Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Gateway upgrade notification

      As per my understanding Azure does notify the customer on few of the events like a storage maintenance or a VM maintenance, etc but the gateway is not in the list as of now.

      It would have been nice if Azure notified the stakeholders before such a gateway upgrade was due to occur in advance. Alternatively if that wasn’t possible, then at the very least the stakeholders should be notified that their Site2Site VPN tunnel is down post upgrade.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for your feedback. Alerting for gateway connectivity is a common ask, so it is on our roadmap.
      As of now, you can check connection status of your tunnel via the PowerShell cmdlet Get-AzureRmVirtualNetworkGatewayConnection.

      Thanks,
      Bridget [MSFT]

    2. provide troubleshooting features to VPN gateways

      Until Microsoft improves the Azure VPN technology, it would be good and sometimes necessary to provide some VPN troubleshooting tools on the Azure side. The local side logs sometimes are not enough and it gets very difficult to understand the reason of tunnel outages. This feature will also be definitely useful once the Azure VPN technology will be completely stable and reliable, in order to analyse traffic and build monitoring based on it.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Set up a VPN device script Link as present in the Classic Portal

      I was setting up the Site to Site in New portal and found the link to download the VPN script wasn't present as in Classic portal. It would be good we have that link in new portal so that we can share that Network admins to setup site-site Connection with on-premise and Azure Vnet

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. 49 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. provide diagnostic ability in Azure Resource Manager VPN tunnels

      The PowerShell command that is used in the classic "ASM" VPN troubleshooting is not compatible with the new Azure Resource Manager VPN tunnels. This makes it very difficult to troubleshoot VPN problems.

      The newest Azure PowerShell doesn't provide any start-azureRMvirtualnetworkgatewaydiagnostics like the old azure services manager did.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Improve VPN gateways performances and limits

      Using VPN to connect sites to Azure is great. But we are rapidly hitting the gateways limits:
      - One gateway per VNet
      - A max of 30 Tunnels per gateway (10 and 20 for standard)
      - A max of 200 Mb/s per gateway (shared by all VPNs)

      Today, not all regions and customers can afford 'ExpressRoute' to get more bandwidth and scalability. So why this 'very limited' options.

      77 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Allow Multiple VNETs in a Gateway

      It would be great to be able to have three (or more) regions participating in a VNET. Currently you can deploy a multi-region, multi-subnet architecture using VNETs and their gateways by pointing them at one another with site-to-site. However, if you want to add a third region into that mix, it's not possible with the way Azure infrastructure is right now.

      The use case is AlwaysOn Availability Groups. Right now, I could, say, have East US and West US creating a geographically dispersed solution. However, when it comes to where to put the file share witness, it has to go…

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Manually Assign GatewaySubnet and better field validation

      I want to be able to assign my GatewaySubnet, not have the system pick the next available subnet and crash everytime I try to change it!

      The only way I could get it to use the Subnet I wanted as the gateway was to create 63 other subnets so there was only one that was not in use.

      It also failed to create any virtual network with an Ampersand "&" in the Network name, even though it came up with a green tick next to the name when I tried to create it.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Use P2S VPN connection as default gateway (like standard VPN)

      P2S connection is working fine and I can access VMs on VNET.

      It would good to have feature if you enable [Use default gateway on remote network] that you can browse internet and it looks like you are coming from Azure network if you visit some site.
      Something like proxpn, purevpn and similar services.

      95 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Hi,

      This suggestion has two parts:

      1. Use default route or forced tunneling on P2S client rather than split tunneling
      2. Enable Azure VPN gateway as an forward proxy to the Internet

      At this point, these will be considered as long term roadmap items.

      Thanks,
      Yushun [MSFT]

    10. 16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Stop/Start Virtual Network Gateway - to don't pay when it not in use

      There are two charges related to the Azure VPN service: the compute resource charge at $0.05/hour, and the egress data volume charge. Both are based on resource consumption, Unfortunately, even if the VPN tunnels are not connected, the gateway compute resource is still being consumed and will cost ~$38 monthly!
      This is not really "Pay only for what you use".

      Need functionality to “STOP” (and of course "START") a gateway if the customer is certain that the gateway will not be in use.

      1,684 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      98 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Provide multi-factor authentication capabilities in VPN client

      The ask is pretty self-explanatory.

      We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.

      Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.

      For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.

      254 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      14 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. 177 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    1 2 3 5 Next →
    • Don't see your idea?

    Feedback and Knowledge Base