Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow Mutual SSL Auth on Application Gateway

      At the moment SSL termination is possible with Application Gateway but it doesn't cater for instances where client authentication is required (mutual auth). So if client auth is required, SSL needs to be passed through and terminated on each of the web servers. This increases load across the server farm and makes management of certificates more difficult since all certs need to be maintained on all servers. I believe this function is available with API Management but the additional cost is hard to justify if one doesn't require the other additional features. So having mutual SSL auth capability built into…

      1,560 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      84 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Support URL rewriting with Application Gateway

      PathBasedRouting is nice, but not super great without the ability to rewrite paths. I am trying to front a Service Fabric cluster, where multiple HTTP services live on http://+:80, at different path prefixes. Would be nice to use Application Gateway to direct https://api.company.com to http://cluster/api, and https://www.company.com to http://cluster/www

      1,252 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      50 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      URL rewrite for Application Gateway v2 is currently in public preview! With this, you can now rewrite URL path and query string parameters based on a condition. The condition will be on request or response parameters.

      Also, you get the ability to choose the routing to a backend pool based on the original URL or the rewritten URL.

      We’d love for you to try it out and let us know your valuable feedback. Learn more here – https://aka.ms/urlrewritepreview and https://aka.ms/urlrewriteconfiguration

    3. Application Gateway: Support wildcard hosts in listeners

      Our product creates dynamic DNS zones for our customers, e.g. foo.z1.contoso.com, bar.z2.contoso.com, etc. We use Azure DNS for this. (Notice that we stripe our customer's domains across multiple zones (z1, z2), because Azure DNS has a max record count of 5000.)

      So, to support this, we have a wildcard SSL certificate for each zone e.g. .z1.contoso.com, .z2.contoso.com.

      In order to have Application Gateway provide SSL termintation for us, we obviously need to create Multi-site listeners for port 443. Unfortuantely, the 'Host' field on the Multi-site listener does not accept wildcard entries. Furthermore, specifying the host name 'z1.contoso.com' does not appear…

      1,086 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      53 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Let's Encrypt Integration for HTTPS certificates

      It should be possible to define a list of SSL hostnames. Application Gateway should automatically acquire and renew certificates for all given hostnames (most probably through the HTTP domain validation process).

      For every request, Application Gateway should use the correct certificate based on the hostname.

      Supporting multiple hostnames is critical to use Let's Encrypt with multi-site routing.

      701 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Azure Application Gateway WAF Mode Increase Limit on SecRequestBodyLimit

      When we have the WAF set to prevention mode some of our HTTP post are denied with code 413.

      Request body no files data length is larger than the configured limit (131072).. Deny with code (413)

      Can you make these two settings configurable on the WAF?

      SecRequestBodyLimit
      SecRequestBodyNoFilesLimit

      Thanks
      Mark

      637 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      36 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Hibernate/pause a resource group or subscription

      After talking to one of your Senior Support Engineers, they suggested I made a feature request for this.

      I'd like to be able to pause, hibernate or otherwise stop a resource group or subscription so that it incurs minimal costs when not in use. I'm suggesting resource group or subscription as one may be easier to implement than the other. Ideally this would be done through ARM but I’d settle for doing it via PowerShell if needed.

      I appreciate that VMs can be deallocated but we found that a customer's solution was still using approximately £200 a month due to…

      552 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Increase listener limit for Application Gateway

      Application gateway has a very low listener limit (20 listeners / certificates). This severely limits it's usefulness for multi-tenant/domain applications where a web farm / service hosts many endpoints. IIS itself has no such small limit, but due to constraints on certificate deployment in cloud services, Application Gateway is the only clear path to wide scale SNI based SSL hosting. With it's low limit, it does not come close to meeting our use case. I would suggest the limit be removed or set to a very high limit like 10k+ so many certificates could be bound to host many different…

      441 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      24 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Enable Multiple IP addresses for Azure Application Gateway

      Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)

      408 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      19 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Support for both public and private IP at the same time is available on both V1 and V2 SKU. Customers can host multiple sites behind the same IP and port using multi-site listener today.

      Support for allowing same port on both public and private IP is in the roadmap.

    9. TLS 1.3 and HSTS Support for Azure Application Gateway

      This is about a feature request for an Azure Application Gateway to support TLS 1.3 and HSTS.
      At least HSTS is just a secure header which should be trivial to implement.
      I`m looking forward to a feedback.

      385 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      15 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    10. Application Gateway V2 support of UDR

      Deploying a Application Gateway in a subnet with an UDR is needed in enterprise networks. For example if you advertise the default route from a ExpressRoute connection,.

      347 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    11. Authentication support for application gateway

      For lift & shift of legacy systems, application gateway is very useful as we have different kinds of backends (VMs, service fabric, other PaaS services, etc.). The only missing capability is authentication, so we have to implement and configure authentication in various services, which is a big overhead. Otherwise, we have to give up application gateway but set up Nginx VMs instead.

      I have also looked at Azure API Gateway, but it seems to be too specialized for public APIs but our services also service static contents and ever-changing private APIs without swagger definition.

      265 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. WAF on Application Gateway needs a function to exclude some condition like a trusted node.

      Now, Web Application Firewall feature would be available as part of Azure Application Gateway.

      Currently, WAF on Application Gateway seems to not have a function to exclude from blocking access by any condition.
      So, I would like to request to add this function for WAF on Application Gateway.

      Acutually, Many WAF product could exclude particular access from blocking like a trusted node.

      254 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    13. Support IPv6 in Application Gateway front-end public IP

      Support IPv6 in Application Gateway front-end public IP

      220 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Enable the use of Azure App Service Certificate with Azure Application Gateway

      Today, you have to manage your certificate yourself and provide to Azure Application Gateway a .pfx file.
      It would be great if we can have in Azure Application Gateway the same integration we have between Azure App Service and Azure App Service Certificate in order to handle the purchase, renewal, configuration and security of our certificates.
      As far as I know, the ASC team has done a seperate Resource Provider and it might be easy to integrate it with other services such as Azure Application Gateway.

      205 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Support server-sent events

      Azure Application Gateway apparently does not support server-sent events. This surprised me, since SSE really is just http. However after quite a bit of testing, and asking on the forum, I can confirm it does not.

      SSE is an arguably better way of doing server push than websockets, which is a lot more complex. We rely heavily on it, so hope it will be prioritized.

      Best regards,
      Alf

      206 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  11 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Insight in Azure application gateway performance

      Currently there is no way to view usage statistics of the Azure application gateway. Information I would like to see:


      • Per hour performance statistics (e.g. nr of connections, bandwith, CPU usage, etc.)

      • Advice on number of required instances based on metrics from last few days with recommendations to increase or decrease the number of instances

      Regards,

      Jan-Willem

      191 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. mutual TLS authentication on Application Gateway

      To verify authenticity of client sending traffic to Application Gateway, its required to have mutual TLS authentication.
      For use cases such as : Using a 3rd party caching or WAF tier like Akamai send traffic to AG, we would require mutual TLS.

      Currently we could limit source by IPs by putting an NSG rule. But cryptographic identity verification is the correct approach. Towards this I would like to request Mutual TLS.

      183 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Web Application Firewall Cookie Exclusions only exclude Value checking not Name checking

      I understand it is only a Preview, but my feedback on Exclusions... if I create an Exclusion as follows:


      • Field = Request cookie name

      • Operator = starts with

      • Selector = Nonce

      This appears to stop the WAF inspecting the value of any cookie whose name starts with "Nonce". What it doesn't do is exclude the checking of the name of the cookie itself.

      For example a cookie called NonceABC--XYZ would still trigger the SQL Comment Sequence rule.

      This is a problem when an ASP.Net Core application, that uses Open Id Connect authorisation, is put behind the Application Gateway and the…

      180 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Is it possible to expose Azure blob storage via Application Gateway

      Expose Azure blob storage via Application Gateway.

      I would like to remove public access for Azure Blob and only make it accessible via virtual network. The Azure Application Gateway will be public facing which does the SSL termination and forwards the request to blob.

      This would allow scanning for malicious content via virtual appliances before content is stored in blob.

      179 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. WAF file size limit to be increased

      Currently as the WAF limit is set to 100mb, we cannot process our large files which could hit 500mb for example.

      Can you please increase the WAF file silze limit? To possibly 1GB / 2GB

      168 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 10 11
    • Don't see your idea?

    Feedback and Knowledge Base