Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. BGP password

      We would like to be able to set a BGP password for peering between VNG and on-prem.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Allow GRE packets in Azure virtual networks for the purpose of configuring a PPTP VPN within an Azure VM

      This is to allow those who do not have access to on premises devices to be able to connect to the on premises VPN using the credentials that where provided to them. In my case site-to-site, point-to-site and other VPN connection methods offered by Azure are inadequate as they require installing or configuring something on site and I do not have access to any of the on premises resources.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Fix the traffic selector of Basic VPN Gateway

      On the Azure side, on a Basic VPN S2S VPN Gateway, the VPN gateway is always configuring a traffic selector of 0.0.0.0/0 not taking into consideration the configured on premises address ranges. This is by design and makes the basic gateway a non usable product.
      If you want split tunneling you are forced to an advanced gateway, with Policy Based Traffic Selectors, even if you only are establishing one single tunnel.
      More info on case 119020925000183

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Document for active-active S2S VPN with Forced Tunneling

      We would like you to add documentation for forced tunneling with Act-Act S2S VPN connection.
      Azure can create above structure with BGP default route advertisement from on-premises, however there is no documentation about this.
      We confirmed there are below documentation for Act-Act S2S VPN and for configuration of forced tunneling with VPN connection.

      Configure forced tunneling using the Azure Resource Manager deployment model
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm#configure-forced-tunneling>

      Configure active-active S2S VPN connections with Azure VPN Gateways
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell>

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. VPN connection monitoring

      Need a solution to monitor the Azure VPN connection status. Currently no option is available in the metric/log analytics to alert the status of VPN connection failure. When will be the feature available in portal to create such monitoring rule in Azure native monitoring?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. WireGuard VPN protocol in Azure VPN PaaS

      Add WireGuard as a VPN protocol in the Azure VPN PaaS offering.

      17 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Azure VPN gateway should support Azure PaaS service

      Currently, Azure VPN gateway only support IaaS service, like Azure VM. We hope Azure VPN gateway can support PaaS service in near future. So that user can connect to PaaS service with its private address via VPN.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Site to Site VPN tunnels should allow using DNS Host names, not just IP address

      Currently, if you configure a site to site IPsec tunnel Azure will only let you input a public IP address. Many sites firewall receive private IP address's from ISP equipment and receive Dynamic public address. This

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Support Point-to-Site auto-reconnect and DDNS on VPN clients

      We would appreciate support for auto-reconnect and DDNS. Ref:

      https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-
      about#does-point-to-site-support-auto-reconnect-and-ddns-on-the-vpn-clients

      1. Our Windows 10 ent. clients are not able to update DNS records via P2S VPN to our domain in Azure.

      2. P2S VPN is not auto-reconnecting if connection drops. We are looking for a forced / always-on VPN. If connection drops, or user manually disconnect, we want the P2S to automatically re-connect.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Point-to-site configuration for VNet gateway should provide some common addresses

      When setting up Virtual Network gateway with App Service which will connect to a VM (common use case) please provide options for address space that user can select for Point-to-Site Configuration. Currently, this is blank and would really help if you don't know the hard-coded ip address blocks that are required to make this work.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Allow Service Endpoints on GatewaySubnets for P2S VPN Clients

      You should allow P2S clients to leverage the VPN gateway to connect directly to Azure SQL and other service endpoints through the backbone. This avoids having to maintain and update database firewall rules as users move to different locations. In fact, I deployed a VPN gateway into a testing subscription and was able to get this to work. I worked with support and was advised this was a deployment fluke. In my testing, it worked consistently and I had no issues. It used the service endpoints to connect, though I did have to modify the vpn client and add a…

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow traffic across a VPN for management and utilization of the Azure DB SaaS (SQL) solution.

      I found many who would like this functionality, to be able to manage the SQL SaaS in Azure through a VPN connected VNet and associated service endpoint on the VNet. Allow what is being described as not available currently below, via a support ticket submitted to Microsoft:

      With Azure SQL Database being a public endpoint and not existing within a Subnet the overall NAT’ing process of traffic from the Azure SQL DB back to the on prem clients is not possible across a VPN. The only method is what was described which is to use some form of jumpbox inside…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Azure VPN gateway config needs to provide more control over the VPN client settings.

      The standard Windows 10 VPN native client has some important features such as preventing split tunnel that are not accessible for the client that gets downloaded when I set up the VPN using the Azure VPN GW. For instance, for compliance with NIST 800-53 we MUST disable split tunnel. That is possible with other/physical VPN gateways but not with the Azure VPN gateway. We need this feature to allow us to be compliant.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Improve Point-to-Site VPN to support Windows 10 (2015 LSTB)

      We can't configure Point-to-Site VPN from Windows 10 (2015 LSTB) endpoint even when we apply the latest hotfix to the Windows 10 (2015 LSTB) endpoint.
      The error is 812 (The connection was prevented because of a policy configured on your RAS/VPN server).

      It would be great if we could configure Point-to-Site VPN from Windows 10 (2015 LSTB) endpoint.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. peering

      Allow VPN connection to transit between multiple levels of peering

      To allow for hub-spoke-hub architecture described here: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/shared-services

      and allow the VPN connection to be shared through to lower level hubs.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. there should be S2S tunnel continuous monitoring feature.

      there should be S2S tunnel continuous monitoring feature. As we have established more than 5 tunnel but there is no automation available currently, we have to rely on manual network watcher.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Site to site VPN passwords are not able to hide. Its showing in pleain text. Please help us ASAP.

      Site to site VPN passwords are not able to hide. Its showing in pleain text. Please help us ASAP.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Enable support for RADIUS authentication when VpnClientProtocol set to OpenVPN

      It appears that the recent public preview of OpenVPN protocol for P2S only supports Certificate Authentication. We would like to continue to use RADIUS authentication for our P2S clients.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. VPN Gateway Fail Over

      Requesting a DR feature for VPN Gateways to provide better recovery from datacenter disasters.

      We plan to have dozens of VPN Gateways to a specific data center. In a disaster scenario we need a way for these gateways to fail over to a backup region where our VMs will fail to.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base