Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Redeploying AppGW (through ARM or cli) will clear all settings and configurations from running appGW

      Redeploying AppGW will clear all settings and configurations, such as listeners, http settings, backends, etc
      this is causing an outage and will require to reconfigure it from scratch.
      I wish we have this feature, like AKS or any other azure resources which redeploying does not change the existence settings.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. SSL labs shows certificate chain issue after TLS protocol and cipher suite changes in Application Gateway

      SSL labs show certificate chain issues after TLS protocol and cipher suite changes in the Application Gateway.

      The same certificate when reapplied to AG with a different name this error gets resolved.
      Its seems that after TLS setting change again uploading certificate is mandatory.
      Again there is no way to delete certificate from AG.
      If we have to adjust the cipher suites and test this creates lot of problems as every time new certificate must be uploaded with a different name

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. NTLM in Application Gateway v2

      NTLM should be supported in Application Gateway V2

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Increase rule limit for Application Gateway

      It is currently only possible to have 100 rules per map on the Application Gateway. Since every website should work without the trailing slash, this effectively decreases the limit to 50, since every rule consists of two rules which count against the limit:
      /website,/website/*
      Add to this the fact that creating extra slots in an App Service requires corresponding paths to be mapped (prod/staging for example), and the rules are very quickly exhausted.

      35 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Support for regex negative lookahead with WAF policy.

      I confirmed that we can not use regex negative lookahead like below as match values of custom WAF policy in Application Gateway.
      "\%(?!$|\W)"

      Some people want to use this regex so I want you to add this feature.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow both AppGw and Standard Public IP Address to move from one subscription to another.

      Allow both AppGw and Standard Public IP Address to move from one subscription to another.
      We, regardless of using AppGw v1 or v2, would be allowed to move an existing AppGw entirely by doing this.

      71 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. High security predefined setup

      This will give you an A+ score on ssl policy and should be a predefined setup:


      az network application-gateway ssl-policy set -g resource-group --gateway-name app-gw --policy-type Custom --min-protocol-version TLSv1_2 --cipher-suites TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

      Yet it is not a predefined one. something under the name: max-security.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Application Gateway: support reuse of same azure vault stored certificate

      Problem: If you deploy a gateway with more than one secure (443) listener then you cannot use the same vault stored certificate as they must have unique names.

      See:
      https://feedback.azure.com/forums/217313-networking/suggestions/17523370-application-gateway-support-for-wildcard-ssl-cert
      Comment from Product at release time:
      You can associate the same certificate with multiple listeners. Please do not define the same certificate multiple times. Currently the certificate details must be unique – however the certificate could be reused across listeners.

      Scenario:
      You have multiple environments held in various vms/clusters/app service e.g.
      dev.domain.com
      test.domain.com
      pentest.domain.com
      uat.domain.com
      cutomer-uat.domain.com

      You have a wildcard certificate stored in vault and you want to reuse the…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Better diagnostic message in AppGW on startup

      We have had instances of restarting app gw where during startup process the app gw ended up in a fail state without any diagnostic messages being available. RCA has shown that it has been due to DNS misconfiguration so FQDN for backend services hasn't been able to be resolved. This kind of error should yield an error log/diagnostic message so it easily can be rectified without opening a resource case. To further the issue a restart without a PUT operation actually doesn't change the DNS configuration so a restart should force a reread of all configurations and settings and clearing…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Make Application Gateway v2 available in Swiss regions

      We have several application gateways in both Swiss regions. However v1 have many limitations and we would like to use v2.

      Please make it available in both Swiss regions.

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Azure Application Gateway: Support backend health status when using user defined routes

      Currently, if you have a security requirement to use User Defined Routing through a network virtual appliance firewall, health status of Azure Application Gateway doesn't work.

      This should be redesigned so it's an outbound connection from the application gateways to Azure's monitoring infrastructure rather than it needing to be an inbound connection.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Rewrite header rule dose not work well using redirect rule.

      When I attached rewrite header rule to a request routing rule with redirect, I confirmed that the rewrite rule did not work. I hope we can use rewrite header rule with redirect rule.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. One click add Application Gateway to AKS Ingress

      Right now adding Application Gateway to AKS is a disastrous mess of endless commands.

      This should be no more difficult than going to Networking under AKS and picking the Application Gateway to Install and clicking Add. (Or delete one that's already in there)

      And it should be a one liner using az.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Custom error page for 504 error

      Today we can do customer error pages for 403, and 502 errors.
      However we would like to create a customer error page when customers receive 504 errors.

      504 errors are created if the application gateway haven't received a response from the backend servers within the defined timeout period.

      This can happen if the backend is overloaded, and not yet seen as unhealthy by the application gateway.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Deprecate use of Cipher Block Chaining cipher modes - TLS_RSA_WITH_AES_256_CBC_SHA256

      App Gateway is REQUIRING a WEAK CIPHER be enabled

      See: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-configure-ssl-policy-powershell#configure-a-custom-ssl-policy

      ==Important==
      TLSRSAWITHAES256CBCSHA256 must be selected when configuring a custom SSL policy. Application gateway uses this cipher suite for backend management. You can use this in combination with any other suites, but this one must be selected as well.

      As of May 2019 - SSLLABS is identifying cipher suites using CBC as WEAK - https://blog.qualys.com/technology/2019/04/22/zombie-poodle-and-goldendoodle-vulnerabilities#comment-303228

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Application Gateway: To remove (.cer) files via Azure Portal

      When we want to remove an unused expired certificate (.cer) file from Application Gateway, we will have to use the cmdlet to remove them. It seems only to support the cmdlet to remove them using PowerShell or Azure CLI.
      I know we can remove the certificate from HTTP settings using Portal, but it remains at Application Gateway. (It means we have to see a lot of unused certificate on the list in a HTTP setting.)

      This is a simple request, that we want to remove their certificate (.cer) files not only just using the cmdlet but also via Azure Portal…

      35 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Transform incoming URLs to lowercase

      Some applications behind the app gw can be case-sensitive. Especially when working in a bundle with Identity providers. Would be great to have ability to create custom rules where you can transform all incoming URLs to lowercase or uppercase.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Reserved price

      We are using application gateways extensively. but there is no reserved pricing in for AG. We need reserved pricing similar to VM and postgres PASS

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Application gateway support 99.95 SLA. We are using many azure resources in implementation and effective SLA is coming down due to AG. Other

      Application gateway supports 99.95 SLA. We are using many azure resources in implementation and effective SLA is coming down due to AG. Kindly provide/improve the SLA to 99.99

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Application Gateway v2: Cannot be working correctly when the "Test" button on setting custom probes with using the "Health probes".

      We deployed the Application Gateway v2 on Azure Portal to set the custom probe configuration using the "Health probes",
      And push the "Test" button. In the result, we got just only the message "No Result.".
      It must be appeared backend instances on the display.
      However, it seems not to check backend pool instances health correctly on Azure Portal.
      Please fix this "Test" function with working correctly on Azure Portal.

      Test backend health with the probe:
      https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-probe-portal#test-backend-health-with-the-probe

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 10 11
    • Don't see your idea?

    Feedback and Knowledge Base