Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. 4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    2. azure application security groups

      Please allow to add any resource to application security groups not only virtual machines. Maybe this is possible, but documentation only references vms.
      Maybe allow to add AD registered apps, managed identities.
      Maybe allow to add resource groups to ASG that covers all resources in that rg. This wil allow all resources in a rg to access resources in another rg.
      Basically it should be easy to add resources to groups as you would users in AD.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    3. Could we add service tag about specific country like Singapore for Network Security Group?

      Could we add service tag about specific country like Singapore for Network Security Group?

      We have some service tag for NSG like internet/ Virtual network.
      Since we have some feedback that customer need allow/block traffic from specific country for security reason.

      Please advise.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    4. Introduce managed SSL for Microsoft Azure

      This should be the accepted standard for secure Internet communications. Not sure why Microsoft refuses to commit to this after so many customer requests. Instead, charging customers high prices to communicate securely continues. Google Cloud has already implemented this feature.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    5. Predefined Access Rules for Every Region

      Microsoft Azure should have predefined access rules for every region.
      For example, if someone wants to block traffic for every region except only one, should choose to allow for the specific one and add block rule for every other region.
      That would be good for DDos attacks

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    6. Can we add GEO service tag in NSG?

      Some customer need this feature since they wanted to quickly whitelist/blacklist request from given geographic region. Please consider to add this feature in future.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    7. Application Security Groups, Service Tags, and Augmented security rules in Gov

      Application Security Groups, Service Tags, and Augmented security rules (public preview) would be great additions to managing networks security in Azure Government. NSG's are good, but a complex application can quickly increase the number NSG rules and potentially reach limits fast. These three features would be really REALLY nice.

      https://azure.microsoft.com/en-us/updates/public-preview-features-for-nsgs/

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    8. accsess restrictions to azure service

      In Web App add a option to allow services like Azure Front Door e deny any other IPs.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    9. NSG Flow log segregation for application gateway.

      Currently, NSG flow logs are segregated by MAC address. This is an issue when trying to track access to Application Gateway using NSG Flow logs.

      Although access logging for Application Gateway is a feature that can be used for this, we would still like to know what the NSG is blocking/allowing to our application gateway as well.

      Currently, MAC addresses for Application gateway cannot be obtained, so it is difficult to track down the correct NSG flow log when you have several application gateways behind an NSG.

      Please change the NSG flow logging to segregate the application gateway traffic in…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    10. Add ServiceTags for login.microsoft.com and arm api endpoint in NSG

      Kubernetes requires access to the different endpoint to perform automation.

      We also need to restrict internet access with an outbound rule. It would be best if we could configured the NSG to prevent internet access while keeping the access to the internal Azure endpoints.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    11. Improved audit when NSG is removed/added to a subnet

      When an NSG is associated or removed from a subnet I only see "Microsoft.Network/virtualNetworks/subnets/write" in the audit log. It is not clear whether this is a NSG which has been removed or some other activity like additon or removal of a route table on the subnet. It would be useful to see what actually happened for auditing purposes.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    12. apply filter ip origen azure in NGS

      apply filter ip origen azure in NGS.
      This option is like "Allow access to Azure services" in "SQL server Azure"

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    13. Named network sets (avoid repeated network rules in every Azure service)

      Both SQL Server and Storage now support firewall for inbound requests, where I can inform authorized IP addresses or virtual networks that have access. It is expected that other Azure services will follow that (Key Vault? Data Lake?).

      The problem is that if I have a subset of services that use same firewall rules, I have to repeat these rules over and over.

      The suggestion is that Azure Network allows definition of a named network set, or simply named network definition, and then in each service I simply inform that name, instead of repeating the rules again,

      This way if…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    14. Add my client ip to allowed list in Inbound NSG

      Please, add "add client ip" button for inbound security rules like we have for sql azure

      Example why/when we need it: I'm it admin, all my deployment in azure(no site/point to site vpn). I want to have a full access to my azure resources for a next 1-2h. Now I can manually add this rule, but I will spend some time to clarify my current client ip. With this button it will be faster.

      Maybe it's sound like keys from kingdom and it's not secured, but I can do it manually anyway. Maybe you could create a temporary inbound rule…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    15. ACLs for restricting access to ClearDB

      I have a cheap titan cleardb database. I'd like to make it only accessible from within Azure and perhaps from a fixed set of whitelisted IPs.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    16. 2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    17. Allow Custom Network Security Group rules based on custom tags

      One of the biggest issue I have with Azure’s interpretation of Security Groups is the inability to apply custom tags to the ruleset. I should be able to filter traffic based on tags I generated for my resources. A good example would be creating a tag on an Azure IaaS VM called “app-x-webserver” and then tagging my Azure SQL Db with “app-x-sqldb”.

      While I know that you can use an Application Security Group for the IaaS part, it’s not supported on PaaS. It also is limited to a specific vNET inside of a single Region. This severely limits the usefulness…

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    18. network security group

      the portal saying NSG updated succeed. But usually it may 1-2 mins until rule taking effect

      it will be better if the status are synchronized between NSG portal and VM VFP applying

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    19. Azure Firewall NAT Rules

      When the UDR assoc the Subnet is not possible connect by RDP from the Internet, or other services exposed in the internet.

      If I could create the NAT Rule on the Azure Firewall I can expose any services in internet and this issue would be resolved.

      thank you so much.

      Best Regards

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    20. Route outbound traffic of a VM attached to a Public IP through Azure firewall

      How do i route outbound traffic of a VM attached to a Public IP through Azure firewall?

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base