Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Block out access to azure resources from outside

      I am looking for a way to completely block out access to azure resources from outside of Japan. An access from abroad is most likely from a person who are not from our company.

      Recently, I am terribly worried because there are a lot of illegal access from the outside country. It's very reassuring to have the ability to shut off foreign access in Azure. This scenario is difficult to achieve because the NSG feature has a limit in a number of IP addresses which can be restricted.

      34 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
      • Zero Downtime Deploys with Azure Load Balancer

        Currently, Azure Load Balancer does not support any way to programatically mark a node unhealthy or otherwise remove it from the pool temporarily during maintenance. Meaning you have to accept errors to your end users while deploying. It'd be great to either allow a request from the node, or a secondary health check to mark a node as unhealthy without it actually sending errors back to the user.

        2 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
        • Allow native VPN S2S from Azure to AWS

          Azure coexistence with AWS (and even GCP) is a very common scenario. Currently the only way to connect Azure and AWS is using a combination of Azure Virtual Network Gateway with a VM (Strongswan, OpenVPN, RRAS) deployed in AWS. We have no documentation around it, while Google provides VPN interoperability guidelines (here: https://cloud.google.com/compute/docs/vpn/interop-guides).

          This is complicated to manage when you add things such as High Availability and all the required configuration. Also, these manual configurations are never the most optmized.

          I understand we have a few different parameters vs. AWS and that's why Azure can't set up this S2S…

          9 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • Route Tables attached to NIC

            I love using Route tables attached to the Subnet under the Virtual Network, could we have Route table attached to NIC as well ?

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
            • Binding same IP Address to mulitiple VM

              I love using your feature load balancer but, our product deployed on multiple VM for redundancy need to share IP address across the VM. Could we have option to bind IP to multiple VM?

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • Enable network acceleration process is way too slow....

                It has been almost two weeks since I request for network acceleration and it is still not enabled. The worst thing is the PoC helping me on this issue disappear totally, no response at all for all my emails requesting status update.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • Adding multiple NSGs to a NIC

                  I have several virtual machines in several different subnets that need to apply a certain set of network security rules. But for each VM there are also their own unique rules. I would like to be able to set multiple NSG for the NIC of each virtual machine. I do not want to copy common rules to each NSG.

                  4 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • Increase Url query size for Application Gateway

                    The size of Url for Application Gateway is 8k. But the size of Url query (as a part of Url) is only 2k.
                    It will be great if there are no limits for query size in Url.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                    • Internal vNet endpoints for SQL Databases and Storage Devices to allow private accessible only via Expressroute Gateway

                      To justify using Expressroute to "securely" extend the corporate LAN/WAN infrastructure to the cloud.

                      Create Internal vNet Endpoints for SQL Databases and Storage Devices to allow private accessible only via Expressroute Gateway.

                      Needed to secure sensitive PII, HIPAA, and Company Confidential Databases and storage devices

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Not to convert the service for famous port number when confirgurating the NSG rule

                        Currently when creating a new NSG rule in portal or PowerShell with a famous port number as the service, the service will be convert to the pre-defined one even if I choose custom service. I want that the service remains to be the custom one.

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Traffic manager https

                          Why dont subdomains of trafficmanager.net automatically support https? Similar to azurewebsites.net.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                          • BGP Peering IP modification on different subnet

                            Hey,
                            For business purpose, we wanna offer an idea of selecting peering IP from non-GW subnet while using Azure VPN BGP. this IP was currnetly allocated from ge subnet. but we wanna change to specific IP . let's say our address space range is 10.0.0.0/16, but our GW subnet is 10.0.0.0/24, Peering IP is 10.0.0.254. but one of subnet is 10.13.100.70/28, we wanna change peering IP to 10.13.100.70. but this is impossible, could we make some changes in further?

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Allow User-Defined Routes (UDR) to work across ExpressRoute.

                              Currently, UDRs are limited to IP addresses which appear in a single peer group of VNETs (i.e., in the same Azure data center location). I would like to have a NextHop to a firewall that can serve multiple regions. The traffic would flow across the ExpressRoute (MPLS-style).

                              While most deployments are in a few Azure data centers, there are some which are elsewhere. It is less economical to have a separate firewall instance for each region. With UDR across ExpressRoute (or VPNs), that would be a money saver.

                              3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                              • Capability to apply WAF rules to each path rule.

                                One of the customer wants capability to apply WAF rules to each path. Can you consider that?

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                • CDN Allow Root Domain for Custom Domains

                                  It would be great to be able to set an A record to a root domain for CDNs like you can with web apps.

                                  For example you can set a CNAME to www.example.com but you cannot set an A record to example.com.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Exclude networks in the default Tag "Virtual Network" which are defined in UDR

                                    When we are using the default Tag "Virtual Network" in NSG to make a Rule for intra VNE communication, the UDR networks are automatically included in the default Tag "Virtual Network", e.g. I have defined a UDR as route route / network 0.0.0.0/0, it is included in to default Tag "Virtual Network", then the Tag is useless for intra vnet communication as it contain the network 0.0.0.0/0.

                                    My Suggestion is to exclude the UDR from default Tag or allow us to make our own Tag. Also when we are creating NSG with multiple destination ip/networks from same source ip/network and…

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Provisioning server sets first NIC as primary NIC

                                      Hi -
                                      I run into limitation if I want to add a NIC to an existing VM. The error code is that I have to assign a primary NIC before adding a secondary. My wish is that upon creation of VM via portal that the NIC associated with the vm is automatically created as primary. That way it is much easier to add additional NICs later. Thank you - Asger

                                      2 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Application Gateway firewall log needs to include the site/host name of the request

                                        The Application Gateway firewall log only contains the request URI starting after the domain name. When using the Application Gateway in a multi-site scenario, there is no way in the log to determine which site the request was sent to. Can you please include the hostname or full URI in the logs?

                                        7 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Application Gateway : Support portal edit feature for webapps.

                                          Application Gateway lately started to support webapps as backend. But as this point, we have to use Azure PowerShell to register/edit for related resources on Application Gateway. (For example, Probe or BackendHttpSettings).

                                          Can you add the feature which enables us to create / edit resources for Webapps?

                                          0 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Add activity alert feature for DNS record add/delete/modify

                                            Current activity alert for DNS zones available but not for records. Add activity alert feature for DNS record add/delete/modify also.

                                            1 vote
                                            Vote
                                            Sign in
                                            Check!
                                            (thinking…)
                                            Reset
                                            or sign in with
                                            • facebook
                                            • google
                                              Password icon
                                              I agree to the terms of service
                                              Signed in as (Sign out)
                                              You have left! (?) (thinking…)
                                            ← Previous 1 3 4 5 12 13
                                            • Don't see your idea?

                                            Feedback and Knowledge Base