Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. The bgp peer ip configured on the local gateway is advertised back to the site router via the tunnel

      Azure BGP implementation advertises a route to on-premises BGP peer IP back to the on-premises network via Azure! This should have been filtered on Azure side.

      B 10.255.254.6/32 [20/0] via 10.16.1.4, 00:03:47
      via 10.16.1.5, 00:03:47

      10.255.254.6/32 is the loopback IP address on my VPN device.
      10.16.1.4 and 10.16.1.5 are the BGP IP addresses on Azure VNET.

      Ref. case: 119060721002544

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Allow custom firewall on VPN GateWay interfaces

      At this time, a firewall on these public interfaces is not manageable. When conducting security evaluations, we have to specify an exception to our security policy because of the lack of control. I would like the ability to specify the TLS level and limit inbound IP addresses and ports

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    3. Increase the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      I am dealing with a very complex client network environment, which is managed by their vendor.

      The current route advertisement limit is severely impacting the works that we need to perform through to, and within the client's network.

      I would like to request, and strongly suggest for an increase in the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      Please also refer to the case reference number 119051322001294.

      Thank you.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    4. Increase the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      I am dealing with a very complex client network environment, which is managed by their vendor.

      The current route advertisement limit is severely impacting the works that we need to perform through to, and within the client's network.

      I would like to request, and strongly suggest for an increase in the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      Please also refer to the case reference number 119051322001294.

      Thank you.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. Even smaller "Dev" size of Virtual Network Gateway

      While the ability to set up a site-to-site tunnel between my local network and an Azure virtual network is a very great convenience, it's also quite the expensive convenience for the single-developer business. (If you have a VS Professional subscription, for example, you'll burn almost all of your included Azure credit on this alone.) This may be partly solved, at the cost of some overhead, by this request:

      https://feedback.azure.com/forums/217313-networking/suggestions/6169157-stop-start-virtual-network-gateway-to-don-t-pay

      ...but my first observation is that even the "Basic" size of VPN gateway is far more, at 100 Mbps and 10 S2S tunnels, than I actually require.

      How about a cut-down…

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    6. Cisco Meraki - 15x Code - IKEv2 - Certify Device on Azure List

      With Cisco Meraki's MX code release of 15.x, IKEv2 is now supported - Can we get the Cisco Meraki MX as certified for an Azure VPN Device?

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    7. BGP password

      We would like to be able to set a BGP password for peering between VNG and on-prem.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow GRE packets in Azure virtual networks for the purpose of configuring a PPTP VPN within an Azure VM

      This is to allow those who do not have access to on premises devices to be able to connect to the on premises VPN using the credentials that where provided to them. In my case site-to-site, point-to-site and other VPN connection methods offered by Azure are inadequate as they require installing or configuring something on site and I do not have access to any of the on premises resources.

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Fix the traffic selector of Basic VPN Gateway

      On the Azure side, on a Basic VPN S2S VPN Gateway, the VPN gateway is always configuring a traffic selector of 0.0.0.0/0 not taking into consideration the configured on premises address ranges. This is by design and makes the basic gateway a non usable product.
      If you want split tunneling you are forced to an advanced gateway, with Policy Based Traffic Selectors, even if you only are establishing one single tunnel.
      More info on case 119020925000183

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Document for active-active S2S VPN with Forced Tunneling

      We would like you to add documentation for forced tunneling with Act-Act S2S VPN connection.
      Azure can create above structure with BGP default route advertisement from on-premises, however there is no documentation about this.
      We confirmed there are below documentation for Act-Act S2S VPN and for configuration of forced tunneling with VPN connection.

      Configure forced tunneling using the Azure Resource Manager deployment model
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm#configure-forced-tunneling>

      Configure active-active S2S VPN connections with Azure VPN Gateways
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell>

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. VPN connection monitoring

      Need a solution to monitor the Azure VPN connection status. Currently no option is available in the metric/log analytics to alert the status of VPN connection failure. When will be the feature available in portal to create such monitoring rule in Azure native monitoring?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. WireGuard VPN protocol in Azure VPN PaaS

      Add WireGuard as a VPN protocol in the Azure VPN PaaS offering.

      42 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Azure VPN gateway should support Azure PaaS service

      Currently, Azure VPN gateway only support IaaS service, like Azure VM. We hope Azure VPN gateway can support PaaS service in near future. So that user can connect to PaaS service with its private address via VPN.

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Site to Site VPN tunnels should allow using DNS Host names, not just IP address

      Currently, if you configure a site to site IPsec tunnel Azure will only let you input a public IP address. Many sites firewall receive private IP address's from ISP equipment and receive Dynamic public address. This

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Support Point-to-Site auto-reconnect and DDNS on VPN clients

      We would appreciate support for auto-reconnect and DDNS. Ref:

      https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-
      about#does-point-to-site-support-auto-reconnect-and-ddns-on-the-vpn-clients


      1. Our Windows 10 ent. clients are not able to update DNS records via P2S VPN to our domain in Azure.


      2. P2S VPN is not auto-reconnecting if connection drops. We are looking for a forced / always-on VPN. If connection drops, or user manually disconnect, we want the P2S to automatically re-connect.


      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Point-to-site configuration for VNet gateway should provide some common addresses

      When setting up Virtual Network gateway with App Service which will connect to a VM (common use case) please provide options for address space that user can select for Point-to-Site Configuration. Currently, this is blank and would really help if you don't know the hard-coded ip address blocks that are required to make this work.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Allow Service Endpoints on GatewaySubnets for P2S VPN Clients

      You should allow P2S clients to leverage the VPN gateway to connect directly to Azure SQL and other service endpoints through the backbone. This avoids having to maintain and update database firewall rules as users move to different locations. In fact, I deployed a VPN gateway into a testing subscription and was able to get this to work. I worked with support and was advised this was a deployment fluke. In my testing, it worked consistently and I had no issues. It used the service endpoints to connect, though I did have to modify the vpn client and add a…

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow traffic across a VPN for management and utilization of the Azure DB SaaS (SQL) solution.

      I found many who would like this functionality, to be able to manage the SQL SaaS in Azure through a VPN connected VNet and associated service endpoint on the VNet. Allow what is being described as not available currently below, via a support ticket submitted to Microsoft:

      With Azure SQL Database being a public endpoint and not existing within a Subnet the overall NAT’ing process of traffic from the Azure SQL DB back to the on prem clients is not possible across a VPN. The only method is what was described which is to use some form of jumpbox inside…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Azure VPN gateway config needs to provide more control over the VPN client settings.

      The standard Windows 10 VPN native client has some important features such as preventing split tunnel that are not accessible for the client that gets downloaded when I set up the VPN using the Azure VPN GW. For instance, for compliance with NIST 800-53 we MUST disable split tunnel. That is possible with other/physical VPN gateways but not with the Azure VPN gateway. We need this feature to allow us to be compliant.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Improve Point-to-Site VPN to support Windows 10 (2015 LSTB)

      We can't configure Point-to-Site VPN from Windows 10 (2015 LSTB) endpoint even when we apply the latest hotfix to the Windows 10 (2015 LSTB) endpoint.
      The error is 812 (The connection was prevented because of a policy configured on your RAS/VPN server).

      It would be great if we could configure Point-to-Site VPN from Windows 10 (2015 LSTB) endpoint.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base