Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Application Gateway V2 support of UDR

      Deploying a Application Gateway in a subnet with an UDR is needed in enterprise networks. For example if you advertise the default route from a ExpressRoute connection,.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    2. AppGw v2: support attaching listeners to both public and private IP

      See also:
      https://github.com/MicrosoftDocs/azure-docs/issues/23652

      Documentation says "ILB only mode - This is currently not supported. Public and ILB mode together is supported". However, when I create a Standard_v2 AppGw I can't create a listener on both the public and private frontend-ip with the same frontend port. Creating listeners on either the private or public frontend-IP works.

      Use case:
      - Create an AppGw that can be connected to on it's public IP address for eternal services as well on it's private ip address for azure vnet services. Services are accessible the same port (eg 80/443). At this point in time we need…

      75 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. App GW with load balance should use single internal IP for single session

      App GW with auto-scaling enabled have Multiple internal IP for communicating hosted web service. The worst part is its communicating same session from client with Multiple IP internally because of load balance it has multiple machine for APP GW.

      e.g

      https://groups.google.com/forum/#!msg/pwm-general/miljylSaFjA/1qqhNS7lQgAJ;context-place=msg/pwm-general/za94hdmqPL4/tafnzLq5yUIJ

      We are using application with which
      NSG/IP restriction cannot be used because application is designed in such way it doesn’t allow same session from multiple IPs for security purposes and if we white list backend IP doesn’t makes sense because they always will be same from backend pools.
      Let’s suppose during some session of user some attacker hooks…

      40 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    4. Content Compression and Response Caching in App Gateway

      I'd like to see a feature in Application Gateway that allows configuring Content Compression and Response Caching per backend rule. This would be similar to, for example, what Nginx supports through "proxy_cache", "proxy_cache_valid" and "proxy_cache_path" directives.

      51 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Application Gateway frontend PublicIP should allow a Reverse FQDN

      Currently Application Gateways can have Public IPs with a DNS label, however modifying the Public IP adding an FQDN via:

      $pip.DnsSettings.ReverseFqdn = "<my.domain.com>"

      is currently not allowed. This is a request to allow Reverse FQDNs for Application Gateway frontend Public IPs.

      -Chris Jackson

      17 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    6. Support for header content size configuration

      After many issues we run into an unsolvable 502 Bad Gateway error, simular to https://stackoverflow.com/questions/48964429/net-core-behind-nginx-returns-502-bad-gateway-after-authentication-by-identitys where the content size is too large in sign-oidc for open id connect post.

      Please add support to edit the values that end up into nginx.conf

      For now we cannot use the Application Gateway and looking into Cloudflare or Nginx Plus with WAF.

      75 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Monitor Application Gateway Load

      Provide a way to monitor Application Gateway CPU/Memory in order to track load. It's hard to know only based on current access/http errors when the WAF is under heavy preasure and we need to scale it up.

      138 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      There is no plan currently to offer these system level metrics for Application Gateway Standard (V1). However, we are planning to offer more observability with our new Autoscaling version (V2) of Application Gateway/WAF. We already offer Capacity Units as a metric which gives you a sense of the traffic load on your Application Gateway. More are planned for V2. Please send in your specific feedback via https://aka.ms/ApplicationGatewayCohort

    8. TLS 1.3 and HSTS Support for Azure Application Gateway

      This is about a feature request for an Azure Application Gateway to support TLS 1.3 and HSTS.
      At least HSTS is just a secure header which should be trivial to implement.
      I`m looking forward to a feedback.

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    9. Remove NSG validation from App Gateway V2 deployment

      This is more of a bug report than an idea.
      I tried deploying new WAF_V2 app gateway through ARM templates. My gateway subnet has a hardened NSG applied.
      Validation is applied to check whether certain traffic is blocked to the gateway. I have many problems with this:

      1) The validation is never satisfied with my rules. It will only be satisfied when I have my entire VNET way too open.
      I am refering to this error message when deploying:
      "Network security group <NSG_ID> blocks incoming internet traffic on ports 65200 - 65535 to subnet <SUBNET_ID>, associated with Application Gateway <GATEWAY_ID>.…

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Is it possible to expose Azure blob storage via Application Gateway

      Expose Azure blob storage via Application Gateway.

      I would like to remove public access for Azure Blob and only make it accessible via virtual network. The Azure Application Gateway will be public facing which does the SSL termination and forwards the request to blob.

      This would allow scanning for malicious content via virtual appliances before content is stored in blob.

      136 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Pure internal standard_v2 application gateway

      Currently standard_v2 application gateway must have a public IP to work. Please make it be able to work only with private IP address. This capability is available in standard sku but not in standard_v2.

      43 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Need ability to set Maximum file upload size as a property for V2

      Our hosted solution requires uploads larger than 2GB for some applications like uploading a large video. We need a user setting for the maximum file upload on the V2 AGW.

      The current documentation is also not clear. It says: The following table applies to v1, v2, Standard, and WAF SKUs unless otherwise stated. There are specific stated mentions of the 2GB limit for Standard and WAF and there is no specific limitation mentioned for v2.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. application gateway monitor

      Application Gateways need more troubleshooting tools. The healthy/unhealthy logging is almost useless. We need to be able to initiate a ping/netcat from the AppGw to a host to verify connectivity. We also need to be able to see the DNS cache or see a log correlating incoming requests with outgoing requests by hostnames and IP addresses,

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Reduce price for V2 SKUs

      Reduce price for V2 SKUs to make them more affordable for small workload projects

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. mutual TLS authentication on Application Gateway

      To verify authenticity of client sending traffic to Application Gateway, its required to have mutual TLS authentication.
      For use cases such as : Using a 3rd party caching or WAF tier like Akamai send traffic to AG, we would require mutual TLS.

      Currently we could limit source by IPs by putting an NSG rule. But cryptographic identity verification is the correct approach. Towards this I would like to request Mutual TLS.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Allow setting intermediate certificates for SSL

      Application Gateway does not support setting intermediate certificate. Some CA provide leaf certificates that do not include all certificates in the certification path. When AG does not has the intermediate certificate, we need to manually create a certificate with the intermediate one.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    17. Application Gateway (WAF) - document how to get firewall logs

      Please create documentation about how to retrieve Azure App GW firewall log.

      Microsoft does not mention a word about this. - Correct me if I'm wrong. Finally I found a solution on third party (!!!) site: http://francescomolfese.it/en/2018/07/azure-application-gateway-come-monitorarlo-con-log-analytics/.

      Application GW produces these types of logs:
      1. ApplicationGatewayAccessLog
      2. ApplicationGatewayPerformanceLog
      3. ApplicationGatewayFirewallLog – the most important one as it contains logs about security operations (reasons for blocking connections, etc...)

      To retrieve these logs (or at least first 2 of the 3 mentioned above), you have to do this:
      o Go to Log Analytics workspaces in Azure portal --> create or choose…

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Azure Application Gateway WAF Mode Increase Limit on SecRequestBodyLimit

      When we have the WAF set to prevention mode some of our HTTP post are denied with code 413.

      Request body no files data length is larger than the configured limit (131072).. Deny with code (413)

      Can you make these two settings configurable on the WAF?

      SecRequestBodyLimit
      SecRequestBodyNoFilesLimit

      Thanks
      Mark

      289 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      14 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Allow update of TCP timeout for frontend private IPs in Azure application gateway

      Please allow support of updating TCP timeout for private IPs.

      At the moment the TCP Timeout value is available only for public IPs. Would like it to be available for private IPs as well.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    20. Allow APGW redirection from the root path

      Allow an Application Gateway's path-based rules to accept a forward slash ( / ) as a valid path.
      As of the time of writing this, trying to save such a configuration results in the following error:

      failed to save configuration changes to application gateway 'APGW_NAME'. Error: Path / should have a nonempty match value followed by '/' in PathRule RESOURCE_GROUP/providers/Microsoft.Network/applicationGateways/APGW_NAME/urlPathMaps/RULE_NAME/pathRules/REDIRECT_RULE_NAME'>APGW_NAME/RULE_NAME/REDIRECT_RULE_NAME.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 6 7 8
    • Don't see your idea?

    Feedback and Knowledge Base