Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Improvement of maintenance specifications for Azure VPN Gateway instances

      I already posted this feedback below on October 27th, and have collected 230 votes.
      However, due to UserVoice tool's trouble, the feedback cannot collect votes anymore, so I posted it again.


      We plan to provide a solution for financial institutions that utilizes Azure.
      However, we have 2 problems about maintenance specifications of Azure VPN Gateway instances.

      Request1: Could you extend the maintenance interval between two instances of VPN Gateway ?

      In some cases, the maintenance interval is not enough to reestablish VPN tunnel between on-premise devices and VPN gateway instances.
      We are having some trouble reestablishing of VPN tunnel.

      Request2:…

      240 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. P2S Client Dynamic DNS Registration

      Point-to-Site (P2S) VPN Clients do not register DNS against VNet DNS Servers when connecting to VPN. This is supported by other VPN clients and should be supported by Azure.

      Expected Result: When a client connects to Azure P2S VPN, the client should initiate a Dynamic DNS Registration towards the VNet-defined DNS servers to register myhostname.mydomain.local with the IP address received via the VPN tunnel.

      This function is currently not supported, per this document:
      https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#does-point-to-site-support-auto-reconnect-and-ddns-on-the-vpn-clients

      83 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. AAD authenticated P2SVPN should support Mac (OS X)/Linux

      The new AAD authenticated P2SVPN seems to work great for our pilot Windows users. But to introduce this to our prod/stage environments we need support for Mac/Linux users.

      133 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Make Azure VPN client accessible as a direct download

      The new Azure VPN client is only available on the Microsoft store. Our organization has the Microsoft store turned off per company GPO. This means, there is no way for us to download the executable, even though we have local administrative privileges on our laptop.

      55 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Multiple P2S VPN IP address pools

      A point-to-site configuration on a Virtual Network Gateway only allows one pool of dynamic IP Addresses. There is no way to restrict access to resources from specific VPN client users.

      If there was provision to allow different address pools and each pool assigned either via a configuration profile or somehow published as a separate application, access could be restricted based on user role by grouping VPN clients by separate address pools.

      24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Azure VPN Client: Minimize to Tray

      Add an option to minimize the Azure VPN Client to the system Tray. It's annoying to have it in the taskbar all the time.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Allow multiple parallel p2s vpn connections using Azure VPN Client

      Currently 'Azure VPN Client' from Microsoft Store limits the number of parallel connections to 1. However this is inadequate for most of the medium to large scale enterprise where IT Ops needs to connect more than 1 gateway i.e. more than 1 vpn connection simultaneously.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. point to site address pool per root certificate

      In the Virtual Network Gateway Point-to-Site connections it would be cool to have one address pool per root certificate to make it more flexible to manage rules in network security groups or other firewalls and policies based on IP ranges.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Whitelisting of clients with common name (CN) or certificates

      I'm using VPN Gateway (VpnGw1) with openVPN configuration and Azure certificates. Currently there is no way to allow a client connection based on a certain condition, because in general all clients with a valid certificate can connect to the VPN Gateway. As there is a way to blacklist clients via revocation list, it would allow interesting use cases if whitelisting of clients is possible too.

      For openVPN this could be done quite easily with the '--tls-verify' plugin, but i guess there i no way to customize the openVPN server configuration / add plugins.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Ability to connection Azure Virtual Network Gateway to AWS Transit Gateway through VPN

      Ability to connect Azure VNet to AWS VPC through Azure Virtual Network Gateway and AWS Transit Gateway through VPN connection with BGP. Found 169.x.x.x AWS use for tunnel IP in routed VPN but Azure uses it for reserved range and that causes conflict right now.

      77 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Azure VPN Gateway as Responder (Not Initiator)

      Currently with Azure VPN Gateway we do not have an option to set it as a VPN responder, it is set as a permanent initiator - which is causing me issues when I want t'shoot my local gateway.

      I would like the option to set the Gateway as a responder only.

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Azure VPN Client: Support for http proxy settings

      When using the Azure VPN Gateway for p2s-connections in connection with Azure AD authentication you are required to use the Azure VPN Client application.
      This client does not allow the configuration of any proxy settings and does not seem to honor system wide proxy settings as well.
      Because of this is the usability of the p2s-VPN-client is severely limited for enterprise users that usually do not have direct non-proxied internet access.

      Please consider implementing additional settings in the azurevpnconfig.xml file you can use to configure the Azure VPN Client application.

      As the client application probably does not re-implement the OpenVPN…

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Azure VPN with Azure MFA should require two-factor authentication every time it connects.

      Azure VPN with Azure MFA should require two-factor authentication every time it connects. If someone obtains the Windows credentials for a user, an attacker with access to the laptop can connect remotely to the VPN using only the Windows credentials, what does not look like a secure solution for remote access. We would like to see a behavior more like other VPN solutions, where users have to enter the second factor every time they connect to the VPN. Thank you.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Name resolution of PC connected by Point-to-site VPN

      We connect to Azure VNET from a client PC via a point-to-site VPN.
      Then, the client PC connects to the server (virtual machine) in VNET.

      We want to communicate using the computer name when communicating from the server to the client PC.

      We hope to be able to name resolution of the client PC connected by Point-to-site VPN.

      Best regards.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Display User Info next to Allocated IP Address when using Azure Active Directory Authentication

      On the Point-to-site configuration blade in the portal, for VPN's that are using Azure Active Directory for authentication, display the user info next to their allocated IP address

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Fix P2P + P2S statuc route behaviour after additions on Azure VPN Gateways

      At present, in a situation where a single Azure VPN Gateway is used as both a P2P and P2S device, adding fixed downstream routes to the Local Gateway and P2S endpoint (both split and forced tunnel modes) results in VPN endpoints being unable to reliably route to the downstream locations. BGP is not in use.

      At present, a reset of the VPNGW is required when adding new routes in order for them to work correctly (even though routing works correctly from any servers inside an attached VNET, and published routes propagate correctly to the P2S clients via intune or manual…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Add automatic connect support on Azure P2S openVPN

      In case of internet connectivity restore, VPN gateway planned maintenance and other scenarios, it would be quite helpful for openVPN client to be able to automatically re-connect.

      Please add this feature.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Azure virtual Network Gateways should support IPv6

      Supporing IPv6 on Azure vNet is great. In hybrid hetwork scenarios IPv6 connectivity is important as well. If Azure vnet Gateway supports IPv6 VPN it would be, just great.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Block 8081, 8082, 8443, 8444, 10001, 10002, and 20000 access from Internet for Azure VPN Gateway

      Network ports 8081, 8082, 8443, 8444, 10001, 10002 and 20000 for Azure VPN Gateway are opened from Internet, these ports are used for Gateway management. We understand Azure platform has secured these ports in Azure platform level, however from security perspective, we would like to suggest to restrict these ports can only be accessed from Azure Platform.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Allow connection to an Azure SQL database over an Azure Gateway VPN

      I'd like to be able to allow remote users to connect to an Azure SQL database using a point to site VPN - everything seems to be in place to do this. With the VPN connected I can PSPing port 1433 on the IEP endpoint address but connecting Azure Data Studio fails and says I need to add my external IP to the Firewall.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 6 7
    • Don't see your idea?

    Feedback and Knowledge Base