Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow ACL on Application Gateway for IP filtering via X-FORWARDED-FOR header

      We have requirements from customers to restrict access via their company subnets. It would be very nice if the App Gateway supported not only the SSL offload but the ability to apply ACLs to allow or deny access via a defined network range using X-FORWARDED-FOR headers.

      87 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  9 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Support server-sent events

      Azure Application Gateway apparently does not support server-sent events. This surprised me, since SSE really is just http. However after quite a bit of testing, and asking on the forum, I can confirm it does not.

      SSE is an arguably better way of doing server push than websockets, which is a lot more complex. We rely heavily on it, so hope it will be prioritized.

      Best regards,
      Alf

      82 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Reorder the Listeners on the Application Gateway

      Recently I was in the need to register additional listeners to an App Gateway. The issue is that the rules and Listeners should be created (at least using the portal) on correct order and the portal don't have any options to change this order.
      As the process of update changes on the Gateway takes a few minutes, this type of change requires a few hours to create a new record, remove, add it again, create rules, etc.
      Using a pattern similar to the NSG where we define a value for the order would save a lot of time.

      81 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. WAF on Application Gateway have a function to allow some exceptional access for prevention mode

      It would be great if WAF on Application Gateway have a function to allow some exceptional access for prevention mode.

      Now, Web Application Firewall feature would be available as part of Azure Application Gateway.

      Currently, WAF on Application Gateway seems to not have a function to exclude from blocking access by any condition.
      So, I would like to request to add this function for WAF on Application Gateway.

      81 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Support for header content size configuration

      After many issues we run into an unsolvable 502 Bad Gateway error, simular to https://stackoverflow.com/questions/48964429/net-core-behind-nginx-returns-502-bad-gateway-after-authentication-by-identitys where the content size is too large in sign-oidc for open id connect post.

      Please add support to edit the values that end up into nginx.conf

      For now we cannot use the Application Gateway and looking into Cloudflare or Nginx Plus with WAF.

      80 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Need a function to URL path rewriting in Application Gateway

      Currently, I know Azure Application Gateway has a function for redirection of URL path based.

      Now, I need a function for rewriting URL path during redirecting a request to backend server.

      For example, When Application Gateway received a HTTP request to http://www.contoso.com/test/*, it redirects the request as /images/* to backend server.

      In other words, I want to set a URL path for backend server in PathRuleConfig in Application Gateway.

      75 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Allow paths in Application Gateway rules to be defined as regular expression

      Currently, Application Gateway rules support only path matches with a wildcard at the end of the string.

      For us it means to rework our routing strategy as the first part of our route is dynamic /<domain>/<controller> (eg. /sales/process). The controllers are shared among domains. Domains can be dynamically created, what disallow us to directly use the current feature to separate only 'process' controller to standalone backend pool.

      We would prefer to be able to define something like '/[a-z]]+/process.*' as a matching criterion.

      67 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Application Gateway WAF needs function.

      Application Gateway WAF hasn't function creating custom rules and operating management UI for regular or custom rules. Also, we hope functional enhancement for WAF logs. We'd like to get the detail message if alert is happen.

      Thank you for your time and consideration.

      61 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Content Compression and Response Caching in App Gateway

      I'd like to see a feature in Application Gateway that allows configuring Content Compression and Response Caching per backend rule. This would be similar to, for example, what Nginx supports through "proxy_cache", "proxy_cache_valid" and "proxy_cache_path" directives.

      61 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Pure internal standard_v2 application gateway

      Currently standard_v2 application gateway must have a public IP to work. Please make it be able to work only with private IP address. This capability is available in standard sku but not in standard_v2.

      52 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Azure Application Gateway - support for default route through NVA FW

      An Azure Application Gateway subnet can't have a UDR with a default route through an Network Virtual Appliance FW or Backend Health will be "unknown" This is due to asynchronous routing between the Azure Monitoring Service, the App Gateway, and the NVA FW. We need a way to create a route exception in the UDR for the Azure Monitoring Services traffic.

      51 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Feature request: Changing idle timeout for Application Gateway with private IP address.

      Currently we can specify timeout only to a public IP address of Application Gateway. But we can’t change the timeout of a private IP of Application Gateway. Can you add a new feature to allow us to specify timeout for private IP address too.

      51 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. When Azure-application-gateway will update with support of TLS 1.3

      Akamai-CDN recommended with TLS 1.3 but Azure-application-gateway is not available with the same.
      Due to this issue, we have see url-access issue over Akamai.
      So we have moved to Azure-traffic-manager\Azure-Load balancer.

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Reduce update times for Application Gateways

      It would be great if the Application Gateway could update faster. Working with AGWs forces me to wait for 15-30 minutes after each update - which wastes a lot of time.

      Working with gateways at AWS feels nearly instant and does not require such long waiting times.
      I'd highly appreciate if Azure AWG updates could become so fast, too.

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Allow multiple hostnames in the same Listener Application Gateway

      Sometimes we share differents hostnames with the same web site.
      Currently, this means that we have to deploy differents listeners in order to provide access to the same backend pool.

      With a 20 listeners limit this solution is a bit expensive...

      Would it be possible to add multiple hostnames/sitenames to listener?

      Thanks in advance

      48 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Change WAF configuration: allow either changing prevention/detection by rule or disabling rule by application.

      Per application request, he wanted to change the WAF configuration to detection mode but this change can affect another applications that are locate di the same application gateway.
      We disable rule 942400 but we want to allow either changing prevention/detection by rule or disabling rule by application.

      45 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Add effective route for gateway subnet UDR

      Allow effective routes to be viewed for troubleshooting when a UDR is applied to a gateway subnet

      45 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Application Gateway (WAF) - document how to get firewall logs

      Please create documentation about how to retrieve Azure App GW firewall log.

      Microsoft does not mention a word about this. - Correct me if I'm wrong. Finally I found a solution on third party (!!!) site: http://francescomolfese.it/en/2018/07/azure-application-gateway-come-monitorarlo-con-log-analytics/.

      Application GW produces these types of logs:
      1. ApplicationGatewayAccessLog
      2. ApplicationGatewayPerformanceLog
      3. ApplicationGatewayFirewallLog – the most important one as it contains logs about security operations (reasons for blocking connections, etc...)

      To retrieve these logs (or at least first 2 of the 3 mentioned above), you have to do this:
      o Go to Log Analytics workspaces in Azure portal --> create or choose…

      42 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Please give feature SSL certificate setup in Azure Load balancer and/or static public IP in application Gateway instead dynamic IP.

      Please give feature SSL certificate setup in Azure Load balancer and/or static public IP in application Gateway instead dynamic IP.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Application Gateway WAF support gzipped content in the request body

      Application Gateway WAF does not support gzipped content in the request body.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base