Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Transparent interception for security appliances

      Allowing a method of transparent interception for network/security appliances to allow them to operate, but still be able to take advantage of configuring new applications completely via ARM.

      e.g. new app has external load balancer, 3 tier of VMs etc. But we could slot an IPS in between Ext Load Balancer and Web tier, or outside ELB etc.. Without having to also configure a Layer 3 policy & NAT on security appliance.

      Ideally have options of both inline, and "SPAN" mode. and be able to attach to Load Balancers, NICs, and where there are tags, eg 'Internet' routes.

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
      • Integrate Windows IPAM with Azure DHCP

        Integrate Windows IPAM with Azure DHCP services.
        Some info can be gathered for domain members using DDNS, but not for appliances and other services not using DDNS...

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
        • Support for drainstop in Azure App Gateway

          Traditional loadbalancers support the following states, to facilitate performing maintenance on a system of multiple nodes gracefully:
          Enabled (All traffic allowed)
          Disabled (Only persistant or active connections allowed)
          Force Offline (only active connections allowed)

          When a application gateway node is "unhealthy" it only allows active connections. We are looking for a way to force a node into an "unhealthy" state.

          The currently supported method is to use a custom probe that checks a file/path. I would like a solution that doesn't involve making changes on the server going into maintenance mode.

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
          • Support for Multi-SAN certificate in Azure App Gateway

            we want to use Multi SAN certificate for Azure Application gateway instead of wildcard cert. AWS allows us to do this. with Multi SAN cert, We minimize the risk with issuing a wildcard certificate and the certificate is cheaper for us

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
            • IP-in-IP

              Provide the ability to unblock IP-in-IP encapsulated packets in a virtual network.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
              • Improved audit when NSG is removed/added to a subnet

                When an NSG is associated or removed from a subnet I only see "Microsoft.Network/virtualNetworks/subnets/write" in the audit log. It is not clear whether this is a NSG which has been removed or some other activity like additon or removal of a route table on the subnet. It would be useful to see what actually happened for auditing purposes.

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • Application gateway

                  Hi MS team,

                  Could you enable the 'Edit' option for the Listeners we are configuring in the Application gateway. This will be really helpful if we decide to change our certificate.

                  Although we can do a workaround of deleting the listener and creating new one, but that needs some time investigating it, so I feel Edit option is a much better and easy approach for clients.

                  Thanks,
                  Thulasidas

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                  • traffic manager api

                    I would like an API call that can be made to get the list of traffic manager IP addresses. (this list https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-faqs#what-are-the-ip-addresses-from-which-the-health-checks-originate.)

                    That way we can automate the checking of this list and alert if it is amended, and also automate updating our azure services. Just having a website to check is too manual.

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      started  ·  0 comments  ·  Domain Name Service (DNS, Traffic Manager)  ·  Flag idea as inappropriate…  ·  Admin →
                    • MS NVA to over come transitive issues and costs for 3rd party NVAs

                      Provide an MS NVA to over come the cost of having to implement 3rd party NVA's, to provide routes between Vnets, due the the lack of support for transtive routes, whilst having to useUDRs is very time consuming and creates additional administrative burdens. As well as massive additional costs burdens.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
                      • Create a windows service on the client to insert route tables for P2S client

                        Please improve the p2s client so that a windows service with admin rights will insert the route tables. We could then deploy this without the user requiring admin rights.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • Add DNS names to NSG source/ destination options like we currently can with IP addresses and tags

                          Enable NSGs to use DNS names instead of only IP addresses, Tags and any. A lot of services have very dynamic IP adresses. Using DNS names would help a lot.

                          13 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                          • Auto close/deny port after time

                            Leaving RDP open is huge security risk, so I prefer it to set "deny" by default and only open before using RDP. Most likely I do have to remember to close RDP port after doing my work, but it would be nice if there is a timespan that will close the port after it was opened. So if I forgot, I wouldn't leave RDP port open, it would automatically close after given timeout.

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                            • Validate Firewall Rules priority conflicts before starting deployment

                              When creating a new VM and a new network with inbound firewall rules, if you add two rules with the same priority it will pass validation (see attached screenshot). It will however later fail the deployment with an obscure error message.

                              Firewall rule priority conflict detection should happen instantly as you type in the rule textbox. That green checkmark should have been red and saying "there is already another rule with this priority"

                              4 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • Tell the user which objects prevent an object from being deleted

                                I wanted to delete a Virtual Network and it kept telling me that it was in use and that I should come back later if I just deleted an object that used this Network.
                                However, the actual reason was that the Virtual Network still had a Gateway configured. As this gateway only shows up inside the Virtual Network and not on "All Resources", I wasted hours to figure out why I couldn't delete the network.

                                Suggestion:
                                If I can't delete an object because it is in use or has children, give me a list of those objects that prevent the…

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
                                • To improve portal user experience for Application Gateway configuration

                                  Application Gateway is a combination of backend pool, backend HTTP settings, listeners, custom probes and rules. Most of the time, to make changes, it is necessary to update more than one of the above mentioned settings (pool, HTTP setting, listeners, rules). Each settings are placed on different UI blades and takes nearly 3 - 10 mins to make single setting change getting reflected.

                                  Feedback: Make a Wizard kind of interaction that will enable to specify all desired setting changes at once, then let apply these changes in a single shot behind the scenes.

                                  8 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Standard Load Balancer should support using an "internal" IP address for probing the ports.

                                    The Standard Load Balancer and HA ports are are recommended for load balancing firewall appliances. However, the Load Balancer probe uses a common IP address for internal and external load balancers. This means that only the internal or external ports can be load balanced, which means that a messy Zookeeper alternative must be built to monitor the firewall availability.

                                    10 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      1 comment  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                                    • 3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Make default ssl settings more secure (https://www.ssllabs.com gives only B-rate).

                                        When we deploy SSL listener with default settings, ssl configuration in not very secure (although acceptable for some services). Popular checker https://www.ssllabs.com gives just B-rate for this. You can check recommendations for example looking at report for our sample AGW deployed with default settings https://www.ssllabs.com/ssltest/analyze.html?d=tb-ag-dev.textback.io

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Allow multiple hostnames in the same Listener Application Gateway

                                          Sometimes we share differents hostnames with the same web site.
                                          Currently, this means that we have to deploy differents listeners in order to provide access to the same backend pool.

                                          With a 20 listeners limit this solution is a bit expensive...

                                          Would it be possible to add multiple hostnames/sitenames to listener?

                                          Thanks in advance

                                          4 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                          • To have the possibility to set radius timeout on the VPN gateway point to site confguration

                                            When using the new radius authentication feature on Azure VPN Gateway it would be nice to be able to control the timeout to the radius server. This would make the usage of Azure MFA for VPN authentication possible. (IT works now if users are very fast at answering the phone)

                                            1 vote
                                            Vote
                                            Sign in
                                            Check!
                                            (thinking…)
                                            Reset
                                            or sign in with
                                            • facebook
                                            • google
                                              Password icon
                                              I agree to the terms of service
                                              Signed in as (Sign out)
                                              You have left! (?) (thinking…)
                                            ← Previous 1 3 4 5 15 16
                                            • Don't see your idea?

                                            Feedback and Knowledge Base