Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Add REST APIs and SDK to manage Application Gateway child resources

      (following github issue https://github.com/Azure/azure-rest-api-specs/issues/8252)

      Hi,

      Currently, REST API and SDK (go, javascript, ...) does not provide way to manage Application Gateway child resources (backend address pools, frontend ip configurations, load balancing rules, ...).

      However, it's possible with the AZ CLi.

      Could the REST APIs and SDK be updated to allow it?

      Regards,

      64 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Application Gateway: To remove (.cer) files via Azure Portal

      When we want to remove an unused expired certificate (.cer) file from Application Gateway, we will have to use the cmdlet to remove them. It seems only to support the cmdlet to remove them using PowerShell or Azure CLI.
      I know we can remove the certificate from HTTP settings using Portal, but it remains at Application Gateway. (It means we have to see a lot of unused certificate on the list in a HTTP setting.)

      This is a simple request, that we want to remove their certificate (.cer) files not only just using the cmdlet but also via Azure Portal…

      35 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Application Gateway v2: Cannot be working correctly when the "Test" button on setting custom probes with using the "Health probes".

      We deployed the Application Gateway v2 on Azure Portal to set the custom probe configuration using the "Health probes",
      And push the "Test" button. In the result, we got just only the message "No Result.".
      It must be appeared backend instances on the display.
      However, it seems not to check backend pool instances health correctly on Azure Portal.
      Please fix this "Test" function with working correctly on Azure Portal.

      Test backend health with the probe:
      https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-probe-portal#test-backend-health-with-the-probe

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Application Gateway V2 support of UDR

      Deploying a Application Gateway in a subnet with an UDR is needed in enterprise networks. For example if you advertise the default route from a ExpressRoute connection,.

      286 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. Application gateway V2 subnet to support UDR

      We need to support UDR association with Appgw V2 subnet, since as of now it's not yet support while Appgw V1 does support. Please add this feature.

      124 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Make Application Gateway v2 available in Swiss regions

      We have several application gateways in both Swiss regions. However v1 have many limitations and we would like to use v2.

      Please make it available in both Swiss regions.

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. TLS 1.3 and HSTS Support for Azure Application Gateway

      This is about a feature request for an Azure Application Gateway to support TLS 1.3 and HSTS.
      At least HSTS is just a secure header which should be trivial to implement.
      I`m looking forward to a feedback.

      180 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    8. Allow creation of an empty application gateway

      (Following github issue https://github.com/Azure/azure-rest-api-specs/issues/2313)

      Hi,

      currently it is not possible to create an empty application gateway without frontend and backend configuration. so it is not possible to create an application gateway step by step.

      Could you allow the creation of an empty application gateway? then one could split the creation of an application gateway into multiple parts as requested in terraform-providers/terraform-provider-azurerm#727

      More details in the github issue

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Add X-Forwarded-For information in Application Gateway Access log

      If we have other Layer 7 Load Balancer like Cloudflare load balancer uses in front of AppGw, we are not able to obtain real client IP. Imagine Cloudflare load balancer inserts X-Forwarded-For info before forwarding request to AppGw, can we add X-Forwarded-For information in Application Gateway Access log?

      24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Application Gateway handling the Query parameter on back-end

      In application gateway HTTP settings when we use "override back-end path" option, it is stripping out the query parameter and retains only the resource path.

      Eg: https://<<HostName>>:443/resurcepath/invoke?api-version=2016-10-01&number=5

      It retains only "https://<<HostName>>:443/resurcepath/invoke" and ignoring "?api-version=2016-10-01&number=5"

      It will be good to retain the query parameters without doing any URL redirection etc

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Fully private App Gateway v2

      From: https://docs.microsoft.com/en-us/azure/application-gateway/migrate-v1-v2

      " v2 gateways currently don't support only private IP addresses."

      We need to be able to create fully private App Gateway V2, without public IP.

      At the moment V2 Gateways will be public facing so we need to stick with V1. We cannot rely on NSG/Firewall to restrict traffic: we need to be able to provision a private load balancer.

      32 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. mutual TLS authentication on Application Gateway

      To verify authenticity of client sending traffic to Application Gateway, its required to have mutual TLS authentication.
      For use cases such as : Using a 3rd party caching or WAF tier like Akamai send traffic to AG, we would require mutual TLS.

      Currently we could limit source by IPs by putting an NSG rule. But cryptographic identity verification is the correct approach. Towards this I would like to request Mutual TLS.

      130 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. ILB only mode for Application Gateway V2

      https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-autoscaling-zone-redundant#differences-with-v1-sku

      We are using Application Gateway regularly on internal services and we want to use V2 mainly because its faster, but we don't want to expose our services externally even by mistake - so because there is public frontend ip address, it is no-go far us until there ILB only is possible.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Custom error page for 504 error

      Today we can do customer error pages for 403, and 502 errors.
      However we would like to create a customer error page when customers receive 504 errors.

      504 errors are created if the application gateway haven't received a response from the backend servers within the defined timeout period.

      This can happen if the backend is overloaded, and not yet seen as unhealthy by the application gateway.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Deprecate use of Cipher Block Chaining cipher modes - TLS_RSA_WITH_AES_256_CBC_SHA256

      App Gateway is REQUIRING a WEAK CIPHER be enabled

      See: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-configure-ssl-policy-powershell#configure-a-custom-ssl-policy

      ==Important==
      TLSRSAWITHAES256CBCSHA256 must be selected when configuring a custom SSL policy. Application gateway uses this cipher suite for backend management. You can use this in combination with any other suites, but this one must be selected as well.

      As of May 2019 - SSLLABS is identifying cipher suites using CBC as WEAK - https://blog.qualys.com/technology/2019/04/22/zombie-poodle-and-goldendoodle-vulnerabilities#comment-303228

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. downgrade attack prevention - TLS_FALLBACK_SCSV

      Downgrade attack prevention should be a necessary addition to the Azure Application Gateway.

      All security audits (SSL Labs among others) show this to be a necessary security measure and as such they all downgrade your security compliance if you dont have it.

      42 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Add functionality to Application Gateway for routing based on HTTP headers

      The ability to route traffic to backend pools depending on HTTP headers would be much appreciated. At the moment the only way to do this is with a function app.

      103 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow public and private ip to have its own listener on the same port

      single gateway would support both public and private ip but the not able to create the two listeners for public and private on the same port. it would be great to have this feature else we need to create 2 application gateway for this purpose which defeats the purpose of public and private front end configurations to some extent.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Application Gateway: support reuse of same azure vault stored certificate

      Problem: If you deploy a gateway with more than one secure (443) listener then you cannot use the same vault stored certificate as they must have unique names.

      See:
      https://feedback.azure.com/forums/217313-networking/suggestions/17523370-application-gateway-support-for-wildcard-ssl-cert
      Comment from Product at release time:
      You can associate the same certificate with multiple listeners. Please do not define the same certificate multiple times. Currently the certificate details must be unique – however the certificate could be reused across listeners.

      Scenario:
      You have multiple environments held in various vms/clusters/app service e.g.
      dev.domain.com
      test.domain.com
      pentest.domain.com
      uat.domain.com
      cutomer-uat.domain.com

      You have a wildcard certificate stored in vault and you want to reuse the…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Rewrite header rule dose not work well using redirect rule.

      When I attached rewrite header rule to a request routing rule with redirect, I confirmed that the rewrite rule did not work. I hope we can use rewrite header rule with redirect rule.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 10 11
    • Don't see your idea?

    Feedback and Knowledge Base