Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. VPN Show configuration

      Ability to see COMPLETE configuration of the VPN connection. See all the parameters of Phase 1 and 2, hash and encryption algorithms, PFS, DPD, SA, etc.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    2. VPN Debug

      Ability to execute a debug on the VPN Azure (Conecction - Local Network Gateway) and be able to see the logs in real time of traffic between the peers of vpn. For example, why a phase 1 or 2 is failing, why encryption domain matches or not, etc. Like a VPN onpremise do. Talking to the azure support team, they tell us that there is currently a way to do it, but only is allowed for the support team, not for azure users. Which makes losing a lot of time lifting a ticket, just to see a debug.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    3. WireGuard VPN protocol in Azure VPN PaaS

      Add WireGuard as a VPN protocol in the Azure VPN PaaS offering.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    4. The bgp peer ip configured on the local gateway is advertised back to the site router via the tunnel

      Azure BGP implementation advertises a route to on-premises BGP peer IP back to the on-premises network via Azure! This should have been filtered on Azure side.

      B 10.255.254.6/32 [20/0] via 10.16.1.4, 00:03:47
      via 10.16.1.5, 00:03:47

      10.255.254.6/32 is the loopback IP address on my VPN device.
      10.16.1.4 and 10.16.1.5 are the BGP IP addresses on Azure VNET.

      Ref. case: 119060721002544

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    5. Allow GRE packets in Azure virtual networks for the purpose of configuring a PPTP VPN within an Azure VM

      This is to allow those who do not have access to on premises devices to be able to connect to the on premises VPN using the credentials that where provided to them. In my case site-to-site, point-to-site and other VPN connection methods offered by Azure are inadequate as they require installing or configuring something on site and I do not have access to any of the on premises resources.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    6. Authentication to VPN Gateway using Azure AD

      Add option to authenticate to VPN Gateway using existing Azure AD accounts. For security reason there should be option to add a group of users allowed to use VPN.

      This should help to use Azure VPN Gateway by customers which not use local AD DS servers

      58 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    7. No pricing plan for Legacy SKU on Virtual Network Gateway

      The pricing page just gives the pricing for the Basic from the Legacy SKU:
      https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/

      There is no pricing for Standard or High Performance.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    8. Even smaller "Dev" size of Virtual Network Gateway

      While the ability to set up a site-to-site tunnel between my local network and an Azure virtual network is a very great convenience, it's also quite the expensive convenience for the single-developer business. (If you have a VS Professional subscription, for example, you'll burn almost all of your included Azure credit on this alone.) This may be partly solved, at the cost of some overhead, by this request:

      https://feedback.azure.com/forums/217313-networking/suggestions/6169157-stop-start-virtual-network-gateway-to-don-t-pay

      ...but my first observation is that even the "Basic" size of VPN gateway is far more, at 100 Mbps and 10 S2S tunnels, than I actually require.

      How about a cut-down…

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    9. vpn point to site static

      Requesting the ability to set a static IP for a point-to-site vpn client. Currently the addressing is auto/random from a vpn pool. Would like the ability to strap that. Specifically for the OpenVPN peering - but all of the point to site peering options can benefit from this.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    10. No comprehensive description of the limitations of basic gateway

      Why is there no documentation that comprehensively describes the differences between the different gateways? I set up a basic gateway thinking it would be sufficient for our immediate needs according to (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways) and the other offerings *start* at 5x the price of basic. But then I see in a different document that IKEv2 is not supported with the basic gateway. Is it supported or isn't it? What else can the Basic gateway not do?
      This is needlessly frustrating and making it that much more difficult to deploy our infrastructure because we have to backtrack plans due to poor…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    11. Allow creation of your own Service Tags for use in NSGs

      Effectively allow you to create your own address group objects that can be referenced across all NSG's in any location/VNET.

      This would simplify NSG management considerably, even more than ASGs will (when they support being used across multiple VNETs)

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    12. Allow advertisement of regional / datacentre routes from VPN Gateway

      Microsoft Peering can be employed with ExpressRoute, but there seems to be no such feature in VPN Gateway. If you could add a tick box for the peer to send out the region's ranges to which the VPN Gateway were provisioned, that would be great.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    13. alerts

      Would appreciate if we have an option/metric to Monitor the VPN Tunnel status.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    14. Azure VPN gateway should support Azure PaaS service

      Currently, Azure VPN gateway only support IaaS service, like Azure VM. We hope Azure VPN gateway can support PaaS service in near future. So that user can connect to PaaS service with its private address via VPN.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    15. Document for active-active S2S VPN with Forced Tunneling

      We would like you to add documentation for forced tunneling with Act-Act S2S VPN connection.
      Azure can create above structure with BGP default route advertisement from on-premises, however there is no documentation about this.
      We confirmed there are below documentation for Act-Act S2S VPN and for configuration of forced tunneling with VPN connection.

      Configure forced tunneling using the Azure Resource Manager deployment model
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm#configure-forced-tunneling>

      Configure active-active S2S VPN connections with Azure VPN Gateways
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell>

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    16. VPN Connection Status Alert

      It would be nice to have built in alerting for when VPN connections are dropped/connecting. We've had to setup an hourly runbook to call a PowerShell command that pushes data to OMS and then create an alert. All of the data is available in resource health so it shouldn't be a difficult enhancement, we just have no native way to pull/alert the data.

      74 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    17. Allow custom firewall on VPN GateWay interfaces

      At this time, a firewall on these public interfaces is not manageable. When conducting security evaluations, we have to specify an exception to our security policy because of the lack of control. I would like the ability to specify the TLS level and limit inbound IP addresses and ports

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    18. peering

      Allow VPN connection to transit between multiple levels of peering

      To allow for hub-spoke-hub architecture described here: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/shared-services

      and allow the VPN connection to be shared through to lower level hubs.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    19. vpn gateway slow to create

      Why does it take upwards of 30 minutes to create a vnet gateway?
      If I am doing a PowerShell script or a CI/CD deployment, the whole world stops while the VPN takes 30-odd minutes to be initialised and start. Can this please be addressed?

      43 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    20. Increase the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      I am dealing with a very complex client network environment, which is managed by their vendor.

      The current route advertisement limit is severely impacting the works that we need to perform through to, and within the client's network.

      I would like to request, and strongly suggest for an increase in the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      Please also refer to the case reference number 119051322001294.

      Thank you.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    ← Previous 1 3 4 5
    • Don't see your idea?

    Feedback and Knowledge Base