Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Application Gateway: support reuse of same azure vault stored certificate

      Problem: If you deploy a gateway with more than one secure (443) listener then you cannot use the same vault stored certificate as they must have unique names.

      See:
      https://feedback.azure.com/forums/217313-networking/suggestions/17523370-application-gateway-support-for-wildcard-ssl-cert
      Comment from Product at release time:
      You can associate the same certificate with multiple listeners. Please do not define the same certificate multiple times. Currently the certificate details must be unique – however the certificate could be reused across listeners.

      Scenario:
      You have multiple environments held in various vms/clusters/app service e.g.
      dev.domain.com
      test.domain.com
      pentest.domain.com
      uat.domain.com
      cutomer-uat.domain.com

      You have a wildcard certificate stored in vault and you want to reuse the…

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Better diagnostic message in AppGW on startup

      We have had instances of restarting app gw where during startup process the app gw ended up in a fail state without any diagnostic messages being available. RCA has shown that it has been due to DNS misconfiguration so FQDN for backend services hasn't been able to be resolved. This kind of error should yield an error log/diagnostic message so it easily can be rectified without opening a resource case. To further the issue a restart without a PUT operation actually doesn't change the DNS configuration so a restart should force a reread of all configurations and settings and clearing…

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Make Application Gateway v2 available in Swiss regions

      We have several application gateways in both Swiss regions. However v1 have many limitations and we would like to use v2.

      Please make it available in both Swiss regions.

      21 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Azure Application Gateway: Support backend health status when using user defined routes

      Currently, if you have a security requirement to use User Defined Routing through a network virtual appliance firewall, health status of Azure Application Gateway doesn't work.

      This should be redesigned so it's an outbound connection from the application gateways to Azure's monitoring infrastructure rather than it needing to be an inbound connection.

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Rewrite header rule dose not work well using redirect rule.

      When I attached rewrite header rule to a request routing rule with redirect, I confirmed that the rewrite rule did not work. I hope we can use rewrite header rule with redirect rule.

      10 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. One click add Application Gateway to AKS Ingress

      Right now adding Application Gateway to AKS is a disastrous mess of endless commands.

      This should be no more difficult than going to Networking under AKS and picking the Application Gateway to Install and clicking Add. (Or delete one that's already in there)

      And it should be a one liner using az.

      9 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Deprecate use of Cipher Block Chaining cipher modes - TLS_RSA_WITH_AES_256_CBC_SHA256

      App Gateway is REQUIRING a WEAK CIPHER be enabled

      See: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-configure-ssl-policy-powershell#configure-a-custom-ssl-policy

      ==Important==
      TLSRSAWITHAES256CBCSHA256 must be selected when configuring a custom SSL policy. Application gateway uses this cipher suite for backend management. You can use this in combination with any other suites, but this one must be selected as well.

      As of May 2019 - SSLLABS is identifying cipher suites using CBC as WEAK - https://blog.qualys.com/technology/2019/04/22/zombie-poodle-and-goldendoodle-vulnerabilities#comment-303228

      45 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Transform incoming URLs to lowercase

      Some applications behind the app gw can be case-sensitive. Especially when working in a bundle with Identity providers. Would be great to have ability to create custom rules where you can transform all incoming URLs to lowercase or uppercase.

      46 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Reserved price

      We are using application gateways extensively. but there is no reserved pricing in for AG. We need reserved pricing similar to VM and postgres PASS

      2 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Application gateway support 99.95 SLA. We are using many azure resources in implementation and effective SLA is coming down due to AG. Other

      Application gateway supports 99.95 SLA. We are using many azure resources in implementation and effective SLA is coming down due to AG. Kindly provide/improve the SLA to 99.99

      2 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Restrict outbound access for AppGw V2

      Hi Team,

      For AppGw V2, outbound internet connectivity can't be blocked, keep outbound NSG rule as default, this will lead security concern for Bank/Gov customers. Please consider to improve this limitation such as allow access to dependency and then block default.

      Thank you!

      Thank you!

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Support App Service SSL certificates stored in Key Vault secrets for listeners on Application Gateway

      It seems like MS is 1 step away from having an extremely sticky functionality that seems like a no brainer.

      We have App Service Certificates. They are not "standard" but they work amazingly.

      They happen to be stored in the KeyVault in a really annoying way as a special data type. They are able to be auto-rotated, purchased through the portal, and create a lock in to the platform.

      Why cant we use these in the Application Gateway? It would GREATLY trivialize using it.

      10 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Azure Application Gateway file upload limits

      Recently I'm working with the Azure Application Gateway and when I try to upload a file I got the response 413 Entity Too Large. I read about it and the limits for the file upload are for 2GB but I'm very confused because I uploaded successfully a file of 3.2 GB. Is there any changes in these limits?. It fails when I try to upload a file of 4.6 GB. I'm using Standard_v2 SKU size.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Add REST APIs and SDK to manage Application Gateway child resources

      (following github issue https://github.com/Azure/azure-rest-api-specs/issues/8252)

      Hi,

      Currently, REST API and SDK (go, javascript, ...) does not provide way to manage Application Gateway child resources (backend address pools, frontend ip configurations, load balancing rules, ...).

      However, it's possible with the AZ CLi.

      Could the REST APIs and SDK be updated to allow it?

      Regards,

      134 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Allow creation of an empty application gateway

      (Following github issue https://github.com/Azure/azure-rest-api-specs/issues/2313)

      Hi,

      currently it is not possible to create an empty application gateway without frontend and backend configuration. so it is not possible to create an application gateway step by step.

      Could you allow the creation of an empty application gateway? then one could split the creation of an application gateway into multiple parts as requested in terraform-providers/terraform-provider-azurerm#727

      More details in the github issue

      59 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Application Gateway TLS-ALPN-01

      For use cases where we have a backend machine doing LetsEncrypt domain ownership proof, to use Letsencrypt TLS-ALPN-01 we need Application Gateway to be, as the page below states, a "TLS-terminating reverse proxy". Do we currently have such capabilities. Are we looking into poviding such capability in the future? Thank you.

      https://letsencrypt.org/docs/challenge-types/

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Resource explorer using old API api-version=2018-07-01

      Anytime I try to use the Azure resource explorer to make changes to the V2 app gw I get the below error but when I use the portal or powershell, no errors. could this be caused by the old API version used ? api-version=2018-07-01

      {
      "error": {

      "code": "MissingIdentityIds",
      
      "message": "The identity ids must not be null or empty for 'UserAssigned' identity type."

      }
      }

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. ILB only mode for Application Gateway V2

      https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-autoscaling-zone-redundant#differences-with-v1-sku

      We are using Application Gateway regularly on internal services and we want to use V2 mainly because its faster, but we don't want to expose our services externally even by mistake - so because there is public frontend ip address, it is no-go far us until there ILB only is possible.

      19 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Add X-Forwarded-For information in Application Gateway Access log

      If we have other Layer 7 Load Balancer like Cloudflare load balancer uses in front of AppGw, we are not able to obtain real client IP. Imagine Cloudflare load balancer inserts X-Forwarded-For info before forwarding request to AppGw, can we add X-Forwarded-For information in Application Gateway Access log?

      154 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Application Gateway handling the Query parameter on back-end

      In application gateway HTTP settings when we use "override back-end path" option, it is stripping out the query parameter and retains only the resource path.

      Eg: https://<<HostName>>:443/resurcepath/invoke?api-version=2016-10-01&number=5

      It retains only "https://<<HostName>>:443/resurcepath/invoke" and ignoring "?api-version=2016-10-01&number=5"

      It will be good to retain the query parameters without doing any URL redirection etc

      38 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base