Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Bring Your Own Public IP Address space and Internet subnet routing in Azure Virtual Networks

      When you own a public address space IPv4 and/or IPv6, Windows Azure should provide a way to use it (via LISP and/or classic routing).
      When you don't own a public address space, you should be able to rent it for your virtual network on Windows Azure both via Microsoft or via Tunnel Broker providers

      263 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    2. Azure DevOps Whitelisting

      Please create service tag for Azure DevOps Hosted Build Agents. I have been told that to allow hosted agent access through NSG - to my ASE's, I need to whitelist ALL external Azure IPs.. This is unaccesptable from a Security standpoint. Please address immediately

      https://developercommunity.visualstudio.com/idea/467755/static-ip-address-for-azure-devops.html?childToView=571222#comment-571222

      254 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    3. Allow multiple reserved IP addresses be assigned to a single VM

      Currently you can only have one reserved (static) public IP for a given Azure VM. This limits any case where you would want to run multiple SSL enabled sites/applications on the standard 443 port.

      I understand there is support for SNI SSL with host headers but not all applications and devices support this feature. Current competition in you market allow up to 5 IPs. A limit I believe is still arbitrarily low given the power of your larger VM instances available.

      122 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    4. Feature Central IP Object usable for ALL Azure Resources

      Central IP Object usable for ALL Azure Resources

      In this new feature (ex : Azure IP Object management) user can create IP Object (List of Ips or Subnet) this object can be added in any Azure Resources who have a Firewall (Azure SQL, Storage Account, WebApp,...)

      For Exemple:
      You create an Object "Company Public IPs" and you add in this object All your company Public IP.
      In your Azure resources Firewall (WebApp, AzureDB, NSG,...) you specify this Object to allowing access.

      If tomorrow you need to add a new public IP you just need to add this new public IP…

      78 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. Expose IP address ranges via API

      You can download an XML file of Azure IP address ranges from http://www.microsoft.com/en-us/download/details.aspx?id=41653. It's updated weekly.
      It would be nice to be able to access this list via an API so that we could automate any changes required when the Azure's IP address list changes.
      Kind of like what Amazon does: https://aws.amazon.com/blogs/aws/aws-ip-ranges-json/

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  4 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    6. Block out access to azure resources from outside

      I am looking for a way to completely block out access to azure resources from outside of Japan. An access from abroad is most likely from a person who are not from our company.

      Recently, I am terribly worried because there are a lot of illegal access from the outside country. It's very reassuring to have the ability to shut off foreign access in Azure. This scenario is difficult to achieve because the NSG feature has a limit in a number of IP addresses which can be restricted.

      45 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    7. Provide a rest api to access the list of Azure IP Addresses

      Please provide an api that will us to gather the full list of azure ip addresses, the ones added in the last week, and the ones deleted in the last week. This would be used to automate the weekly changes we need to make to accommodate these changes.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    8. Manage allowed IP addresses - show and allow to add current IP address with one click (like in the old portal)

      Now you have to know your current IP address and enter it manually to allow access to SQL - means you need to find out your ip first.

      In the old portal you have the option to add your current IP address with one click (see attached screenshot).

      I would love it if you bring this feature to the new portal.

      32 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    9. NVA Public IP

      Ability to assign Public IP to an NVA interface, without going through the Azure Internal NAT. Like Onpremise Firewall. Currently, Azure creates interfaces with Private and Public IP, but only permit assigns Private IP to the NVA interfaces.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    10. difrentiate IP ranges per service

      At the moment if we want to restrict access to Azure services we need to whitelist entire Region. PCI certification requirements require to limit also outgoing access to the specific IP addreses to avoid possibility that attacker will be able to exfiltrate data from attacked machine.
      With current scenario (whitelisting entire region) attacker can put FTP or HTTP upload server in the same region of the Azure and successfully upload data there. If ranges would be specific for services (e.g. Sql Azure, Key Vault, etc) then such exfiltration wouldn't be possible as we could restrict access to the services which…

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    11. Public IP Address Lock Period After Deletion

      It would be valuable to have a lock period for a public IP address that has been deleted from Azure. A use case would be if a user accidentally removes a public IP address from the Azure Portal, az cli, terraform, etc., a lock period of ~30 minutes is put in place so that the user is able to recreate the public IP address resource and bind to the previously deleted IP address.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Hi Nate,

      Thanks for your feedback. In order to help reduce deleting dynamic Public IPs by accident, we added a feature in the Azure Portal that will prompt to ask customers if they want to reserve the IP address before deleting.

      In the future, we will default to Static Public IPs to prevent users from hitting this issue. However, we will not be building a lock mechanism.

      Hope this helps.

      - Anavi N [MSFT]

    12. Create Azure IP address search tool for Network Watcher / Network Diagnostic Tools

      NSG logging is nice that it reports communication between azure objects. However, its not always obvious which service / vm the IP address represents in an NSG log.

      It would be very helpful if there was some kind of Azure IP address lookup tool where you supply a VNet address and an IP address and then the search tool would show you which Azure object that IP Address corresponds (Object Name, Object Type).

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    13. Add a feature that gives you an static IP regardless of what server you attach to it.

      Add a feature that gives you an static IP regardless of what server you attach to it. That wat, if you have to migrate your server you keep your IP Address.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    14. APIM as Service

      hi team,

      would like to have IPAM as service: it would be nice to be able to create an "Azure IP range" and then request IP ranges for new vNets from it, perform inventory etc.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    15. Provide an IP and URL address service, like Office 365, to replace the XML download process.

      Provide an IP and URL address service like Office 365 to replace the XML download process for Azure Datacenter IP address ranges.

      For example - Office 365 Link: https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    16. Change idle timeout shorter than 4 minutes.

      We can use TCP idle timeout 4 minutes which is minimum value. My App must configure shorter than 4 minutes. E,g 5sec, 10sec. I strong hope we can change its value configure shorter than 4 minutes.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    17. IP report(Risky IP) and User Report(Bad Password Attempts) from the Azure should be merged into one report. Find a user from which IP cannot

      IP report(Risky IP) and User Report(Bad Password Attempts) from the Azure should be merged into one report. Finding a user from which IP cannot directly

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    18. BYOIP to Azure?

      BYOIP to Azure would be a great feature.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    19. I really HATE that Azure can not handle virtual IP addresses. Azure broke our application.

      In line with another post that I voted for.

      I have been working with clustered environments in Linux for many years.

      Our application is capable of controlling the failover of a virtual IP address, to the active node in an Active / Passive cluster.

      But, the Azure cloud is not capable of assigning an IP address, without being tied to a MAC address.

      Our application is now broken!

      You need to allow the assignment of virtual IP addresses for clustered environment, active node failover.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    20. Allow configure Azure Endpoint (App/Cloud Service) and External Endpoint (AP/F5 SLB VIP) in the same ATM profile

      We’ve a service currently running in AutoPilot environment and it’s DNS endpoint is configured behind AP SLB VIP. We deployed and configured same service in Azure, and now we want to rout the traffic from “AP SLB VIP” to “App Service” running under mentioned Azure subscription.

      I’ve created a ATM profile and Service DNS endpoint is now CNAME-ed to this ATM profile. Currently, this ATM profile is configured with AP SLB VIP underneath as “External Endpoint”. In order to execute traffic transition from AP SLB VIP to App Service, I need to configure the “App service” as a secondary endpoint…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1
    • Don't see your idea?

    Feedback and Knowledge Base