Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support for HTTP to HTTPS redirection for Application Gateway

      When using an Application Gateway to provide SSL offloading for applications hosted on IIS / IaaS, there is no native option to redirect HTTP requests to HTTPS. Without redirection or a listener on 80 for the host name, users receive a 404 response. This leads to developing a more complex network topology to handle inbound HTTP request to the host name.

      Possibly allow for an additional option on a listener, that will allow for returning a redirect HTTP code with the proper HTTPS URL, creating a clean/seamless experience for the end user.

      318 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        15 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
      • Support URL rewriting with Application Gateway

        PathBasedRouting is nice, but not super great without the ability to rewrite paths. I am trying to front a Service Fabric cluster, where multiple HTTP services live on http://+:80, at different path prefixes. Would be nice to use Application Gateway to direct https://api.company.com to http://cluster/api, and https://www.company.com to http://cluster/www

        245 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          12 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
        • Let's Encrypt Integration for HTTPS certificates

          It should be possible to define a list of SSL hostnames. Application Gateway should automatically acquire and renew certificates for all given hostnames (most probably through the HTTP domain validation process).

          For every request, Application Gateway should use the correct certificate based on the hostname.

          Supporting multiple hostnames is critical to use Let's Encrypt with multi-site routing.

          164 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
          • Enable Multiple IP addresses for Azure Application Gateway

            Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)

            144 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
            • Allow Mutual SSL Auth on Application Gateway

              At the moment SSL termination is possible with Application Gateway but it doesn't cater for instances where client authentication is required (mutual auth). So if client auth is required, SSL needs to be passed through and terminated on each of the web servers. This increases load across the server farm and makes management of certificates more difficult since all certs need to be maintained on all servers. I believe this function is available with API Management but the additional cost is hard to justify if one doesn't require the other additional features. So having mutual SSL auth capability built into…

              102 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                8 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
              • Add HTTP/2 support to Azure Application Gateway

                Add HTTP/2 support to Azure Application Gateway. HTTP/2 has been around for long enough that this should be supported by now. We were disappointed once again after spending time investigating Azure Application Gateway that this is not supported. We shouldn't have to go backwards to use this service.

                96 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                • Remove Server/Framework Headers From Application Gateway Responses

                  For the sake of security, it would great if we could get the following tags removed from the AG responses:

                  < Server: Microsoft-IIS/8.5
                  < X-Powered-By: ARR/3.0
                  < X-Powered-By: ASP.NET

                  67 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                  • About Idle Timeout on Application Gateway

                    In case when the connection is done via Application Gateway, it shows no response when HTTP connection takes over 4 minutes.
                    I predict the root cause of this issue is due to Azure’s Load Balancer, as it depends on limitations.
                    Therefore, I ask you to change it so we can make the limitation optional.

                    (Japanese)
                    Application Gateway を経由した通信の場合、 4 分間を超える HTTP 通信が発生すると、応答を返さなくなる。
                    この動作は、Load Balancer の制限に依存すると思われるが、これを任意で変更できるようにしてほしい。

                    44 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                    • Increase backend http setting limit on Application Gatway

                      Application gateway has a backend http setting limit of 20.
                      We want to use it in front of Service Fabric and legacy cloud applications.
                      Each of our service fabric apps runs on its own port and so requires a probe, http setting and url rule.
                      We exceeded the 20 fairly rapidly.

                      40 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                      • Allow ACL on Application Gateway for IP filtering via X-FORWARDED-FOR header

                        We have requirements from customers to restrict access via their company subnets. It would be very nice if the App Gateway supported not only the SSL offload but the ability to apply ACLs to allow or deny access via a defined network range using X-FORWARDED-FOR headers.

                        38 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                        • Enable configurable encryption cipher suites and priorities

                          Legacy client applications that call our services are stuck on antiquated platforms like Java 1.6. These clients cannot use the latest/greatest TLS ciphers. There is no intersection of supported ciphers between vanilla Java 1.6 and those ciphers permitted by Application Gateway.

                          Fighting to get customers to patch and upgrade their ERP and other systems in the name of security is often a time-consuming and losing battle.

                          The ability to enable the ciphers of our choice, perhaps (dare I dream?) by source IP, would be an amazing boon to supporting legacy clients.

                          38 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            planned  ·  2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                          • Integration with Key Vault Certificates

                            It should be possible to select HTTPS certificates from Azure Key Vault. Since Azure Key Vault support auto-renewal of certificates, Application Gateway should also automatically update the certificates.

                            35 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                            • Allow web apps to be backend pools in application gateways

                              Instead of requiring an App Service Environment, or Virtual Machines running IIS, allow us to put in the FQDN/IP Address of our Azure App Services.

                              30 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                              • Faster configuration updates

                                I'm experimenting with using App Gateway as a frontend server to do URL routing to one Windows App Service and one Linux App Service, via the portal. I'm an hour in to this process because each and every step takes many minutes to complete.

                                28 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

                                  Thanks for your feedback. We are working on improving the update experience to make it faster. As an alternate suggestion, please note that multiple configuration steps can be combined into a single update via PowerShell or ARM template for faster updates.

                                • Support for dropping port out of x-forwarded-for header

                                  Hi,

                                  I've seen some compatibility issues with the x-forwarded-for header as it comes in on the format IP:Port rather than just IP. It would be useful to be able to adjust this header to just provide IP without the port. I think this should be adjustable, so IP:Port or just IP being available options rather than just one or the other.

                                  This would help x-forwarded-for being easy to parse on systems that only expect the IP to be sent through.

                                  Thanks,

                                  Neil

                                  27 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                  • App Gateway to support an URL length which is greater than 2048 characters

                                    When running MVC applications with federated authentication with IdPs like Azure AD B2C, the OAuth response coming back from AD is always greater than 2048 character url length. This becomes limitation of AG as AG can not be used for application doing federated authentication with various IdPs including Azure AD B2C.

                                    Please remove the 2048 character limitation as well any other request size limitation which could truncate url as well as request body including cookies etc.

                                    21 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      planned  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Allow Static Public IP Address

                                      Hi,
                                      We currently have VMSS running inside a public Load Balancer, that ensures all the apps have the same Public IP address. This is important for us, as we need to be able to publish our IP Addresses for all clients to whitelist.

                                      We really want to move to using the Application Gateway, but can't because it doesn't support static Public IP addresses.

                                      I don't believe there is a work around either?

                                      15 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Allow customization of Application Gateway WAF rule matching

                                        I would like to be able to selectively remove some cookies and some HTTP headers from all rule application scans, on a case by case basis.

                                        Problem Statement:
                                        The web application firewall functionality of the application gateway scans the entire HTTP message, without the ability to customize where the scan will occur.

                                        This leads to false positives where scan pattern matches will detect suspicious characters in URL encoded blobs like security or access tokens, or in other arbitrary places like cookies.

                                        The following Microsoft tools have caused this problem on my environment:
                                        - Kudu tools for web applications
                                        - API…

                                        15 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Support for temporary removing nodes through REST API

                                          It would be great if there was a REST API or something similar we could use to take a node out of rotation without being dependent on the probe detecting it.

                                          Usecase: We run SF behind the Application Gateway. When we update our front-end service, we would like to take it out of rotation before the service is updated. This does not seem possible today, since we have to rely on the probe detecting that a node has gone down. Since the probes have a lag (it probes on a given interval), some users will have a bad experience when…

                                          12 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                          • HEAD requests to monitor health

                                            It would be nice to be able to use HEAD requests for health monitoring instead of full GET

                                            12 votes
                                            Vote
                                            Sign in
                                            Check!
                                            (thinking…)
                                            Reset
                                            or sign in with
                                            • facebook
                                            • google
                                              Password icon
                                              I agree to the terms of service
                                              Signed in as (Sign out)
                                              You have left! (?) (thinking…)
                                              under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                            ← Previous 1
                                            • Don't see your idea?

                                            Feedback and Knowledge Base