Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Application gateway support multi-site listening on Private and Public Frontend IPs

      Currently the web application firewall can be configured with multiple Frontend IPs, such as Public & Private. However, multi-site listeners cannot be configured on standard web ports (80 & 443) on both frontend IPs. No port overlap is allowed. User must decide which of the two frontend IPs gets to listen on standard web ports, and the other must be configured on alternate ports. This is not usable for non-technical end users, and many of us require both public and private frontend IPs to support internal-only sites (such as a company intranet) in addition to customer-facing ones.

      56 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Application Gateway support of URL hash based routing

      I'd like the ability for user requests with the same URL (or same header) to be sent to the same back-end. This is useful if the back-ends cache content that users request, enabling them to serve users significantly quicker.

      In my specific use case, I want to connect multiple web-socket connections to the same host to share common resources.

      Other load balancers accomplish this by hashing the URL request and sending requests with the same hash to the same back-end.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Web Application Firewall Cookie Exclusions only exclude Value checking not Name checking

      I understand it is only a Preview, but my feedback on Exclusions... if I create an Exclusion as follows:


      • Field = Request cookie name

      • Operator = starts with

      • Selector = Nonce

      This appears to stop the WAF inspecting the value of any cookie whose name starts with "Nonce". What it doesn't do is exclude the checking of the name of the cookie itself.

      For example a cookie called NonceABC--XYZ would still trigger the SQL Comment Sequence rule.

      This is a problem when an ASP.Net Core application, that uses Open Id Connect authorisation, is put behind the Application Gateway and the…

      58 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Reduce price for V2 SKUs

      Reduce price for V2 SKUs to make them more affordable for small workload projects

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. "Azure Managed" SSL certificates for Application gateway for SSL offloading

      Please add the ability to use a Azure managed certificate for the application gateway for the use of SSL offloading. This feature would be nice so that we would not have to manage the certificate and it would auto update instead of us having to keep the certificate up to date.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Azure WAF v2 is not recognized by Azure Security Center as security solution and it has not mentioned anywhere.

      Azure WAF v2 is not recognized by Azure Security Center as a security solution and it has not mentioned anywhere. The details that are provided is not enough to understand that it is not being recognized as below.

      Partner solution name: Application Gateway

      Type: Saas-based Web Application Firewall
      Integration mode: Semi-automatically provisioned
      Status : Not reported

      Status has never been reported to Azure Security Center. Usually this means that this security solution isn't configured yet. It is recommended you login to the security solution management console to finalize the initial configuration

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Allow flags to be set on the Application Gateway Affinity Cookie

      Our security team is telling us that the cookie from the application gateway is failing security scans because the secure and httponly flags are not set.

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    8. Application Gateway WAF

      Application Gateway is always slow to update even few configuration changes, so better backend networking with high speed support has to be mapped so that every end user will get better outcomes.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Is it possible to expose Azure blob storage via Application Gateway

      Expose Azure blob storage via Application Gateway.

      I would like to remove public access for Azure Blob and only make it accessible via virtual network. The Azure Application Gateway will be public facing which does the SSL termination and forwards the request to blob.

      This would allow scanning for malicious content via virtual appliances before content is stored in blob.

      142 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. AppGW v2 setup : check the subnet size (min /28)

      Hello,

      Next to the Microsoft support request #119082022001909 (Impossible to create an AppGW v2 using Azure GUI Portal or AzureAppGWMigration.ps1 Application Gateway) : it appears it misses a check about the size of the subnet in which we want to deploy an Application Gateway v2.

      We've tried several times to create an appGW v2 using a /29 subnet without success, but without warnings too, although it is a prerequisite as described here > https://docs.microsoft.com/en-us/azure/application-gateway/configuration-overview#size-of-the-subnet

      We've tried it 'manually' using the Azure Portal GUI Wizard, or using a PS script (to migrate v1 to v2) and we've got the same error…

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Azure Application Gateway wasp rule issue : 941120

      Since we have observed the exlusion rule in Application Gateway WAF is not working. For one of the azure ad cookies that are being generated randomly creating 403 issue on gateway and blocking the request. So cookie will be like 'OpenIdConnect.nonce' which need to excluded but its not working since name got concatenated with the value of the cookie. Please have a review on this since this seems bug on the wasp rule

      For Ex. REQUESTCOOKIESNAMES:OpenIdConnect.nonce.XcAqQkCKX3DproXEwEN5OnpgG3E2wFYTzxvyttvCLZo%3D ....

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Static public outbound IP for Application Gateway v1

      We use Application Gateway v1 because it has the possibility to assign a static private frontend IP.
      Now we would love to see the possibility to assign a static public IP for outbound traffic.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    13. Instance IPs of Application Gateway are not visible in Portal

      In our usecase, external facing App Gateway(AG) will forward the traffic to PaloAlto virtual firewalls and firewall will NAT traffic to internal AG. Every application will have it's own external & internal AG. The NAT policy in firewall cannot use external AG subnet as source, you will have to identify instance IPs of each external AG and create NAT policy based on that. At the moment only Azure support have visibility to instance IPs, these IPs need to be exposed to Portal.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Allow setting intermediate certificates for SSL

      Application Gateway does not support setting intermediate certificate. Some CA provide leaf certificates that do not include all certificates in the certification path. When AG does not has the intermediate certificate, we need to manually create a certificate with the intermediate one.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    15. Application Gateway v2 "trusted root certificate" configuration via portal

      To configure end-to-end encryption with Application Gateway v2, cer is not supported for Backend Authentication Certificates under the HTTP settings. Using this will result in an error stating authentication certificates are not supported for v2. A Trusted Root Certificate should be configured for v2. This option seems to only be availalbe via powershell and not through the Azure Portal.
      Please update the portal configuration options under "Add HTTP Setting" to allow adding Trusted Root for v2 gateways and not just Authentication Cert.

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Add custom error pages like 405(with TRACE method) at global level of application gateway V2

      Please add custom error pages like 405(with TRACE method) and other status code returned by appgw(without forwarding request to backend) at global level of application gateway V2, where customer can block other scenarios and return a designated URL to original client.
      Sometime customer has a requirement of completely removing 'Microsoft-Azure-Application-Gateway/v2' in response header, so please consider to add this feature in future.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Need ability to set Maximum file upload size as a property for V2

      Our hosted solution requires uploads larger than 2GB for some applications like uploading a large video. We need a user setting for the maximum file upload on the V2 AGW.

      The current documentation is also not clear. It says: The following table applies to v1, v2, Standard, and WAF SKUs unless otherwise stated. There are specific stated mentions of the 2GB limit for Standard and WAF and there is no specific limitation mentioned for v2.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Bug in Application Gateway Path Based Rules Redirection Configuration to External Site

      There is a bug in the "Rules" section of the "Application Gateway".
      Create a new path based rule for a multi-site Listener with HTTP HTTP settings.
      In this rule, add a new redirection configuration, to an EXTERNAL SITE.

      The "Include Path" checkbox is disabled. It is enabled only for the Listener case.
      Create the rule. The Include path value is null (verified through powershell az module and by the fact that the actual redirection does not work).
      I managed to enable this switch, via az powershell modules and all worked as expected.

      PLEASE FIX

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. application gateway monitor

      Application Gateways need more troubleshooting tools. The healthy/unhealthy logging is almost useless. We need to be able to initiate a ping/netcat from the AppGw to a host to verify connectivity. We also need to be able to see the DNS cache or see a log correlating incoming requests with outgoing requests by hostnames and IP addresses,

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Azure Application Gateway WAF Mode Increase Limit on SecRequestBodyLimit

      When we have the WAF set to prevention mode some of our HTTP post are denied with code 413.

      Request body no files data length is larger than the configured limit (131072).. Deny with code (413)

      Can you make these two settings configurable on the WAF?

      SecRequestBodyLimit
      SecRequestBodyNoFilesLimit

      Thanks
      Mark

      357 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      17 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base