Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Direct Traffic to External web page when all nodes in a pool are down

      Ability to redirect incoming request to external webpage when all nodes in the backends pool are shutdown. Users will get this information information during maintenance/outage.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. We need the AppGw supports SNI for multiple end-to-end SSL sites(Different Certificate on backends)

      We have configured multiple end-to-end SSL sites on AppGw with different certificate, but AppGw doesn't support SNI when probe or forwarding traffic to backend. As a result, we have to configure the same certificate for my all virtual hosts on the backend. Could you please add this SNI feature in the AppGw future version?

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Application Gateway: SSL Offload: OWASP Header support

      Application Gateway: SSL Offload: OWASP Header support

      When using an Application Gateway to provide SSL offloading, there are no OWASP security header options. Without them, sites using ssl offloading will remain vulnerable to multiple attacks.

      Adding a security headers section to the WAF rules area will allow these to be set for SSL offload sites (and ssl passthrough ideally also). Alternately, these could be tied to each listener or the ssl policy.

      This would allow sites that depend on these headers for COMPLIANCE in their industry to use this product without having to configure an expensive workaround for this basic…

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow setting intermediate certificates for SSL

      Application Gateway does not support setting intermediate certificate. Some CA provide leaf certificates that do not include all certificates in the certification path. When AG does not has the intermediate certificate, we need to manually create a certificate with the intermediate one.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. support ESI (Edge Side Includes) in the Application Gateway and CDN like Vanish or Akamai.

      ESI can be a great feature for server side content based integration ( transclude of html fragments ) in a microservice architecture. For more information please read : ( https://gustafnk.github.io/microservice-websites/#integrating-on-content ).

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Streamline SSL Certificate Renewal

      I have a SAN SSL certificate that contains 6 different addresses, these each have their own listeners etc. To apply a renewed certificate today I've spent 4hours with Azure support, adding the new certificate, updating each site to use the new certificate one by one, and then going through the HTTPSettings and changing the certificate over in there for each site as well.
      In IIS this is much simpler, I add the new certificate and update the binding on one website and all sites are updated - done, in 1minute.
      In summary making it quicker and simpler to update a…

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Auto-scale for Application Gateway

      I hope Application Gateway instance can increase with auto-scale.

      If it has this feature, we dose't need to add instance for many web access.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Azure Application Gateway CPU Utilization Metric

      The Application Gateway offering provides quite a few useful metrics, but lacks some core performance metrics. Please, at a minimum, provide a metric and alert for CPU utilization of the instances behind an Application Gateway. When CPU utilization is not monitored at this level, it can affect the performance of dependent applications.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Prioritize Multi Site rules over Basic rules

      Currently, basic rules take precedent over multi-site rules. Logically you want to go from granular to generic, so this really should work the other way around. For example, if i have a multi-site rule for sitea.com on port 443 that uses backend pool a and a basic rule that forwards everything else on 443 to pool b currently everything will go to pool b instead of the filtering action occurring.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Need more information from Log Analytics for App Gateway.

      We see 400 errors in Log Analytics. We don't see these connections on the web servers. We think the App gateway is dropping traffic. Support doesnt seem to know why this happens. We don't have enough good information to track these issues. requestQuery_s is blank, MS support cannot tell me what this is, let alone what it means if it is blank.
      We need more information.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Azure WAF v2 is not recognized by Azure Security Center as security solution and it has not mentioned anywhere.

      Azure WAF v2 is not recognized by Azure Security Center as a security solution and it has not mentioned anywhere. The details that are provided is not enough to understand that it is not being recognized as below.

      Partner solution name: Application Gateway

      Type: Saas-based Web Application Firewall
      Integration mode: Semi-automatically provisioned
      Status : Not reported

      Status has never been reported to Azure Security Center. Usually this means that this security solution isn't configured yet. It is recommended you login to the security solution management console to finalize the initial configuration

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. WAF (Application Gateway) Listeners limit increase from 100 to 200

      We had issue regarding creating more than 100 listeners in Application Gateway, and found that there is a limitation of 100 listeners maximum which is very annoying because there is always scenarios where customers need to create multiple bindings for websites\domains, and then we need to create listeners for the same. I logged a case with MS and the response is not satisfying that MS can not increase limit from 100 to 200, MS will consider it in future.

      I had to create more listeners for my requirement which increased complexity in my architecture and cost as well.

      Please increase…

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    13. Mutual SSL

      We ran into a limitation of the App GW today when the scenario required mutual SSL auth between the client IoT device and the backend server. Our Application Gateway always acts as a proxy to terminate incoming traffic and create new connections to our backend pools (SSL end to end).

      My team is looking for a way for the Application Gateway to include part of the client certificate in a header. Something that would be a unique to the client reaching out so that the backend could authenticate as needed.

      Please support this feature functionality!

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Increase Url query size for Application Gateway

      The size of Url for Application Gateway is 8k. But the size of Url query (as a part of Url) is only 2k.
      It will be great if there are no limits for query size in Url.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Application Gateway Disable Probe

      It's impossible to host non-HTTP processes behind an application gateway due to the health probes. I run a Service Fabric cluster and want the TCP management endpoint (19000) to be available through the gateway so I can take advantage of other offerings. The endpoint is marked as dead since it doesn't respond to HTTTP/S requests. If the AGW could support TCP health checks or allow marking a service as always-up I could accomplish my goal.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. support VPN tunnels with multiple end points on premise from one azure instance using policy-based tunnels.

      support policy based tunneling to multiple sites from one azure gateway.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Need ability to set Maximum file upload size as a property for V2

      Our hosted solution requires uploads larger than 2GB for some applications like uploading a large video. We need a user setting for the maximum file upload on the V2 AGW.

      The current documentation is also not clear. It says: The following table applies to v1, v2, Standard, and WAF SKUs unless otherwise stated. There are specific stated mentions of the 2GB limit for Standard and WAF and there is no specific limitation mentioned for v2.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Add functionality to Application Gateway for routing based on HTTP headers

      The ability to route traffic to backend pools depending on HTTP headers would be much appreciated. At the moment the only way to do this is with a function app.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Application Gateway: Set DNS name for frontend IP in wizard

      When creating a new Application Gateway via the portal, you are prompted to set a frontend IP. This IP is then allocated a randomly generated dns name which cannot be changed. I'm guessing that most people do not want a random name for their public facing address.

      Please allow a name to be specified in the wizard and/or the name to be changed after the fact.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Application Gateway

      The notification for all the processes is generic. For example - if you are updating a listener or you are updating a Backend HTTP Pool, the notification is generic, and it is not possible to distinguish as to which process is taking how much time, or which process is currently in progress.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base