Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow file transfer to Azure Bastion sessions

      Not being able to transfer files to a VM using a Bastion session really limits the usability. Please enable this feature.

      218 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  7 comments  ·  Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    2. Support WebSocket connections on Azure Front Door

      Add support for WebSocket connections with load balancing on Azure Front Door

      473 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      16 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. Azure DevOps Whitelisting

      Please create service tag for Azure DevOps Hosted Build Agents. I have been told that to allow hosted agent access through NSG - to my ASE's, I need to whitelist ALL external Azure IPs.. This is unaccesptable from a Security standpoint. Please address immediately

      https://developercommunity.visualstudio.com/idea/467755/static-ip-address-for-azure-devops.html?childToView=571222#comment-571222

      272 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    4. Azure load balancer currently doesn't report the status of backend pool VMs based on health probes.

      Azure load balancer should report the status of backend pool VMs based on the health probes we have created and not just report if the VM is running or not. Recently one of my backend pool VM went into high load and it took me minutes to identify the problematic one. LB was not sending any traffic to this VM however the portal was still showing it 'Running' instead of "Unhealthy" or "Failed". This would save a lot of time and will be easy to see health of backend pool vms.

      79 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    5. Offers BGP prefix/route summary at Microsoft Enterprise Edge (MSEE) ExpressRoute routers

      There is an urgent business need to summarize BGP prefix/route at MSEEs before being propagate to its peers at remote sites i.e. Cloud Gateway Access (CGA) routers in relation to Express Route service (as there is vary limit of allowable prefix entry set at remote CGA routers i.e. default 20 in some case).

      This BGP prefix summarization helps reduce the need of large number of prefix entries to be broadcasted from Azure to CGA especially for business case that have large number of spoke VNETs (Hub and Spoke model) leveraging on granular address space of a large prefix.

      For example,…

      237 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    6. Application Gateway V2 support of UDR

      Deploying a Application Gateway in a subnet with an UDR is needed in enterprise networks. For example if you advertise the default route from a ExpressRoute connection,.

      185 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    7. Distribution Percentage by Service of ExpressRoute with Microsoft Peering

      I need the ability to granularly monitor the percentage of total bandwidth used by services on my ExpressRoute links. I have Microsoft Peering with no private \ public peering. I want to know what percentage of the ExpressRoute is consumed by O365 vs. PaaS vs. IaaS and from what I can tell the ability to do that does not exist. I’ve tried NSG flow logs on my edge NVAs to answer the IaaS question but I still need to understand the percentages used by the remaining services for showback \ chargeback.

      NPM bandwidth distribution only works with private peering, not…

      57 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    8. Application gateway V2 subnet to support UDR

      We need to support UDR association with Appgw V2 subnet, since as of now it's not yet support while Appgw V1 does support. Please add this feature.

      61 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Azure Front Door Service

      Allow to connect from Azure Front Door to a VNet in Azure. So i can make a secure connection from Azure Front Door to a Web APP or a VM with out going over the internet.

      39 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. Please add start / stop cmdlets (ex. Stop-AzFirewall / Start-AzFirewall)

      Could you please provide cmdlets like Stop-AzApplicationGateway / Start-AzApplicationGateway.

      Following steps are really complexed. (Why Firewall doesn't keep VNet and Public IP information?)
      We need more simple step for stopping and restarting Firewall because its too expensive for PoC.
      If you can add cmdlets and portal UI, it really helpful for us.

      https://docs.microsoft.com/en-us/azure/firewall/firewall-faq#how-can-i-stop-and-start-azure-firewall

      40 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    11. Support rewriting HTTP headers

      In order to have more control over accessing multiple services through one facade provided by Front Door it'd be nice to have an opportunity to rewrite/add some HTTP headers when it's needed. Using rewriting it'd be possible to protect apps by creating some checks on added header value (e.g. 'x-frontdoor-key') on the app side. It'd make possible to be sure that all request are coming through WAF

      37 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  4 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. Azure VPN Gateway as Responder (Not Initiator)

      Currently with Azure VPN Gateway we do not have an option to set it as a VPN responder, it is set as a permanent initiator - which is causing me issues when I want t'shoot my local gateway.

      I would like the option to set the Gateway as a responder only.

      39 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Enable Azure Front Door managed certificates in ARM Templates

      Azure Front Door is GA. We really want to use it throughout our build/release cycles. We are not able to do so because it is not possible to setup the custom domain AFD managed certs via ARM templates. When will this be available.

      74 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    14. Add additional Authorized CA for custom Certificate in Azure Front Door

      Actually it is possible to bring a custom certificate for custom domain name in Azure Front Door. Unfortunately, there is a restricted list of authorized CA (cf. https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https). CA like Lets Encrypt (https://letsencrypt.org/) are not in the list. Is possible to add it ?

      125 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      12 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. Frontdooor - TLS mutual authentication - X-ARR-ClientCert

      Allow Frontdoor to inject the client certificate into request header: X-ARR-ClientCert similar to App Services.

      https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth

      95 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    16. Restrict Azure Bastion copy and paste by policy

      The Public Preview of the Bastion host allows copy and paste to and from the target host to the browser session and then the local machine. There is a requirement to restrict this capability to help reduce data loss. Perhaps this could be by policy?

      55 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Bastion  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    17. Increase limit of custom domains per front door

      There is a limit of 100 custom domains per front door.
      This works well for apps that only require only a handful of domains, but SaaS applications often require it's customers to be on their own domain. This limitation currently prevents SaaS platforms using Azure FrontDoor.

      Alternative platforms such as Cloudflare or AWS Cloudfront already support a very large number of custom domains.

      57 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    18. Add Effective Routes blade to Azure Firewall

      We are currently evaluating the use of Azure Firewall as our core firewall between on-prem and an Azure Hub/Spoke architecture via ExpressRoute.

      We need to be able to see what the effective routes are that Azure Firewall is using when we route all of our spoke traffic to it, and our on-prem traffic destined for the spokes to it as well. Currently, Effective Routes are only visible on resources with an associated NIC.

      Given that Azure Firewall is a PaaS network appliance, this is a critical feature for making it useful in our use case.

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    19. Azure Firewall - FQDN Based NAT!

      I strongly hope AzureFirewall has "FQDN-based-Nat" function!!!

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    20. Azure Front Door - cache Key Vault sourced certificates

      We use Front Door to host multiple clients under the same domain, and configured HTTPS with a wildcard certificate sourced from Azure Key Vault. The same source Key Vault, secret name and secret version is used for all frontend endpoints configured.
      Customer DNS records:
      customer1.domain.com -> frontdoorname.azurefd.net
      customer2.domain.com -> frontdoorname.azurefd.net
      customer3.domain.com -> frontdoorname.azurefd.net

      Wildcard certificate in Key Vault *.domain.com

      Every time a new client front end is added and HTTPS configured for it, the certificate is deployed again, which takes 20 minutes. Front Door should recognize that the same version of the same certificate is already been uploaded before and…

      36 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 13 14
    • Don't see your idea?

    Feedback and Knowledge Base