Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Rules disappear

      I've had several instances where rules are saved but then disappear. This occurs in both Edge and Chrome.

      4 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    2. Service Tag for service bus should support port 5671

      Currently, as per service tag documentation https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview#available-service-tags for service bus, only premium tier is supported.

      ServiceBus Azure Service Bus traffic that uses the Premium service tier.

      I am not sure why the same does not work for standard tier service bus.

      However when in Azure Firewall we enable ServiceBus tag, it still does not allow outgoing connections on port 5671, 9350-9354.

      Please make sure that with ServiceBus tag connection to service bus is allowed on all service bus with all possible IP and ports

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    3. Log azure firewall headers/SNI for application rules

      Log the headers for requests and the actual outcome (i.e. when using host header that resolves a different IP than the original or the SNI / host used for the request)

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    4. 3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    5. Azure Firewall - Network Rules Optimization

      Currently with the "Network rules hit count" we can see the number of times a network rule has been hit, but in term of rules management/review it's also important to know which rules are not hitting!
      Moreover on Network rules log/monitoring please add the option to filter from specific IP source/destination or from a range.
      It would be interesting to have some AI checking the rules for overlapping and suggesting how to handle them.
      And it would be great to have a centralized single panel of glass to manage NSG, FW and VMs network rules, like https://www.tufin.com/tufin-orchestration-suite

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    6. Azure Firewall Outgoing Public IP-Specific IP

      We are have stuck with the Azure FW implementation as we could not define the outgoing traffic with specific Public IP. We could not go back and ask all our third party to include every time when we add new public IP. I have logged the ticket with MS support they r unable to advise. I would like to know when this could be achievable so I could migrate all my production environment.

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    7. Azure Firewall - DNAT rule for the target FQDN.

      We can use DNAT rule with source ip address or destination ip address. But I want to use the DNAT rule with the target FQDN. I know application rule can use the target FQDN so I hope we can also use the feature with DNAT rule.

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    8. Azure firewall Threat Intel logs: option to always add fqdn to "Deny" log entries

      When TI blocks by IP instead of fqdn (which it seems to do most of the time, given the amount of blocks we notice), it would be very useful for troubleshooting if AzFW would also log the fqdn the client is accessing (from TLS Client Hello packet) in addition to only the blocked IP from SYN packets.

      We are experiencing quite a lot of false positives for Google and GitHub shared IP's on fresh Win 10 VMs with basic dev tools like Chrome/VScode, and this would help pinpoint what ligitimate fqdn the clients are trying to access.

      It's also quite…

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    9. Azure Firewall: more granular threat intel rules and actions

      Currenly the only choices for TI are: Alert or Deny. It would be nice to have a choice actions based on threat category/severities/confidence.

      For example: block high confidence matches while only alerting on medium risks.

      Sites like abuseipdb.com often provide a "Confidence of abuse" level to indicate how likely it is that a given ip is abused. I assume TI internally uses a similar rating that could be used?

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    10. Azure Firewall - Utilize Existing Subnet

      Azure Firewall should allow for deployment into an existing subnet, pending the requirements met for available IP address space.

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    11. Active FTP Support in Secured Virtual Hub

      Active FTP is supported in Azure Firewall when deployed in a regular virtual network, but is missing from deployments in Virtual Hub.

      2 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    12. Public IP address prefix support for Azure Firewall with Firewall Manager

      Today Azure Firewall (Standalone) support Public IP address prefix (https://docs.microsoft.com/en-us/azure/virtual-network/public-ip-address-prefix )
      But when Azure Firewall is in Firewall Manager the Public IP address support is not there.

      It's very important that Firewall in any mode and tier support predictable IP range

      2 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    13. Public IP address prefix support for Azure Firewall with Firewall Manager

      Today Azure Firewall (Standalone) support Public IP address prefix (https://docs.microsoft.com/en-us/azure/virtual-network/public-ip-address-prefix )
      But when Azure Firewall is in Firewall Manager the Public IP address support is not there.

      Its very important that Firewall in any mode and tier support predictable IP range

      2 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    14. Azure Firewall showing up as "Other classic resources > Deployments"

      In Cost Management + Billing, Azure firewall cost shows up under the category "Other Classic Resources > Deployments. This can be misleading. I understand that Firewall billing is billed in two ways, But it should be better designated, so resources billing can be traced.

      Thanks

      Ref: Service request: 118111921002018

      2 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    15. Implement Basic and Core Firewall Editing/Management Outside of the Portal

      As it stands right now, there is a bug in the Portal that prevents the simple management of network rules utilizing IP Groups. It is unusable.

      It is currently not possible to make a simple modification to an existing network rule without using the Portal.

      For example:
      If you have Rule1 and it contains 5 IP Groups and you need to remove 2 and replace them with 2 new ones, you can't do this because of the Portal bug. Until this is fixed, you are left with no reasonable options.

      We are talking about basic firewall rule source and destination…

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    16. Azure firewall provisionning fail cause French local : LocationNotAvailableForResourceType

      Azure firewall provisionning fail because French local on portal

      LocationNotAvailableForResourceType
      L'emplacement fourni « Europe occidentale » n'est pas disponible pour le type de ressource « Microsoft.Network/publicIPAddresses ».

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    17. service chaining

      redirect traffic based on customizeable criteria to other network functions that could be represented also as custom NVA to build network service chains.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    18. Create default IP Rule for IP restrictions

      When creating first IP restrictions rule in a Web Application the default rule Deny all is implemented.
      This default rule is not visible and should automatically be generated on creation of first visible rule to then be configurable with Priority numeric.
      Otherwise many users of Azure Web apps will create a rule and no realise the whole site is blocked due to this default rule being applied.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    19. Is there any way to predict data processing traffic charges for Azure firewall before using it.

      Is there any way to predict data processing traffic charges for Azure firewall before using it.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    20. WAF fails to establish success health using the web service SAP cloud connector with custom TLS1.2 and struggled to find the issue from WAF.

      WAF fails to establish success health using the web service SAP cloud connector with custom TLS1.2 and struggled to find the issue from WAF stand point. Means, We modified multiple TLS1.2 algorithm and tested to fix the issue. Why the custom/selected TLS1.2 algo is not working? Can you build the "front end troubleshooting page or packet capture page" to select correct TLS1.2 or elect the correct TLS1.2 automatically?

      Moreover, Could you modify the name from "Listener" to "Backend Listener"? Boz, This name is really confusing with frontend certificate and backend TLS parameters.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    • Don't see your idea?

    Feedback and Knowledge Base