Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow Static Public IP's on Virtual Network Gateways

      Static Public IP's cannot be used with Virtual Network Gateways. This can potentially be very problematic if a Virtual Network Gateway ever needs to be re-created or re-provisioned.

      Example: what if we have 30 separate tunnels to a Virtual Network Gateway and it needs to be re-created or re-provisioned? This would result in a new Public IP being provisioned (takes about 30-40 minutes - of downtime!) which would require 30 remote VPN Administrators to be engaged to rebuild their side of the tunnel. This could be easily resolved by allowing Static Public IP's to be associated with Virtual Network Gateways.

      99 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Gateway upgrade notification

      As per my understanding Azure does notify the customer on few of the events like a storage maintenance or a VM maintenance, etc but the gateway is not in the list as of now.

      It would have been nice if Azure notified the stakeholders before such a gateway upgrade was due to occur in advance. Alternatively if that wasn’t possible, then at the very least the stakeholders should be notified that their Site2Site VPN tunnel is down post upgrade.

      54 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for your feedback. Alerting for gateway connectivity is a common ask, so it is on our roadmap.
      As of now, you can check connection status of your tunnel via the PowerShell cmdlet Get-AzureRmVirtualNetworkGatewayConnection.

      Thanks,
      Bridget [MSFT]

    3. Point-to-site VPN authentication logging

      When a client has their VMs inside VNets, and those VMs are not exposed to Internet, the only option to get to them is P2S VPN. But it uses certificates for authentication (which is not a good idea either). What's worse (!), there NO LOGGING!!! I mean, come on Azure team! This is like a security whole. No one knows who, when and from where got inside a perimeter??? This shouldn't even be here, this should be done from the very beginning.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. 82 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. provide troubleshooting features to VPN gateways

      Until Microsoft improves the Azure VPN technology, it would be good and sometimes necessary to provide some VPN troubleshooting tools on the Azure side. The local side logs sometimes are not enough and it gets very difficult to understand the reason of tunnel outages. This feature will also be definitely useful once the Azure VPN technology will be completely stable and reliable, in order to analyse traffic and build monitoring based on it.

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow non Administrators to run Azure P2S VPN client

      We would like to have the possibility to allow users who are not members of the local "Administrators" group of workstations to connect to the VPN, without having the need to give them those privileges.

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. user account for Azure P2S VPN

      Right now Azure point-to-site VPN client only using a client certificate for all users to access the Azure point-to-site VPN. For security standpoint, this is really not a good practice. It will be nice if we can have a configuration like other VPN clients, which we can create user credentials (username & password) to connect to Azure network via point-to-site VPN without using a client certificate. This way, we can secure the connection if someone leaves our company without having to recreate the root/client certificate for all users again.

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Provide azure P2S VPN client for Linux

      We need to have azure P2S VPN client for Linux machines, currently it is available only for windows. When managing a large set of VMs running in linux, we prefer using Linux control machine, and we currently don't have option to use P2S VPN setup in li nux. Im sure this feature will help lot of projects in linux taking advantage of Azure migratons

      30 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Improve VPN gateways performances and limits

      Using VPN to connect sites to Azure is great. But we are rapidly hitting the gateways limits:
      - One gateway per VNet
      - A max of 30 Tunnels per gateway (10 and 20 for standard)
      - A max of 200 Mb/s per gateway (shared by all VPNs)

      Today, not all regions and customers can afford 'ExpressRoute' to get more bandwidth and scalability. So why this 'very limited' options.

      86 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Stop/Start Virtual Network Gateway - to don't pay when it not in use

      There are two charges related to the Azure VPN service: the compute resource charge at $0.05/hour, and the egress data volume charge. Both are based on resource consumption, Unfortunately, even if the VPN tunnels are not connected, the gateway compute resource is still being consumed and will cost ~$38 monthly!

      This is not really "Pay only for what you use".

      Need functionality to “STOP” (and of course "START") a gateway if the customer is certain that the gateway will not be in use.

      2,275 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      122 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Add DHCP address Pool options to the Point-to-Site VPN

      When I connect to the P2S vpn I need to be able to set an an address pool. Right now when I connect there is nothing to determine the addressing besides defining a subnetmask. However the addresssing starts at (0) so when I connect to the VPN I will be assigned example 192.168.1.0 as my IP address. I am able to connect to the Azure Network Gateway, But I am not able to connect to any Site-2-Site connections I have connected to Azure.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Use P2S VPN connection as default gateway (like standard VPN)

      P2S connection is working fine and I can access VMs on VNET.

      It would good to have feature if you enable [Use default gateway on remote network] that you can browse internet and it looks like you are coming from Azure network if you visit some site.
      Something like proxpn, purevpn and similar services.

      192 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Hi,

      This suggestion has two parts:

      1. Use default route or forced tunneling on P2S client rather than split tunneling
      2. Enable Azure VPN gateway as an forward proxy to the Internet

      At this point, these will be considered as long term roadmap items.

      Thanks,
      Yushun [MSFT]

    13. Point-to-Site VPN DNS issue

      After connecting the VPN client on windows 10 machine, I faced two differences in communication:

      When I connected through WiFi, I am able to communicate Azure VNET.
      But When I connected through Ethernet cable, I am unable to communicate to Azure VNET.

      This is because of traffic route, which change according to Metric value of the Network Adapter. So by changing this metric value to 100 for ipv4 and ipv6, I am able to communicate to Azure VNET from Ethernet connection.

      But, it's not the reliable way to change it for each machine Ethernet adapter. So, "I am expecting the…

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Provide multi-factor authentication capabilities in VPN client

      The ask is pretty self-explanatory.

      We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.

      Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.

      For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.

      306 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      17 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. 328 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. 16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. We need a way to Monitor the S2S VPN Policy Based Its Health & If Connection Breaks we should get notify I checked Network Watcher but

      We need a way to Monitor the S2S VPN Policy Based Its Health & If Connection Breaks we should get notify I checked Network Watcher but its not Supported for Policy Based VPN.

      From SCOM also there is no information how to Monitor Azure S2S VPN

      Can some suggest

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. BGP Peering IP modification on different subnet

      Hey,
      For business purpose, we wanna offer an idea of selecting peering IP from non-GW subnet while using Azure VPN BGP. this IP was currnetly allocated from ge subnet. but we wanna change to specific IP . let's say our address space range is 10.0.0.0/16, but our GW subnet is 10.0.0.0/24, Peering IP is 10.0.0.254. but one of subnet is 10.13.100.70/28, we wanna change peering IP to 10.13.100.70. but this is impossible, could we make some changes in further?

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Need for RBAC permission specialized for "Local Network Gateway".

      At the moment, we do not have a permission specialized for RBAC.

      As its background, we want to limit the amount of the permission which we assign to our user.
      Since there are too many permissions when we add "Microsoft.Network/*", our user needs a permission specialized for Local Network Gateway.

      We can set following permissions (Actions and NotActions) by setting up the NotActions listed below.
      However, in order to avoid unexpected permissions when a new feature is released, could you kindly add specialized Local Network Gateway permission?

      [Japanese]
      RBAC の権限として、ローカル ネットワーク ゲートウェイに特化したものがありません。

      各ユーザーに対して、必要最小限の権限のみを与えたいと考えていますが、
      "Microsoft.Network/*" を付与する方法では付与される権限が多すぎるため
      ローカル ネットワーク ゲートウェイに特化した権限を必要としています。

      以下のように NotActions…

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. The P2S VPN with one operation

      We hope that the P2S VPN can connect to VNET with one operation. the P2S VPN opens special window when trying to connect VPN. we want to easy operation for the P2S VPN without the operation for special window. We are glad if you please consider.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base