Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Guaranteed time to roll out a custom SSL certificate when creating/updating FrontDoor endpoints

      When creating or updating a FrontDoor endpoint with a new URL it would be useful to have a expected time when all locations globally will serve with the correct certificate. I have been advised by Azure Support now that a normal turnaround time for our scenario (certificate provided by us, stored in Keyvault) should be 6-8 hours, but have just had an instance where it has taken over 24.

      Given we will be regularly adding new URLs and will need to advise clients when they should be able to correctly access the addresses a) it would be useful to be…

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Make backend host header field behave consistently with portal

      Currently the behavior of a backend's "Backend Host Header" field behaves differently when you use the azure portal compared to when you use automation like ARM or Terraform.

      The documentation here states: https://docs.microsoft.com/en-us/azure/frontdoor/front-door-backend-pool#feedback

      > For example, a request made for www.contoso.com will have the host header www.contoso.com. If you use Azure portal to configure your backend, the default value for this field is the host name of the backend. If your backend is contoso-westus.azurewebsites.net, in the Azure portal, the autopopulated value for the backend host header will be contoso-westus.azurewebsites.net. However, if you use Azure Resource Manager templates or another…

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. Allow Front Door Services to be moved between subscriptions

      Allow Front Doors to be moved between subscriptions.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Validate Token like APIM at Azure Front Door Level

      Can we validate Security Token At Front Door like API Management Service?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    5. Private Endpoint support in Front Door

      Front Door is useful for private networking scenarios as well as public. For example we are beginning to use it as a routing for Blue/Green Deployments of our internal apps.

      To keep the apps secure, we want to have a private traffic route into the Front Door and also out to the backends.

      This could be by the new Private Endpoints. There is also a separate feature request on here for VNet support.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Exclusions required in config of Frontdoor WAF

      Please implement match exclusions in the Frontdoor WAF similar to how exclusions are handled in Application Gateway WAF. We need to ignore a cookie value where randomized session strings seem to trip WAF regularly.

      Thanks
      Ben.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. Add support for Azure Static Web Apps in Azure Frontdoor

      Add Azure Static Web Apps as Backend host type in Azure Frontdoor. Would be nice to be able to combine Azure Static Web Apps with advanced features in Azure Frontdoor.

      https://docs.microsoft.com/en-us/azure/static-web-apps/

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    8. Support User-agent http header for Azure FrontDoor

      Support for User-Agent http Header.
      It could be very usefull to be able to redirect to specific backend using the User-Agent header (ios ...).

      Actually the only way i found to achieve this is to put another Ngnix in front of Front Door to redirect to specific Host.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Challenges in making AFD Work as a CDN for on prem resources

      We would like to use the AFD's WAFs capability and CDN for protecting our on premise farm

      We will need to create the service on AFD and have Backend access via an IP and Backend header
      Conceptually and by design the service should be able to do it
      Challenges:


      1. On a single IP we have many Names that are published in HTTPS only, a single certificate with SAN entry for all the names
        The IP address normally does not respond to any request and give a 403

      We have modified the IP to respond with 200 for HTTP
      but HTTPS…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    10. Front Door support Range headers where the client asks for more bytes than is available from the origin

      When the Facebook sharing service reaches out to get the metadata for a page, it asks for the first 512Kb of the page. However, most of the pages on our site are 21Kb, so Front Door kicks out the request with a 503 because the Content-Length headers do not match. Please support Range requests for files smaller than the requested size as well as cache those requests as well.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Add support for Let's Encrypt as a CA in Azure Front Door

      Add support for allowing Let's Encrypt as valid CA.

      Buying SSL Certificate is an expensive affair and having Let's Encrypt as valid CA would increase Front Door's adoption.

      One situation it will be really helpful is while using an Apex domain with Front Door.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. Provide ability to enforce baseline rules across Azure tenant for Azure Front Door WAF

      Providing the ability to define a baseline set of rules for Azure Front Door WAF will help enterprise security teams keep a consistent security posture for endpoints no matter who owns the deployment of the Azure Front Door instance. Ideally this could be configured to enforce this baseline across all Azure Front Door instances within an Azure tenant.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    13. Why does front door remove Authorization Headers when we do a Redirect?

      I have a set of APIs built using web service (legacy) and I have created a new set of APIs using Azure functions. Now I want all my legacy API to route to Azure Function.

      I tried the Azure Front Door service redirect to achieve the functionality. I was able to redirect but the request headers are missing in the redirected requests. Not sure why Azure Front Door is removing them?

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    14. Front Door: TM’s FQDN is reflecting in drop down menu mutiple times when adding app services to a front door backend pool

      Currently if i have multiple app services connected to a traffic manager and i want to have a Azure Front door, TM's FQDN reflects in the dropdown while adding these appservices in Front door backend pool.

      For eg. Say xyz.azurewesites.net and pqr.azurewebsites.net are connected to tm.trafficmanager.net. When I create a front door and try to add these appservices to the pool, tm.trafficmanager.net shows up two times instead of real appservice names.

      This is a issue where if I want add app services among multiple backend pools say one for read and one for write, there would be no way to…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. Configurable Timeout when route caching is enabled

      Front Door currently has a sendRecvTimeoutSeconds to configure the timeout for backend requests. However as spoken to a Microsoft technician (after raising an Azure ticket), this setting does not apparently apply to when the Front Door routing has caching enabled. If so it defaults to 30 seconds.

      This behaviour is very misleading and should be documented on this page https://docs.microsoft.com/en-us/azure/frontdoor/front-door-troubleshoot-routing#503-response-from-front-door-after-a-few-seconds .

      Furthermore, it is a huge downside to using Front Door if caching routes timeout within 30 seconds and this is not configurable.

      The Microsoft technician mentioned this issue is being addressed, however can we expect this to be available?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Front door t-msedge.net add ipv6 to auth nameservers.

      Front door cname domain fails to load in a IPv6 only scenario, since the auth nameservers for domain t-msedge.net is IPv4 only. Please add IPv6 to those nameservers ASAP.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    17. Support Condition element in Front Door ARM Templates

      The condition element allows more general purpose templates to be authored, for example a single template that supports parameterising whether a custom front end is created. Currently when trying to use the Condition element on the Front End Endpoint as per the ARM snippet below the following error is received

      Template deployment returned the following errors:
      12:40:27 - 12:40:26 PM - Resource Microsoft.Network/frontdoors 'fd-uks-########-01' failed with message '{
      12:40:27 - "error": {
      12:40:27 - "code": "InvalidResource",
      12:40:27 - "message": "The property 'condition' does not exist on type 'Microsoft.Azure.FrontDoor.Models.DeepCreatedResource_1OfFrontdoorFrontendEndpoint'. Make sure to only use property names that are defined by the…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    18. Fallback to secondary region of RA-GRS storage endpoints for AzureFD

      With a storage account configured with RA-GRS. It would be nice that if Azure FD is using a backend point to a storage account it would use primary endpoint as Priority 1 and for the secondary endpoint be used as Priority 2, currently this needs configured manually with 'Custom Host' type

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    19. 2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    20. Log the violating field for Azure Frontdoor WAF logs

      Azure Front Door WAF logs currently indicate the violated rule name (ruleName_s) but it does not include the field (cookie name, query parameter name, etc) that was responsible for the action being invoked.

      This makes investigating false positives difficult.

      From what I can see in the Application Gateway documentation, its WAF looks like it does give you information about the details of the violation:
      https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-troubleshoot

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base