Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Add Application Gateway support for Azure DevOps tasks

      Add Application Gateway support for Azure DevOps tasks. Currently public IP address is needed for release pipeline tasks like copying files and running PowerShell on Azure VM's.

      Here's a link to the statement that VM's are not supported behind Application Gateways: https://github.com/Microsoft/azure-pipelines-tasks/issues/3235#issuecomment-448126585

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Add a way to test the configuration of Application Gateway before update

      When updating an application gateway (example changing to a different backend). It would be useful to be able to test the configuration of the application gateway before saving.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    3. Allow control of the ARRAffinity set cookie response header

      Problem:
      When a request for contoso.com hits an Azure App Gateway and the back end is routed to contoso.azurewebsites.com, the set ARRAffinity cookie response includes the optional domain attribute (as per RFC6225 Page 22) that specifies "contoso.azurewebsites.net". causing the user agent to never write the cookie since the Domain attribute doesn't match the requested domain.

      Proposed Solutions:
      Solution #1
      Give us a way to disable the Set Cookie: domain attribute similar to the way we can add a "Arr-Disable-Session-Affinity" response header to disable the cookie entirely. I'm suggesting an "Arr-Disable-Session-Affinity-Strict-Domain" response header to tell the ARR proxy not to write…

      17 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow configuring the managed identity for app gateway through the portal

      The current CLI experience has a rather steep learning curve and is not ideal for someone just evaluating whether to use Azure.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. WAF file size limit to be increased

      Currently as the WAF limit is set to 100mb, we cannot process our large files which could hit 500mb for example.

      Can you please increase the WAF file silze limit? To possibly 1GB / 2GB

      148 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Maximum Internet Traffic supported by Application Gateway . Sometimes there will be a performance test conducted . So it is better to know

      Would be great if there is some information on the maximum traffic supported by Application gateway

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    7. Support server-sent events

      Azure Application Gateway apparently does not support server-sent events. This surprised me, since SSE really is just http. However after quite a bit of testing, and asking on the forum, I can confirm it does not.

      SSE is an arguably better way of doing server push than websockets, which is a lot more complex. We rely heavily on it, so hope it will be prioritized.

      Best regards,
      Alf

      103 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Disable HTTP request methods on WAF.

      Need configuration option to disable HTTP request methods on WAF such as PUT DELETE OPTIONS etc.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Application Gateway WAF: update to OWASP CRS 3.0.2

      The 'OWASP 3.0' (3.0.0) WAF rule set generates a lot of false positives, even on random base64 payloads. The only option is to disable many rules.

      2 examples which frequently trigger on SAML authentication exchanges are 932140 (https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/671) and 941120 (https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/675).

      OWASP CRS 3.0.2 reworked some rules, in order to reduce some of these false positives. Please support CRS 3.0.2 (either as an in-place upgrade for 3.0.0, or as a new option).

      115 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Application Gateway, App Service and ARRAffinity

      We are trying to route all our app service traffic through application gateway.

      We have the apservice running on multiple instances and arraffinity is enabled on the appservice

      When we route the traffic through applicationgateway i note that the arraffinity cookie is being removed, as such user sessions switch across appservice instances and our application does nto work correctly

      I tried enabling session affinity on the http setting but it still doesnt work

      What is the correct setup to allow app gateway to be used with appservice and arraffinity

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Add ACI Containers to Application Gateway Backend Pool Targets

      Currently the only way to set the backend pool targets for ACI containers within a private VNET is by IP address. When stopping and starting ACI containers there is no guarantee that they will re-use the same IP address.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. URL path management

      It would be nice to have ability to allow/block some path of the hosted sites:
      /page1/subpage1/subpage2 - allow
      /page1/subpage1 - block
      / - block
      or at least to allow/block only one page.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Sort Application Gateway Rules alphabetically

      My lists of Application Gateway Rules / Listeners and HTTP Settings is growing very fast. I've applied a naming convention but the lists are in random order so it's hard to find the settings which are for the same customer.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

    14. More granular backend pool monitoring

      The App Gateway as it stands only allows you to monitor the overall (every member of every pool) backend pool health. It does not allow you to alert on a specific backend. One pool may be healthy with one member down and another may be unhealthy with one member down.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Application Gateway WAF: need the ability to adjust rule 911100 list of methods

      API management allows additional methods such as PATCH, PUT, DELETE and TRACE which some companies use in their API's.

      The default WAF list under rule 911100 is GET HEAD POST OPTIONS which is not sufficient and leads to the disabling of the rule in the application gateway WAF in front of API Management.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Current CPU Utilization metrics

      We've 502 failed request. Upon raising a ticket with Microsoft support we found that the Instance count was getting heavily utilized. Can you implement CPU Metrics so that we can do the same thing by ourselves.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Reorder the Listeners on the Application Gateway

      Recently I was in the need to register additional listeners to an App Gateway. The issue is that the rules and Listeners should be created (at least using the portal) on correct order and the portal don't have any options to change this order.
      As the process of update changes on the Gateway takes a few minutes, this type of change requires a few hours to create a new record, remove, add it again, create rules, etc.
      Using a pattern similar to the NSG where we define a value for the order would save a lot of time.

      90 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Support for EC Elliptic Curve Customization

      Azure Application Gateway custom SSL policies don't seem to allow the customization of the elliptic curves to use like we normally do on Windows Server 2016 for example (via PowerShell "enable-TlsEccCurve" for example). I believe this extra customization option would very useful for specific integration scenarios.

      Thank you,

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Application Gateway should support OAuth2 and/or JWT token validation

      Azure Application Gateway should support OAuth2 and/or JWT token validation so it can be used as a reverse proxy.

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Delete the listener but rule will be left and invisible

      After delete the listener, the rule still left and you can't see them in the UI. When you create the rule with same name, the request will be denied. You can see the left rules in the resource explorer.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base