Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Add more metrics to better analyse capacity, firewall violations, etc

      Analysis via Log Analytics is useful, but it'd be nice to have some predefined reports or "blades" in Azure Portal to analyse events, throughput, capacity/utilization.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. HEAD requests to monitor health

      It would be nice to be able to use HEAD requests for health monitoring instead of full GET

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Add MTOM support to the Microsoft WAF

      We currently have a use case for utilizing MTOM to more efficiently transmit binary data in a SOAP-based service.

      We are also trying to place the application behind a Microsoft WAF in Azure, but are unable to do so due with the WAF in prevention mode as the WAF does not currently support/allow MTOM requests.

      We reached out to Azure support and were told that:

      "MTOM is not supported and it's not yet on implementations plans".

      We are requesting that the Microsoft WAF team add support for making MTOM calls to a service that go through the WAF.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Show domain in logs

      The access logs for the application gateway only show the routes. We use a single gateway to host multiple sites and some have similar folder structures, this makes evaluating access and tracing issues a bit difficult. It would be great if the actual domain (http://www.something.com) was listed in there too.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Application Gateway Performance

      We have two large instances of Application gateway on our application which is a connected client application using long polling. When we did load testing, gateway starts to give 503 with just 10k connections whereas our back-end application just works with just 7 % CPU. When we raised ticket we got a response saying it is as per design. We did not expect this from Application gateway.
      Can you please let us know what is performance metrics of Application Gateway.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow Application Gateways to be moved between subscriptions

      Applications Gateways currently can't be moved between subscriptions.

      Allow them to be moved between subscriptions.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Application Gateway v2 "trusted root certificate" configuration via portal

      To configure end-to-end encryption with Application Gateway v2, cer is not supported for Backend Authentication Certificates under the HTTP settings. Using this will result in an error stating authentication certificates are not supported for v2. A Trusted Root Certificate should be configured for v2. This option seems to only be availalbe via powershell and not through the Azure Portal.
      Please update the portal configuration options under "Add HTTP Setting" to allow adding Trusted Root for v2 gateways and not just Authentication Cert.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow APGW redirection from the root path

      Allow an Application Gateway's path-based rules to accept a forward slash ( / ) as a valid path.
      As of the time of writing this, trying to save such a configuration results in the following error:

      failed to save configuration changes to application gateway 'APGW_NAME'. Error: Path / should have a nonempty match value followed by '/' in PathRule RESOURCE_GROUP/providers/Microsoft.Network/applicationGateways/APGW_NAME/urlPathMaps/RULE_NAME/pathRules/REDIRECT_RULE_NAME'>APGW_NAME/RULE_NAME/REDIRECT_RULE_NAME.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Accept request only from specific source IP address

      I'm raising this again as the original from someone else was declined, possibly due to lack of clarity on purpose.

      On an app gateway that has multiple listeners, there might be a need for listener A to be accessible from IP x and listener B to be accessible from IP y.

      Using an NSG, only the whole of the App Gateway can have rules associated with it. I can't have listener A accept from one IP and listener B from another as listeners do not have a distinct identity that can be referenced in an NSG.

      The only way around…

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Support traffic fork/shadowing/mirror on application gateway.

      Support traffic fork/shadowing/mirror on application gateway. Sometimes we need send shadow traffic to a testing/staging environment, and the best place to do this is layer 7 load balancer..

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Headers to identify health monitoring requests

      My ApplicationInsights logs show all the health requests done by AG to monitor the health of the system.
      I'd like to have the possibility to recognize health requests through specific headers so that I can skip standard HTTP pipeline and immediately return 200 status code, without logging the request

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow control of the ARRAffinity set cookie response header

      Problem:
      When a request for contoso.com hits an Azure App Gateway and the back end is routed to contoso.azurewebsites.com, the set ARRAffinity cookie response includes the optional domain attribute (as per RFC6225 Page 22) that specifies "contoso.azurewebsites.net". causing the user agent to never write the cookie since the Domain attribute doesn't match the requested domain.

      Proposed Solutions:
      Solution #1
      Give us a way to disable the Set Cookie: domain attribute similar to the way we can add a "Arr-Disable-Session-Affinity" response header to disable the cookie entirely. I'm suggesting an "Arr-Disable-Session-Affinity-Strict-Domain" response header to tell the ARR proxy not to write…

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. URL path management

      It would be nice to have ability to allow/block some path of the hosted sites:
      /page1/subpage1/subpage2 - allow
      /page1/subpage1 - block
      / - block
      or at least to allow/block only one page.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. To improve portal user experience for Application Gateway configuration

      Application Gateway is a combination of backend pool, backend HTTP settings, listeners, custom probes and rules. Most of the time, to make changes, it is necessary to update more than one of the above mentioned settings (pool, HTTP setting, listeners, rules). Each settings are placed on different UI blades and takes nearly 3 - 10 mins to make single setting change getting reflected.

      Feedback: Make a Wizard kind of interaction that will enable to specify all desired setting changes at once, then let apply these changes in a single shot behind the scenes.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Allow both ExpressRoute and VPN Virtual Network Gateways on a single VNet

      We have several clients who require both a ExpressRoute Gateway to connect from their on-premises network, AND a VPN connection between the same VNet and another VNet (Either in the same subscription, or in a different subscription.

      An example is a client who wishes to use their subscription to host database servers that can then replicate certain data sets across to an other companies subscription via a VPN connection.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Start and stop Application Gateway on Azure portal

      Just like ios and andoroid's Azure app, I want the Azure Portal to be able to start and stop Application gateway.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Update activity logs to contain specific configuration change information.

      Currently the Activity Logs in Application Gateway just convey the information that configuration was updated at a specific time by a specific user.
      It should also contain the information about the specific configuration that was done or updated.
      Please refer the Support request number: 118121226003062 I had raised for the same shortcoming of Activity Logs.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Application Gateway WAF: need the ability to adjust rule 911100 list of methods

      API management allows additional methods such as PATCH, PUT, DELETE and TRACE which some companies use in their API's.

      The default WAF list under rule 911100 is GET HEAD POST OPTIONS which is not sufficient and leads to the disabling of the rule in the application gateway WAF in front of API Management.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Direct Traffic to External web page when all nodes in a pool are down

      Ability to redirect incoming request to external webpage when all nodes in the backends pool are shutdown. Users will get this information information during maintenance/outage.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. We need the AppGw supports SNI for multiple end-to-end SSL sites(Different Certificate on backends)

      We have configured multiple end-to-end SSL sites on AppGw with different certificate, but AppGw doesn't support SNI when probe or forwarding traffic to backend. As a result, we have to configure the same certificate for my all virtual hosts on the backend. Could you please add this SNI feature in the AppGw future version?

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base