Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Issues with IKEv1

      Fix issues with using IKEv1 on Standard+ Gateways.
      Currently (North EU) You are getting Bad request picking IKEv1 in both AzurePS and webGUI.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. VPN Gateway Issues Certificates

      VPN Gateway(P2S) must have the ability to issue certificates (root, client).
      In my case, there is a customer who uses VPN GW certificate authentication to authenticate the source device.
      There are cases where a customer does not have a CA station. In that case, the customer will need a CA station just to connect to the VPN GW.Alibaba's VPN GW has the ability to issue certificates.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. WireGuard VPN protocol in Azure VPN PaaS

      Add WireGuard as a VPN protocol in the Azure VPN PaaS offering.

      94 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Enable AAD group restriction for AAD authenticated P2S VPN

      Using Azure AD to authenticate against P2S VPN is handy but opens it up to all (member) users in the tenant.

      You should be able to further restrict VPN access via Azure AD group membership or similar.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. VPN connection

      Dear Azure team,

      It is not recommended to allow the complete vnet on the client side VPN devices. Our requirements is to restrict the communication to only small subnets. Please check the possibilities of restricting the access to small subnet instead of the whole vnet.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. S2S VPN Connection Status shows Connected even though phase 2 negotiation has failed

      When viewing the connectionStatus (whether through the portal, CLI, or PS), the value shows "Connected" even though the tunnel is not fully connected. For example if phase 1 completes and phase 2 does not (during initial tunnel negotiation with the remote firewall). The only real indicator is that the "Data out" shows zero bytes for the connection. There is data in, however. This equates to encaps but no decaps in network lingo.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Allow GRE packets in Azure virtual networks for the purpose of configuring a PPTP VPN within an Azure VM

      This is to allow those who do not have access to on premises devices to be able to connect to the on premises VPN using the credentials that where provided to them. In my case site-to-site, point-to-site and other VPN connection methods offered by Azure are inadequate as they require installing or configuring something on site and I do not have access to any of the on premises resources.

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. vpn point to site static

      Requesting the ability to set a static IP for a point-to-site vpn client. Currently the addressing is auto/random from a vpn pool. Would like the ability to strap that. Specifically for the OpenVPN peering - but all of the point to site peering options can benefit from this.

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Can we please update this document on P2S for catalina MAC OS versions:

      can we please update this document on P2S for catalina MAC OS versions:

      We figured out a "solution", but it's somewhat confusing, as it requires you to set the authentication to "None":


      • Open Network Preferences


      • Select the VPN


      • Click "Authentication Settings..."


      • Switch the type to "None"


      • Select the "Certificate" radio button


      • If needed, click "Select" and choose the correct certificate.


      • Click "Okay"


      • Click "Apply"


      The VPN should now work as it did before. Not sure what the implications are for switching the Authentication type from "certificate" to "None" though

      https://social.msdn.microsoft.com/Forums/en-US/ed4b9407-5a6a-4155-bc94-7353bc76296d/macos-catalina-ikev2-vpn-client-to-azure-vpn-gateway-incompatibility?forum=WAVirtualMachinesVirtualNetwork

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Improve user experience for BGP Route Advertisement Limit from Azure

      There is currently an internal Azure hard limit of 200 on BGP routes advertised over a connection from an Azure virtual network. When exceeded Azure drops all routes and connectivity for the entire virtual network until the route limit falls back below 200. No error is produced and there is no simple way to query how close a connection is to this route limit.

      Any virtual network update that would result in exceeding the route limit should throw an error and there should be a way to easily determine your current route count per connection (rest/cli and portal).

      In addition,…

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Second Loopback IP for BGP Peering

      Is there a way we can add another second loopback IP for the BGP peering to the local network gateway? The reason is that we have 2 VPN headend routers they both share the VPN facing IP address using HSRP VIP to terminate the tunnels. Both routers have different loopback interface IP and cannot share that. It is only the active router is where the VPNs are terminated and BGP is established thru it. However if we failover to the secondary, yes VPN will be established but BGP will not. So in this case, a manual IP address change on…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. VPN Debug

      Ability to execute a debug on the VPN Azure (Conecction - Local Network Gateway) and be able to see the logs in real time of traffic between the peers of vpn. For example, why a phase 1 or 2 is failing, why encryption domain matches or not, etc. Like a VPN onpremise do. Talking to the azure support team, they tell us that there is currently a way to do it, but only is allowed for the support team, not for azure users. Which makes losing a lot of time lifting a ticket, just to see a debug.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. VPN Gateway with full feature set ala Basic tier

      I have several small deployments requesting small VPN gateway with full feature set, like P2S IkeV2 connectivity etc. But we need small size of Azure VPN and price similar to Basic tier

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Rename GatewaySubnet

      Many business are required to adhere to strict naming conventions for their cloud infrastructure. Currently, users are not allowed to change the name of the VPN/ExpressRoute Gateway Subnet from the default "GatewaySubnet". This forces users to deviate from their subnet naming convention. Please add the ability for users to customize the name of the GatewaySubnet.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Solution to Site to Site VPN with dynamic addressing in onpremises site perhaps DynDNS

      olution to Site to Site VPN with dynamic addressing in onpremises site perhaps DynDNS

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Enable Auto-Reconnect for Point to Site Azure VPN connections

      I have not seen this exact suggestion prior so am adding what would be helpful for our users. Currently, when they connect remotely to a Shared Drive hosted on an Azure VM if the Network Gateway RAM hits peak utilization, or if the local users internet becomes interment they are kicked off the VPN connection and required to go back and connect all over again.

      This is a horrible customer experience.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. VPN Show configuration

      Ability to see COMPLETE configuration of the VPN connection. See all the parameters of Phase 1 and 2, hash and encryption algorithms, PFS, DPD, SA, etc.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Access to Azure SQL data base (PaaS) through P2S VPN

      I have a Customer that would like to know if this feature will be available at any time. He wants to have access to unmanaged Azure SQL database PaaS from P2S VPN

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Azure VPN gateway config needs to provide more control over the VPN client settings.

      The standard Windows 10 VPN native client has some important features such as preventing split tunnel that are not accessible for the client that gets downloaded when I set up the VPN using the Azure VPN GW. For instance, for compliance with NIST 800-53 we MUST disable split tunnel. That is possible with other/physical VPN gateways but not with the Azure VPN gateway. We need this feature to allow us to be compliant.

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Cisco Meraki - 15x Code - IKEv2 - Certify Device on Azure List

      With Cisco Meraki's MX code release of 15.x, IKEv2 is now supported - Can we get the Cisco Meraki MX as certified for an Azure VPN Device?

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    • Don't see your idea?

    Feedback and Knowledge Base