes is put in place so that the user is able to recreate the public IP address resource and bind to the previously deleted IP address.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Hi Nate,

      Thanks for your feedback. In order to help reduce deleting dynamic Public IPs by accident, we added a feature in the Azure Portal that will prompt to ask customers if they want to reserve the IP address before deleting.

      In the future, we will default to Static Public IPs to prevent users from hitting this issue. However, we will not be building a lock mechanism.

      Hope this helps.

      - Anavi N [MSFT]

    10. Add a feature that gives you an static IP regardless of what server you attach to it.

      Add a feature that gives you an static IP regardless of what server you attach to it. That wat, if you have to migrate your server you keep your IP Address.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    11. APIM as Service

      hi team,

      would like to have IPAM as service: it would be nice to be able to create an "Azure IP range" and then request IP ranges for new vNets from it, perform inventory etc.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    12. Provide an IP and URL address service, like Office 365, to replace the XML download process.

      Provide an IP and URL address service like Office 365 to replace the XML download process for Azure Datacenter IP address ranges.

      For example - Office 365 Link: https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    13. Change idle timeout shorter than 4 minutes.

      We can use TCP idle timeout 4 minutes which is minimum value. My App must configure shorter than 4 minutes. E,g 5sec, 10sec. I strong hope we can change its value configure shorter than 4 minutes.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    14. IP report(Risky IP) and User Report(Bad Password Attempts) from the Azure should be merged into one report. Find a user from which IP cannot

      IP report(Risky IP) and User Report(Bad Password Attempts) from the Azure should be merged into one report. Finding a user from which IP cannot directly

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    15. I really HATE that Azure can not handle virtual IP addresses. Azure broke our application.

      In line with another post that I voted for.

      I have been working with clustered environments in Linux for many years.

      Our application is capable of controlling the failover of a virtual IP address, to the active node in an Active / Passive cluster.

      But, the Azure cloud is not capable of assigning an IP address, without being tied to a MAC address.

      Our application is now broken!

      You need to allow the assignment of virtual IP addresses for clustered environment, active node failover.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    16. Allow configure Azure Endpoint (App/Cloud Service) and External Endpoint (AP/F5 SLB VIP) in the same ATM profile

      We’ve a service currently running in AutoPilot environment and it’s DNS endpoint is configured behind AP SLB VIP. We deployed and configured same service in Azure, and now we want to rout the traffic from “AP SLB VIP” to “App Service” running under mentioned Azure subscription.

      I’ve created a ATM profile and Service DNS endpoint is now CNAME-ed to this ATM profile. Currently, this ATM profile is configured with AP SLB VIP underneath as “External Endpoint”. In order to execute traffic transition from AP SLB VIP to App Service, I need to configure the “App service” as a secondary endpoint…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    17. Need a 1 to 1 mapping between data centers and the IP range list

      Trying to use Azure Backup to German Northeast and North Central US.

      Would be nice if there was a one to one mapping between the regions displayed here: https://azure.microsoft.com/en-ca/global-infrastructure/regions/

      and what is listed here: https://www.microsoft.com/en-us/download/details.aspx?id=41653

      Having problems guessing which region to use for the for following locations:

      German Northeast - options:

      <Region Name="europeeast">

      <Region Name="europenorth2">

      <Region Name="europenorth">

      North Central US: options:

      <Region Name="uscentraleuap">

      <Region Name="uscentral">

      <Region Name="usnorth">

      <Region Name="uswestcentral">

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base