Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Please give feature SSL certificate setup in Azure Load balancer and/or static public IP in application Gateway instead dynamic IP.

      Please give feature SSL certificate setup in Azure Load balancer and/or static public IP in application Gateway instead dynamic IP.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Application Gateway WAF support gzipped content in the request body

      Application Gateway WAF does not support gzipped content in the request body.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Web Application Firewall Cookie Exclusions only exclude Value checking not Name checking

      I understand it is only a Preview, but my feedback on Exclusions... if I create an Exclusion as follows:

      - Field = Request cookie name
      - Operator = starts with
      - Selector = Nonce

      This appears to stop the WAF inspecting the value of any cookie whose name starts with "Nonce". What it doesn't do is exclude the checking of the name of the cookie itself.

      For example a cookie called NonceABC--XYZ would still trigger the SQL Comment Sequence rule.

      This is a problem when an ASP.Net Core application, that uses Open Id Connect authorisation, is put behind the Application…

      37 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Remove NSG validation from App Gateway V2 deployment

      This is more of a bug report than an idea.
      I tried deploying new WAF_V2 app gateway through ARM templates. My gateway subnet has a hardened NSG applied.
      Validation is applied to check whether certain traffic is blocked to the gateway. I have many problems with this:

      1) The validation is never satisfied with my rules. It will only be satisfied when I have my entire VNET way too open.
      I am refering to this error message when deploying:
      "Network security group <NSG_ID> blocks incoming internet traffic on ports 65200 - 65535 to subnet <SUBNET_ID>, associated with Application Gateway <GATEWAY_ID>.…

      36 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Add functionality to Application Gateway for routing based on HTTP headers

      The ability to route traffic to backend pools depending on HTTP headers would be much appreciated. At the moment the only way to do this is with a function app.

      32 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. mutual TLS authentication on Application Gateway

      To verify authenticity of client sending traffic to Application Gateway, its required to have mutual TLS authentication.
      For use cases such as : Using a 3rd party caching or WAF tier like Akamai send traffic to AG, we would require mutual TLS.

      Currently we could limit source by IPs by putting an NSG rule. But cryptographic identity verification is the correct approach. Towards this I would like to request Mutual TLS.

      31 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Support for drainstop in Azure App Gateway

      Traditional loadbalancers support the following states, to facilitate performing maintenance on a system of multiple nodes gracefully:
      Enabled (All traffic allowed)
      Disabled (Only persistant or active connections allowed)
      Force Offline (only active connections allowed)

      When a application gateway node is "unhealthy" it only allows active connections. We are looking for a way to force a node into an "unhealthy" state.

      The currently supported method is to use a custom probe that checks a file/path. I would like a solution that doesn't involve making changes on the server going into maintenance mode.

      30 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. There is no way for us to find the private IP assigned for the application gateway in the back end. Hence please improve this feature.

      There is no way for us to find the private IP assigned for the application gateway in the back end. Hence please improve this feature. Please have it enabled for the GUI, so that this can be use full to troubleshoot any network issues.

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. application gateway monitor

      Application Gateways need more troubleshooting tools. The healthy/unhealthy logging is almost useless. We need to be able to initiate a ping/netcat from the AppGw to a host to verify connectivity. We also need to be able to see the DNS cache or see a log correlating incoming requests with outgoing requests by hostnames and IP addresses,

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Azure AppGateway same port cant be used on both private and public IP

      Currently we have an app gateway deployed, we have several listeners that are on a private IP address, (for internal users) the plan was to also make these sites available on an external IP on the same app gateway.

      However it appears once a port has been assigned in a listener, it can not be assigned to another listener with a different front end port.

      A ticket was raised with MS ref: :118062518450635.

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    11. Support for temporary removing nodes through REST API

      It would be great if there was a REST API or something similar we could use to take a node out of rotation without being dependent on the probe detecting it.

      Usecase: We run SF behind the Application Gateway. When we update our front-end service, we would like to take it out of rotation before the service is updated. This does not seem possible today, since we have to rely on the probe detecting that a node has gone down. Since the probes have a lag (it probes on a given interval), some users will have a bad experience when…

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. TLS 1.3 and HSTS Support for Azure Application Gateway

      This is about a feature request for an Azure Application Gateway to support TLS 1.3 and HSTS.
      At least HSTS is just a secure header which should be trivial to implement.
      I`m looking forward to a feedback.

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    13. Pathbased rules are case sensitive for WAF_v2

      Hello,
      It seems as the 'Paths' of Pathbased rules of Azure Application Gateway with tier 'WAF_v2' are case sensitive.

      f.eks: when pathbased rule path is /foo, only 'http://gatwaydns:port/foo'; will fire that path rule while 'http://gatwaydns:port/Foo'; will not.

      this can become blocking if there exist multiple clients where case sensitivity has not been of consirn.

      Please fix.
      Thanks.

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Deployment Slot support within the Application Gateway

      The Web App deployment slots are a great feature, really useful however, they don't really work elegantly when the site is protected by an application gateway.

      The current behaviour means that the app gateway needs to be “aware” of the active deployment slot, this really isn't something that it should be aware of.

      For example:

      Website:
      Slots:
      Production
      Staging
      Development

      By default, the URLs would be something like:
      client.azurewebsites.com
      client-staging.azurewebsites.com
      client-development.azurewebsites.com

      The application gateway would be configured to listen for client.azurewebsites.com as this is the production URL.

      In order to switch staging to be the production site, two steps would…

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Application Gateway, App Service and ARRAffinity

      We are trying to route all our app service traffic through application gateway.

      We have the apservice running on multiple instances and arraffinity is enabled on the appservice

      When we route the traffic through applicationgateway i note that the arraffinity cookie is being removed, as such user sessions switch across appservice instances and our application does nto work correctly

      I tried enabling session affinity on the http setting but it still doesnt work

      What is the correct setup to allow app gateway to be used with appservice and arraffinity

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Capability to apply WAF rules to each path rule.

      One of the customer wants capability to apply WAF rules to each path. Can you consider that?

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Application Gateway v2 "trusted root certificate" configuration via portal

      To configure end-to-end encryption with Application Gateway v2, cer is not supported for Backend Authentication Certificates under the HTTP settings. Using this will result in an error stating authentication certificates are not supported for v2. A Trusted Root Certificate should be configured for v2. This option seems to only be availalbe via powershell and not through the Azure Portal.
      Please update the portal configuration options under "Add HTTP Setting" to allow adding Trusted Root for v2 gateways and not just Authentication Cert.

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Application Gateway should support OAuth2 and/or JWT token validation

      Azure Application Gateway should support OAuth2 and/or JWT token validation so it can be used as a reverse proxy.

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Retry policy for failed requests on Application Gateway

      To reduce the number of 502 bad gateway requests that are served up Application Gateway should have a retry policy for failed requests, allowing it to move the the next available server. This would be especially useful when used in front of Service Fabric where services are moved between servers.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      unplanned  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. HEAD requests to monitor health

      It would be nice to be able to use HEAD requests for health monitoring instead of full GET

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base