Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Application Gateway v2 "trusted root certificate" configuration via portal

      To configure end-to-end encryption with Application Gateway v2, cer is not supported for Backend Authentication Certificates under the HTTP settings. Using this will result in an error stating authentication certificates are not supported for v2. A Trusted Root Certificate should be configured for v2. This option seems to only be availalbe via powershell and not through the Azure Portal.
      Please update the portal configuration options under "Add HTTP Setting" to allow adding Trusted Root for v2 gateways and not just Authentication Cert.

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. AppGW v2 setup : check the subnet size (min /28)

      Hello,

      Next to the Microsoft support request #119082022001909 (Impossible to create an AppGW v2 using Azure GUI Portal or AzureAppGWMigration.ps1 Application Gateway) : it appears it misses a check about the size of the subnet in which we want to deploy an Application Gateway v2.

      We've tried several times to create an appGW v2 using a /29 subnet without success, but without warnings too, although it is a prerequisite as described here > https://docs.microsoft.com/en-us/azure/application-gateway/configuration-overview#size-of-the-subnet

      We've tried it 'manually' using the Azure Portal GUI Wizard, or using a PS script (to migrate v1 to v2) and we've got the same error…

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Azure Application Gateway wasp rule issue : 941120

      Since we have observed the exlusion rule in Application Gateway WAF is not working. For one of the azure ad cookies that are being generated randomly creating 403 issue on gateway and blocking the request. So cookie will be like 'OpenIdConnect.nonce' which need to excluded but its not working since name got concatenated with the value of the cookie. Please have a review on this since this seems bug on the wasp rule

      For Ex. REQUESTCOOKIESNAMES:OpenIdConnect.nonce.XcAqQkCKX3DproXEwEN5OnpgG3E2wFYTzxvyttvCLZo%3D ....

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Static public outbound IP for Application Gateway v1

      We use Application Gateway v1 because it has the possibility to assign a static private frontend IP.
      Now we would love to see the possibility to assign a static public IP for outbound traffic.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. WAF (Application Gateway) Listeners limit increase from 100 to 200

      We had issue regarding creating more than 100 listeners in Application Gateway, and found that there is a limitation of 100 listeners maximum which is very annoying because there is always scenarios where customers need to create multiple bindings for websites\domains, and then we need to create listeners for the same. I logged a case with MS and the response is not satisfying that MS can not increase limit from 100 to 200, MS will consider it in future.

      I had to create more listeners for my requirement which increased complexity in my architecture and cost as well.

      Please increase…

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    6. Instance IPs of Application Gateway are not visible in Portal

      In our usecase, external facing App Gateway(AG) will forward the traffic to PaloAlto virtual firewalls and firewall will NAT traffic to internal AG. Every application will have it's own external & internal AG. The NAT policy in firewall cannot use external AG subnet as source, you will have to identify instance IPs of each external AG and create NAT policy based on that. At the moment only Azure support have visibility to instance IPs, these IPs need to be exposed to Portal.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Azure Application Gateway WAF Mode Increase Limit on SecRequestBodyLimit

      When we have the WAF set to prevention mode some of our HTTP post are denied with code 413.

      Request body no files data length is larger than the configured limit (131072).. Deny with code (413)

      Can you make these two settings configurable on the WAF?

      SecRequestBodyLimit
      SecRequestBodyNoFilesLimit

      Thanks
      Mark

      397 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      21 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. application gateway monitor

      Application Gateways need more troubleshooting tools. The healthy/unhealthy logging is almost useless. We need to be able to initiate a ping/netcat from the AppGw to a host to verify connectivity. We also need to be able to see the DNS cache or see a log correlating incoming requests with outgoing requests by hostnames and IP addresses,

      32 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Bug in Application Gateway Path Based Rules Redirection Configuration to External Site

      There is a bug in the "Rules" section of the "Application Gateway".
      Create a new path based rule for a multi-site Listener with HTTP HTTP settings.
      In this rule, add a new redirection configuration, to an EXTERNAL SITE.

      The "Include Path" checkbox is disabled. It is enabled only for the Listener case.
      Create the rule. The Include path value is null (verified through powershell az module and by the fact that the actual redirection does not work).
      I managed to enable this switch, via az powershell modules and all worked as expected.

      PLEASE FIX

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Increase upload limit for Application Gateway or make it configurable

      Increase upload limit for Application Gateway or make it configurable.

      Currently the limit is 2GB maximum, but we need to be able to exchange larger files as well.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. translation error

      https://docs.microsoft.com/zh-cn/azure/application-gateway/application-gateway-components#ports

      侦听器在某个端口上侦听客户端请求。 对于 v2 sku, 你可以配置范围从1到65502的端口, 为 v2 sku 配置端口1到65199。

      The first "v2" should be "v1"

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Please provide an option to monitor CPU performance of the application gateway at the portal level.

      Please provide an option to monitor CPU performance of the application gateway at the portal level. Since we are not aware of how much CPU is used of the backend instances.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Add Prometheus Monitors to Application Gateway

      It will be nice if you can add an Endpoint for Prometheus metrics to be scraped from Application Gateways.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Allow Application Gateways to be moved between subscriptions

      Applications Gateways currently can't be moved between subscriptions.

      Allow them to be moved between subscriptions.

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. The Portal UI for APPGW resources should display Stopped if stopped and not "Degraded State"

      when attempting to diagnose some connectivity issues through our APPGW I didn't look back through the Activity logs far enough to see that someone had actually stopped it explicitly.

      when checking health and backend probe status the only UI Clue I received that anything was amiss was a notice that the Gateway was in a Degraded State.

      this to me implies an issue/ something broken etc. It would have been much more useful if this simply said "Gateway is STOPPED since <date>"

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Allow APGW redirection from the root path

      Allow an Application Gateway's path-based rules to accept a forward slash ( / ) as a valid path.
      As of the time of writing this, trying to save such a configuration results in the following error:

      failed to save configuration changes to application gateway 'APGWNAME'. Error: Path / should have a nonempty match value followed by '/' in PathRule RESOURCEGROUP/providers/Microsoft.Network/applicationGateways/APGWNAME/urlPathMaps/RULENAME/pathRules/REDIRECTRULENAME'>APGWNAME/RULENAME/REDIRECTRULENAME.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Allow update of TCP timeout for frontend private IPs in Azure application gateway

      Please allow support of updating TCP timeout for private IPs.

      At the moment the TCP Timeout value is available only for public IPs. Would like it to be available for private IPs as well.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    18. Web Application Firewall Exact Exculsion Does Not Work With Full Stops Bug

      Fix the bug whereby an exclusion in the Web Application Firewall WAF which uses an Exact match where the name contains a full stop / period does not work.

      My work around is to use Starts With instead which does not seem to care about the full stops.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Allow control of the ARRAffinity set cookie response header

      Problem:
      When a request for contoso.com hits an Azure App Gateway and the back end is routed to contoso.azurewebsites.com, the set ARRAffinity cookie response includes the optional domain attribute (as per RFC6225 Page 22) that specifies "contoso.azurewebsites.net". causing the user agent to never write the cookie since the Domain attribute doesn't match the requested domain.

      Proposed Solutions:
      Solution #1
      Give us a way to disable the Set Cookie: domain attribute similar to the way we can add a "Arr-Disable-Session-Affinity" response header to disable the cookie entirely. I'm suggesting an "Arr-Disable-Session-Affinity-Strict-Domain" response header to tell the ARR proxy not to write…

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Support URL encryption


      1. URL encryption =contoso.com/dco/c/p/index.jsp?a=value1&b=value2 -> /[encrypted URL]

      2. QUERY encryption =contoso.com/dco/c/p/index.jsp?a=value1&b=value2 -> /dco/c/p/index.jsp?[encrypted query]

      With encryption enabled, the URLs look like the follows:

      https://contoso.com/uEtTrCjpfK6TArw28wkIKR859knsmcdYxxHjBvJZrcCEoEYKhgZDzfwzt2cUhYVR7ggTvZKPFdCnvHSnyyg_tsvOXlx5UwJevvAIMaKtDycZz-fF8Q3Nr3NJV0w$$~UuE

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base