Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. More granular backend pool monitoring

      The App Gateway as it stands only allows you to monitor the overall (every member of every pool) backend pool health. It does not allow you to alert on a specific backend. One pool may be healthy with one member down and another may be unhealthy with one member down.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Support for gzip compression on response

      I know that Nginx for example do have such thing, is it something that is supported or will be in the future?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Web Application Firewall Exact Exculsion Does Not Work With Full Stops Bug

      Fix the bug whereby an exclusion in the Web Application Firewall WAF which uses an Exact match where the name contains a full stop / period does not work.

      My work around is to use Starts With instead which does not seem to care about the full stops.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Application Gateway support for multiple IPs on backend DNS name

      We are using Docker on Azure. Therefore we have a single DNS name for all containers. It would be great to have support for this. Having a backend pool with a single DNS name like 'myservice.domain' having multiple A records (each one resulting in a separate backend server entry).

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Add "LocalSubnet" and "GateWay" tags to NSG.

      Our subnets rules always have a "Deny All" rule with a priority of 4096 to override the default rule with priority 65000 which allows all VNET traffic. We want to allow all traffic within the same local subnet and all traffic from the Gateway subnet. It would be handy to have tags for these subnets without having to resort to CIDR ranges for each subnet.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow update of TCP timeout for frontend private IPs in Azure application gateway

      Please allow support of updating TCP timeout for private IPs.

      At the moment the TCP Timeout value is available only for public IPs. Would like it to be available for private IPs as well.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    7. Application Gateway Public IP to be allocated to existing Virtual Machine

      We want Application Gateway Public IP to be used and associated with Virtual machine. If we remove application Gateway , its public IP should be retailed.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Use Public IP address with custom DNS label on existing Application Gateway

      The Application Gateway does not allow to get a public IP address assigned, for which the DNS label has been set.
      Error Message: "You can't choose a public IP address that has a domain name label specified."

      When using certificates that are registered on specific CNAMEs, you should be able to set the DNS label of the public IP address of the Application Gateway to match the CNAME.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Increase connection drain limit on Application Gateways

      The Application Gateway has a hard limit of 3600 seconds on connection draining. It would be helpful if this limit were extended up to or over 24 hours.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. SSL labs shows certificate chain issue after TLS protocol and cipher suite changes in Application Gateway

      SSL labs show certificate chain issues after TLS protocol and cipher suite changes in the Application Gateway.

      The same certificate when reapplied to AG with a different name this error gets resolved.
      Its seems that after TLS setting change again uploading certificate is mandatory.
      Again there is no way to delete certificate from AG.
      If we have to adjust the cipher suites and test this creates lot of problems as every time new certificate must be uploaded with a different name

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Disable HTTP request methods on WAF.

      Need configuration option to disable HTTP request methods on WAF such as PUT DELETE OPTIONS etc.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Application Gateway -- Option to Stop/Start from Azure Portal

      It would be nice if we have the option to Start/Stop the Application Gateway from Azure Portal

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Support for EC Elliptic Curve Customization

      Azure Application Gateway custom SSL policies don't seem to allow the customization of the elliptic curves to use like we normally do on Windows Server 2016 for example (via PowerShell "enable-TlsEccCurve" for example). I believe this extra customization option would very useful for specific integration scenarios.

      Thank you,

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Azure Application gateway - Allowed concurrent connection

      1) Tier - WAF , SKU Size - medium

      2) Tier - WAF , SKU Size - large

      3) Tier - Standard , SKU Size - small

      4) Tier - Standard , SKU Size - medium

      5) Tier - Standard , SKU Size - large

      Example: If I'm using WAF with Medium SKU and 8 Instances what will be my limit of concurrent connections.

      Thanks,
      Gulab Pasha

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Support in Azure Security Center for Web Apps behind a WAF inside App Services.

      Support in Azure Security Center for Web Apps behind a WAF inside App Services.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Add support for pointing an Application Gateway backend pools to Traffic Manager profiles

      We'd like to start using URL-based routing for load balancing our web application, but we don't want to lose the auto-failover capabilities of our current TM profiles.

      Ideally, I'd like to point an Application Gateway backend pool to a Traffic Manager Profile (which in turn would point to Azure Web Apps configured in prioritized failover).

      Currently, there's no easy way to do this; if all pool members become unhealthy, you have to failover at the application gateway level to another application gateway. This requires a lot of unnecessarily redundant (and expensive) infrastructure for simply configuring failover for a backend pool…

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Please provide an option to monitor CPU performance of the application gateway at the portal level.

      Please provide an option to monitor CPU performance of the application gateway at the portal level. Since we are not aware of how much CPU is used of the backend instances.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. High security predefined setup

      This will give you an A+ score on ssl policy and should be a predefined setup:


      az network application-gateway ssl-policy set -g resource-group --gateway-name app-gw --policy-type Custom --min-protocol-version TLSv1_2 --cipher-suites TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

      Yet it is not a predefined one. something under the name: max-security.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Current CPU Utilization metrics

      We've 502 failed request. Upon raising a ticket with Microsoft support we found that the Instance count was getting heavily utilized. Can you implement CPU Metrics so that we can do the same thing by ourselves.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. improve application gateway rule description documentation

      When you will improve the documentation to include better descriptions at the rules? Having a rule with a description Rule 981312 doesn't help to know what it does! Enabling all rules have a huge impact on WAF performance and we need to know what exactly each rule does in order to fine tune it.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base