Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Either add Point-to-Site SSTP VPN clients for Mac/Linux or enable other connectivity options

      With Azure trying to attract more than just Windows devs, we need to be able to VPN using non-Windows platforms for point-to-site connections.

      1,127 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)

        Thank you for your suggestion, and all of the support it has received. We understand this is a major pain point for a lot of our customers. We are currently working on enabling non-Windows clients to connect to Azure.
        Thanks,
        Bridget [MSFT]

      • allow multi-site VPN's using static gateways

        being restricted to only one VPN when using a static gateway is extremely limiting. This means that once a static VPN has been created between a VNet and a site (i.e. our office) we have no way of connecting the Azure Vnet to another VNet using a different VPN i.e. no multi-site VPN feature if a static gateway has to be used for ANY VPN. This stops any other connectivity into the VNet apart from enpoints and ACL's which is both less secure and messy to manage.

        911 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)

          Folks,

          We will try to slot this work in, but with a caveat – it will require IKEv2, won’t work on IKEv1. So if you are using Cisco ASA, you will likely need to upgrade your firmware to the versions supporting IKEv2. We will publish a doc update once this is done. I have not gone over other policy-based VPN devices to check whether all of those support IKEv2 though.

          Thanks,
          Yushun [MSFT]

        • Stop/Start Virtual Network Gateway - to don't pay when it not in use

          There are two charges related to the Azure VPN service: the compute resource charge at $0.05/hour, and the egress data volume charge. Both are based on resource consumption, Unfortunately, even if the VPN tunnels are not connected, the gateway compute resource is still being consumed and will cost ~$38 monthly!
          This is not really "Pay only for what you use".

          Need functionality to “STOP” (and of course "START") a gateway if the customer is certain that the gateway will not be in use.

          525 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • Site to Site VPN: allow local network range to include Azure VNET range

            I’ve created a virtual network (10.25.0.0/17) that our instances will live in, and created a local network representing CORPNET (10.0.0.0/8). In effect, we’re trying to have the virtual network be a subnet within our larger internal IP block to emulate an internal datacenter. When trying to create the site to site VPN using the local network, I get an error about an address conflict, which seems to be due to the virtual network and local network be overlapping.
            Per MSFT: The local network range cannot include the Azure VNET range. The local network definition(s) are used to establish routes between…

            334 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
            • VPN Gateway monitoring

              It would be great to have monitoring options in the azure portal which would show the bandwidth usage and throughput charts. It would help in figuring out if the 100mbps limit of the standard gateway sku is being hit at peak loads. If the details can be further provided for each individual site-to-site or point-to-site connection then that would be great thing to have. It would help immensely in finding out which connection is hogging the bandwidth the most.

              222 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • Auto-connect for point-to-site VPN.

                When the device is restarted, or internet connectivity is regained, the device automatically connects to the VPN again.

                210 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • Make VPN gateway more configurable

                  We should be able to fully customize the VPN gateway parameters for phase 1 & 2 negotiations:

                  * Specify the pre-shared key
                  * Lifetime values
                  * Encryption
                  * Static IP address that won't change if the gateway is deleted and recreated
                  * etc.

                  185 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • Provide multi-factor authentication capabilities in VPN client

                    The ask is pretty self-explanatory.

                    We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.

                    Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.

                    For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.

                    128 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                    • azure admin should be able to view the virtual network gateway log

                      currently as azure admin i can not see the gateway log when Vnet to Vnet connection is made

                      87 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • blob from azure virtual network

                        As we follow PCI standards, we need to specify all outbound IP addresses from our services.
                        This is a problem with azure services as IP ranges to Microsoft/Azure datacenters can change weekly.
                        We would like to be able to create a site-to-site connection and access our azure resources through an IPSec connection to avoid weekly IP management . As I understand on Azure support, azure virtual network is only available from VMs and not azure services like BLOB storage containers.
                        This is much desired!

                        85 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • 82 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)

                            Thank you for your patience. This is still under review. We are working on other features that are moving us closer to being able to provide these capabilities, but cannot yet dedicate resources to this feature.
                            Thanks,
                            Bridget [MSFT]

                          • Monitor Virtual network Gateway bandwidth

                            We want to monitor the bandwidth usage of Virtual Network Gateway.

                            We all know that the virtual network gateway(VNG) with different sku have different bandwidth limitation. However , we can't monitor the usage or the current status of VNG.

                            75 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                            • Improve VPN gateways performances and limits

                              Using VPN to connect sites to Azure is great. But we are rapidly hitting the gateways limits:
                              - One gateway per VNet
                              - A max of 30 Tunnels per gateway (10 and 20 for standard)
                              - A max of 200 Mb/s per gateway (shared by all VPNs)

                              Today, not all regions and customers can afford 'ExpressRoute' to get more bandwidth and scalability. So why this 'very limited' options.

                              67 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • Point-to-site VPN authentication support for Azure AD

                                Instead of only requiring on a certificate for authentication in Azure VPN Point-to-site solutions, it would be nice if the Azure networking team would consider adding support for username (UPN) and password that is authenticated against either Azure AD or ADFS.

                                39 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                • VPN parameter

                                  IPsec Parameters can be configured.
                                  my host site uses Diffie-Hellman Group group 5 in Phase 1.

                                  32 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                  • Set up a VPN device script Link as present in the Classic Portal

                                    I was setting up the Site to Site in New portal and found the link to download the VPN script wasn't present as in Classic portal. It would be good we have that link in new portal so that we can share that Network admins to setup site-site Connection with on-premise and Azure Vnet

                                    27 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                    • 18 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • Use P2S VPN connection as default gateway (like standard VPN)

                                        P2S connection is working fine and I can access VMs on VNET.

                                        It would good to have feature if you enable [Use default gateway on remote network] that you can browse internet and it looks like you are coming from Azure network if you visit some site.
                                        Something like proxpn, purevpn and similar services.

                                        13 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)

                                          Hi,

                                          This suggestion has two parts:

                                          1. Use default route or forced tunneling on P2S client rather than split tunneling
                                          2. Enable Azure VPN gateway as an forward proxy to the Internet

                                          At this point, these will be considered as long term roadmap items.

                                          Thanks,
                                          Yushun [MSFT]

                                        • 10 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          • provide diagnostic ability in Azure Resource Manager VPN tunnels

                                            The PowerShell command that is used in the classic "ASM" VPN troubleshooting is not compatible with the new Azure Resource Manager VPN tunnels. This makes it very difficult to troubleshoot VPN problems.

                                            The newest Azure PowerShell doesn't provide any start-azureRMvirtualnetworkgatewaydiagnostics like the old azure services manager did.

                                            10 votes
                                            Vote
                                            Sign in
                                            Check!
                                            (thinking…)
                                            Reset
                                            or sign in with
                                            • facebook
                                            • google
                                              Password icon
                                              I agree to the terms of service
                                              Signed in as (Sign out)
                                              You have left! (?) (thinking…)
                                            ← Previous 1
                                            • Don't see your idea?

                                            Feedback and Knowledge Base