Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow both AppGw and Standard Public IP Address to move from one subscription to another.

      Allow both AppGw and Standard Public IP Address to move from one subscription to another.
      We, regardless of using AppGw v1 or v2, would be allowed to move an existing AppGw entirely by doing this.

      71 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Increase rule limit for Application Gateway

      It is currently only possible to have 100 rules per map on the Application Gateway. Since every website should work without the trailing slash, this effectively decreases the limit to 50, since every rule consists of two rules which count against the limit:
      /website,/website/*
      Add to this the fact that creating extra slots in an App Service requires corresponding paths to be mapped (prod/staging for example), and the rules are very quickly exhausted.

      35 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Add REST APIs and SDK to manage Application Gateway child resources

      (following github issue https://github.com/Azure/azure-rest-api-specs/issues/8252)

      Hi,

      Currently, REST API and SDK (go, javascript, ...) does not provide way to manage Application Gateway child resources (backend address pools, frontend ip configurations, load balancing rules, ...).

      However, it's possible with the AZ CLi.

      Could the REST APIs and SDK be updated to allow it?

      Regards,

      67 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Application Gateway: To remove (.cer) files via Azure Portal

      When we want to remove an unused expired certificate (.cer) file from Application Gateway, we will have to use the cmdlet to remove them. It seems only to support the cmdlet to remove them using PowerShell or Azure CLI.
      I know we can remove the certificate from HTTP settings using Portal, but it remains at Application Gateway. (It means we have to see a lot of unused certificate on the list in a HTTP setting.)

      This is a simple request, that we want to remove their certificate (.cer) files not only just using the cmdlet but also via Azure Portal…

      35 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Application Gateway V2 support of UDR

      Deploying a Application Gateway in a subnet with an UDR is needed in enterprise networks. For example if you advertise the default route from a ExpressRoute connection,.

      304 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    6. Application Gateway v2: Cannot be working correctly when the "Test" button on setting custom probes with using the "Health probes".

      We deployed the Application Gateway v2 on Azure Portal to set the custom probe configuration using the "Health probes",
      And push the "Test" button. In the result, we got just only the message "No Result.".
      It must be appeared backend instances on the display.
      However, it seems not to check backend pool instances health correctly on Azure Portal.
      Please fix this "Test" function with working correctly on Azure Portal.

      Test backend health with the probe:
      https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-probe-portal#test-backend-health-with-the-probe

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. TLS 1.3 and HSTS Support for Azure Application Gateway

      This is about a feature request for an Azure Application Gateway to support TLS 1.3 and HSTS.
      At least HSTS is just a secure header which should be trivial to implement.
      I`m looking forward to a feedback.

      222 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    8. Application gateway V2 subnet to support UDR

      We need to support UDR association with Appgw V2 subnet, since as of now it's not yet support while Appgw V1 does support. Please add this feature.

      125 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Make Application Gateway v2 available in Swiss regions

      We have several application gateways in both Swiss regions. However v1 have many limitations and we would like to use v2.

      Please make it available in both Swiss regions.

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Allow creation of an empty application gateway

      (Following github issue https://github.com/Azure/azure-rest-api-specs/issues/2313)

      Hi,

      currently it is not possible to create an empty application gateway without frontend and backend configuration. so it is not possible to create an application gateway step by step.

      Could you allow the creation of an empty application gateway? then one could split the creation of an application gateway into multiple parts as requested in terraform-providers/terraform-provider-azurerm#727

      More details in the github issue

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Deprecate use of Cipher Block Chaining cipher modes - TLS_RSA_WITH_AES_256_CBC_SHA256

      App Gateway is REQUIRING a WEAK CIPHER be enabled

      See: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-configure-ssl-policy-powershell#configure-a-custom-ssl-policy

      ==Important==
      TLSRSAWITHAES256CBCSHA256 must be selected when configuring a custom SSL policy. Application gateway uses this cipher suite for backend management. You can use this in combination with any other suites, but this one must be selected as well.

      As of May 2019 - SSLLABS is identifying cipher suites using CBC as WEAK - https://blog.qualys.com/technology/2019/04/22/zombie-poodle-and-goldendoodle-vulnerabilities#comment-303228

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. SSL labs shows certificate chain issue after TLS protocol and cipher suite changes in Application Gateway

      SSL labs show certificate chain issues after TLS protocol and cipher suite changes in the Application Gateway.

      The same certificate when reapplied to AG with a different name this error gets resolved.
      Its seems that after TLS setting change again uploading certificate is mandatory.
      Again there is no way to delete certificate from AG.
      If we have to adjust the cipher suites and test this creates lot of problems as every time new certificate must be uploaded with a different name

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Add X-Forwarded-For information in Application Gateway Access log

      If we have other Layer 7 Load Balancer like Cloudflare load balancer uses in front of AppGw, we are not able to obtain real client IP. Imagine Cloudflare load balancer inserts X-Forwarded-For info before forwarding request to AppGw, can we add X-Forwarded-For information in Application Gateway Access log?

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Application Gateway handling the Query parameter on back-end

      In application gateway HTTP settings when we use "override back-end path" option, it is stripping out the query parameter and retains only the resource path.

      Eg: https://<<HostName>>:443/resurcepath/invoke?api-version=2016-10-01&number=5

      It retains only "https://<<HostName>>:443/resurcepath/invoke" and ignoring "?api-version=2016-10-01&number=5"

      It will be good to retain the query parameters without doing any URL redirection etc

      31 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. mutual TLS authentication on Application Gateway

      To verify authenticity of client sending traffic to Application Gateway, its required to have mutual TLS authentication.
      For use cases such as : Using a 3rd party caching or WAF tier like Akamai send traffic to AG, we would require mutual TLS.

      Currently we could limit source by IPs by putting an NSG rule. But cryptographic identity verification is the correct approach. Towards this I would like to request Mutual TLS.

      155 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Support for regex negative lookahead with WAF policy.

      I confirmed that we can not use regex negative lookahead like below as match values of custom WAF policy in Application Gateway.
      "\%(?!$|\W)"

      Some people want to use this regex so I want you to add this feature.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. High security predefined setup

      This will give you an A+ score on ssl policy and should be a predefined setup:


      az network application-gateway ssl-policy set -g resource-group --gateway-name app-gw --policy-type Custom --min-protocol-version TLSv1_2 --cipher-suites TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

      Yet it is not a predefined one. something under the name: max-security.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Fully private App Gateway v2

      From: https://docs.microsoft.com/en-us/azure/application-gateway/migrate-v1-v2

      " v2 gateways currently don't support only private IP addresses."

      We need to be able to create fully private App Gateway V2, without public IP.

      At the moment V2 Gateways will be public facing so we need to stick with V1. We cannot rely on NSG/Firewall to restrict traffic: we need to be able to provision a private load balancer.

      32 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Allow public and private ip to have its own listener on the same port

      single gateway would support both public and private ip but the not able to create the two listeners for public and private on the same port. it would be great to have this feature else we need to create 2 application gateway for this purpose which defeats the purpose of public and private front end configurations to some extent.

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. ILB only mode for Application Gateway V2

      https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-autoscaling-zone-redundant#differences-with-v1-sku

      We are using Application Gateway regularly on internal services and we want to use V2 mainly because its faster, but we don't want to expose our services externally even by mistake - so because there is public frontend ip address, it is no-go far us until there ILB only is possible.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 10 11
    • Don't see your idea?

    Feedback and Knowledge Base