Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. 16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    2. To have the possibility to set radius timeout on the VPN gateway point to site confguration

      When using the new radius authentication feature on Azure VPN Gateway it would be nice to be able to control the timeout to the radius server. This would make the usage of Azure MFA for VPN authentication possible. (IT works now if users are very fast at answering the phone)

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    3. Add DHCP address Pool options to the Point-to-Site VPN

      When I connect to the P2S vpn I need to be able to set an an address pool. Right now when I connect there is nothing to determine the addressing besides defining a subnetmask. However the addresssing starts at (0) so when I connect to the VPN I will be assigned example 192.168.1.0 as my IP address. I am able to connect to the Azure Network Gateway, But I am not able to connect to any Site-2-Site connections I have connected to Azure.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    4. provide diagnostic ability in Azure Resource Manager VPN tunnels

      The PowerShell command that is used in the classic "ASM" VPN troubleshooting is not compatible with the new Azure Resource Manager VPN tunnels. This makes it very difficult to troubleshoot VPN problems.

      The newest Azure PowerShell doesn't provide any start-azureRMvirtualnetworkgatewaydiagnostics like the old azure services manager did.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    5. Ability to specify two RADIUS servers

      Ability to specify two or more radius servers in the P2S config for Azure VPN. Round robin by default if one fails.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    6. WireGuard VPN protocol in Azure VPN PaaS

      Add WireGuard as a VPN protocol in the Azure VPN PaaS offering.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    7. peering

      Allow VPN connection to transit between multiple levels of peering

      To allow for hub-spoke-hub architecture described here: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/shared-services

      and allow the VPN connection to be shared through to lower level hubs.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    8. VPN Show configuration

      Ability to see COMPLETE configuration of the VPN connection. See all the parameters of Phase 1 and 2, hash and encryption algorithms, PFS, DPD, SA, etc.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    9. VPN Debug

      Ability to execute a debug on the VPN Azure (Conecction - Local Network Gateway) and be able to see the logs in real time of traffic between the peers of vpn. For example, why a phase 1 or 2 is failing, why encryption domain matches or not, etc. Like a VPN onpremise do. Talking to the azure support team, they tell us that there is currently a way to do it, but only is allowed for the support team, not for azure users. Which makes losing a lot of time lifting a ticket, just to see a debug.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    10. Gateway upgrade notification

      As per my understanding Azure does notify the customer on few of the events like a storage maintenance or a VM maintenance, etc but the gateway is not in the list as of now.

      It would have been nice if Azure notified the stakeholders before such a gateway upgrade was due to occur in advance. Alternatively if that wasn’t possible, then at the very least the stakeholders should be notified that their Site2Site VPN tunnel is down post upgrade.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thank you for your feedback. Alerting for gateway connectivity is a common ask, so it is on our roadmap.
      As of now, you can check connection status of your tunnel via the PowerShell cmdlet Get-AzureRmVirtualNetworkGatewayConnection.

      Thanks,
      Bridget [MSFT]

    11. Allow special chartacters in the pre-shared key for IPSec VPN tunnels

      Allow special chartacters in the pre-shared key for IPSec VPN tunnels

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    12. Azure VPN gateway config needs to provide more control over the VPN client settings.

      The standard Windows 10 VPN native client has some important features such as preventing split tunnel that are not accessible for the client that gets downloaded when I set up the VPN using the Azure VPN GW. For instance, for compliance with NIST 800-53 we MUST disable split tunnel. That is possible with other/physical VPN gateways but not with the Azure VPN gateway. We need this feature to allow us to be compliant.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    13. Allow GRE packets in Azure virtual networks for the purpose of configuring a PPTP VPN within an Azure VM

      This is to allow those who do not have access to on premises devices to be able to connect to the on premises VPN using the credentials that where provided to them. In my case site-to-site, point-to-site and other VPN connection methods offered by Azure are inadequate as they require installing or configuring something on site and I do not have access to any of the on premises resources.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    14. List the private IP address of a virtual network gateway

      Show the private IP address of a virtual network gateway in the "Connected devices" blade.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Hi,

      Currently, the gateway private IP addresses are not required for configurations or operations, other than the GatewaySubnet range. They should have been hidden from users. The gateway resource model does not have a field for those either.

      There may be use cases for new features down the road. We will update the gateway resource model accordingly and expose those properly.

      Thanks,
      Yushun [MSFT]

    15. Allow Multiple VNETs in a Gateway

      It would be great to be able to have three (or more) regions participating in a VNET. Currently you can deploy a multi-region, multi-subnet architecture using VNETs and their gateways by pointing them at one another with site-to-site. However, if you want to add a third region into that mix, it's not possible with the way Azure infrastructure is right now.

      The use case is AlwaysOn Availability Groups. Right now, I could, say, have East US and West US creating a geographically dispersed solution. However, when it comes to where to put the file share witness, it has to go…

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    16. Azure VPN gateway should support Azure PaaS service

      Currently, Azure VPN gateway only support IaaS service, like Azure VM. We hope Azure VPN gateway can support PaaS service in near future. So that user can connect to PaaS service with its private address via VPN.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    17. provide troubleshooting features to VPN gateways

      Until Microsoft improves the Azure VPN technology, it would be good and sometimes necessary to provide some VPN troubleshooting tools on the Azure side. The local side logs sometimes are not enough and it gets very difficult to understand the reason of tunnel outages. This feature will also be definitely useful once the Azure VPN technology will be completely stable and reliable, in order to analyse traffic and build monitoring based on it.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    18. Create a windows service on the client to insert route tables for P2S client

      Please improve the p2s client so that a windows service with admin rights will insert the route tables. We could then deploy this without the user requiring admin rights.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    19. Support CIDR in Point to Site Networking (RFC1918 bug)

      Azure forces clients to have a class A default route when using 10.x.x.x as their internal network. This should reflect the subnet mask illustrated in the portal

      More information:

      http://serverfault.com/q/818383/51457

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    20. Allow Azure Basic VPN Gateway to connect from OpenVPN client

      Allow Azure Basic VPN Gateway to connect from OpenVPN client

      If deploy VPN Gateway and follow this instruccions [1], Azure Powershells shows this error:

      Set-AzureRMVirtualNetworkGateway: Vpn Client protocol OpenVPN is not supported for basic Sku Gateway [..]

      [1] https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Don't see your idea?

    Feedback and Knowledge Base