Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow to customize behaviour of 949110 WAF Rule

      Currently WAF signatures even though in detect mode can start to block if the preset threshold of 949110 (not user available) is reached. This is not helpful as we getting too many false positives and unfortunately we need to disable signatures completely instead of putting it in detect mode so that real attacks can get logged atleast.

      Can we have this rule 949110, be made available to user for customization of threshold and behaviour according to our environment?

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Bug in Application Gateway Path Based Rules Redirection Configuration to External Site

      There is a bug in the "Rules" section of the "Application Gateway".
      Create a new path based rule for a multi-site Listener with HTTP HTTP settings.
      In this rule, add a new redirection configuration, to an EXTERNAL SITE.

      The "Include Path" checkbox is disabled. It is enabled only for the Listener case.
      Create the rule. The Include path value is null (verified through powershell az module and by the fact that the actual redirection does not work).
      I managed to enable this switch, via az powershell modules and all worked as expected.

      PLEASE FIX

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Instance IPs of Application Gateway are not visible in Portal

      In our usecase, external facing App Gateway(AG) will forward the traffic to PaloAlto virtual firewalls and firewall will NAT traffic to internal AG. Every application will have it's own external & internal AG. The NAT policy in firewall cannot use external AG subnet as source, you will have to identify instance IPs of each external AG and create NAT policy based on that. At the moment only Azure support have visibility to instance IPs, these IPs need to be exposed to Portal.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. azure application gateway websockets latency metric

      When using websockets together with Azure Application Gateway, you end up with artifically increased latencyd in the ApplicationGatewayPerformanceLog. Indeed, all the 101 (websockets) connections remain pending, which is a normal behavior and their duration gets recorded by the gateway. The problem is this normal behavior increases the average latency of all requests (including non-101) and there is no way to filter 101 out of the ApplicationGatewayPerformanceLog logs...Therefore, if we setup an alert on latencyd, this will raise a lot of false positives...While this metric is very useful in the ApplicationGatewayAccessLog because it allows for calculation of average user…

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Support URL encryption


      1. URL encryption =contoso.com/dco/c/p/index.jsp?a=value1&b=value2 -> /[encrypted URL]

      2. QUERY encryption =contoso.com/dco/c/p/index.jsp?a=value1&b=value2 -> /dco/c/p/index.jsp?[encrypted query]

      With encryption enabled, the URLs look like the follows:

      https://contoso.com/uEtTrCjpfK6TArw28wkIKR859knsmcdYxxHjBvJZrcCEoEYKhgZDzfwzt2cUhYVR7ggTvZKPFdCnvHSnyyg_tsvOXlx5UwJevvAIMaKtDycZz-fF8Q3Nr3NJV0w$$~UuE

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. The Portal UI for APPGW resources should display Stopped if stopped and not "Degraded State"

      when attempting to diagnose some connectivity issues through our APPGW I didn't look back through the Activity logs far enough to see that someone had actually stopped it explicitly.

      when checking health and backend probe status the only UI Clue I received that anything was amiss was a notice that the Gateway was in a Degraded State.

      this to me implies an issue/ something broken etc. It would have been much more useful if this simply said "Gateway is STOPPED since <date>"

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow multiple domains or wildcard hostnames in single listener

      Allow multiple domains or wildcard hostnames in single listener

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Add Prometheus Monitors to Application Gateway

      It will be nice if you can add an Endpoint for Prometheus metrics to be scraped from Application Gateways.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Hello, please, make sure that you let the customers know about the charges and the instances operations when configuring the WAF

      Hello, please, make sure that you let the customers know about the charges and the instances operations when configuring the WAF. Apparently, the number of instances is what is making this service extremely expensive and none of this is mentioned during the setup. Also, please remove this from the security list because it is listed with free extensions such as IAASMalware, Monitoring etc. Thanks!

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. The web application firewall (WAF) currently doesn't show the activated rules correctly.

      The web application firewall (WAF) currently doesn't show the activated rules correctly.
      If it is activated - a-- internal rules are active as well.
      This is not shown in the UI and is confusing.
      This should be changed.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    12. Allow ModSecurity Rule Exclusion

      ModSecurity is not really designed to be a plug and play solution. It almost always requires tuning. Without being to enter exclusions for certain files or paths, the only option is to disable the rule entirely, which is self defeating in most cases. An example would be WordPress. ModSecurity will flag certain actions of WordPress core (photo upload to the media gallery using admin or editing a post for example) as bad actions, meaning you either disable the rule entirely and thus the protection, or turn it on and off when you need to do those actions. Neither of those…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Sort Application Gateway Rules alphabetically

      My lists of Application Gateway Rules / Listeners and HTTP Settings is growing very fast. I've applied a naming convention but the lists are in random order so it's hard to find the settings which are for the same customer.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

    14. Ability to queue Azure configurations from portal

      In some services it might take quite a while for configurations to apply (for example Application Gateway). It can take up to 30 minutes for certain configuration to be applied and it is not possible to make other configuration change at the same time so it would be nice to have possibility to queue or batch changes somehow.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Add a way to test the configuration of Application Gateway before update

      When updating an application gateway (example changing to a different backend). It would be useful to be able to test the configuration of the application gateway before saving.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    16. Delete the listener but rule will be left and invisible

      After delete the listener, the rule still left and you can't see them in the UI. When you create the rule with same name, the request will be denied. You can see the left rules in the resource explorer.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Application Gateway -- Option to Stop/Start from Azure Portal

      It would be nice if we have the option to Start/Stop the Application Gateway from Azure Portal

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. translation error

      https://docs.microsoft.com/zh-cn/azure/application-gateway/application-gateway-components#ports

      侦听器在某个端口上侦听客户端请求。 对于 v2 sku, 你可以配置范围从1到65502的端口, 为 v2 sku 配置端口1到65199。

      The first "v2" should be "v1"

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. application gateway listener

      At times it becomes difficult to know what is the type of Listener in Application gateway that is, is it Multi Path or basic.

      It would be great if we can also see the Listener type at the Top

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Azure Application gateway - Allowed concurrent connection

      1) Tier - WAF , SKU Size - medium

      2) Tier - WAF , SKU Size - large

      3) Tier - Standard , SKU Size - small

      4) Tier - Standard , SKU Size - medium

      5) Tier - Standard , SKU Size - large

      Example: If I'm using WAF with Medium SKU and 8 Instances what will be my limit of concurrent connections.

      Thanks,
      Gulab Pasha

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base