Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Add an indication that Forced Tunneling is Enabled/Disabled

      The way to check if Forced Tunneling is Enabled/Disabled is to check Management subnet and Management public IP.

      But when the FW is stopped (deallocated), Management subnet and Management public IP are deallocated, and it is not possible to confirm whether Forced Tunneling is Enabled/Disabled.

      Would you please add an indication that Forced Tunneling is Enabled/Disabled?

      6 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    2. Log azure firewall headers/SNI for application rules

      Log the headers for requests and the actual outcome (i.e. when using host header that resolves a different IP than the original or the SNI / host used for the request)

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    3. Is there a way to do a custom message that says something like this site is blocked by Admin instead of the standard msg ?

      I created an azure firewall setup with application rules to do web content filtering / blocking . Is there a way to do a custom message that says something like this site is blocked by Admin instead of the standard msg ?
      can you add this as feature request.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    4. dnat

      Azure Firewall should log the source port number of the outgoing connection when DNAT'ing. This would make it easier to trace connections from the source, through NAT and to the destination.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    5. Alert rule when an Ip restriction is added, Modified or Deleted in azure app service

      Technically , There should be an option to alert when the firewall rule changes or a new firewall rule is created .

      There is option to alert on NSG and Other SQL firewall . In case of app service we dont have an option to alert when an ip restriction rule is added , deleted or modified

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    6. Public IP address prefix support for Azure Firewall with Firewall Manager

      Today Azure Firewall (Standalone) support Public IP address prefix (https://docs.microsoft.com/en-us/azure/virtual-network/public-ip-address-prefix )
      But when Azure Firewall is in Firewall Manager the Public IP address support is not there.

      It's very important that Firewall in any mode and tier support predictable IP range

      2 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    7. Public IP address prefix support for Azure Firewall with Firewall Manager

      Today Azure Firewall (Standalone) support Public IP address prefix (https://docs.microsoft.com/en-us/azure/virtual-network/public-ip-address-prefix )
      But when Azure Firewall is in Firewall Manager the Public IP address support is not there.

      Its very important that Firewall in any mode and tier support predictable IP range

      2 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    8. Support ICMP outbound with Azure firewall

      Currently Azure Firewall does not support ICMP outbound to internet, it's listed as a known limitation and is being investigated to be added.

      We need ICMP for troubleshooting purposes. It's currently hard to troubleshoot routing and policy issues.

      https://docs.microsoft.com/en-us/azure/firewall/overview#known-issues

      15 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    9. Service Tag for service bus should support port 5671

      Currently, as per service tag documentation https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview#available-service-tags for service bus, only premium tier is supported.

      ServiceBus Azure Service Bus traffic that uses the Premium service tier.

      I am not sure why the same does not work for standard tier service bus.

      However when in Azure Firewall we enable ServiceBus tag, it still does not allow outgoing connections on port 5671, 9350-9354.

      Please make sure that with ServiceBus tag connection to service bus is allowed on all service bus with all possible IP and ports

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    10. User can detect disability to one of instance

      if it is occured disability to one of instance, user can't detect disability.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    11. Azure Firewall selective SNAT support

      We need the ability to set the outbound public IP address for source IP, ranges or subnets. This is basic firewall support. NAT gateway has this ability.

      18 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    12. Azure Firewall - Network Rules Optimization

      Currently with the "Network rules hit count" we can see the number of times a network rule has been hit, but in term of rules management/review it's also important to know which rules are not hitting!
      Moreover on Network rules log/monitoring please add the option to filter from specific IP source/destination or from a range.
      It would be interesting to have some AI checking the rules for overlapping and suggesting how to handle them.
      And it would be great to have a centralized single panel of glass to manage NSG, FW and VMs network rules, like https://www.tufin.com/tufin-orchestration-suite

      3 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    13. Customer wants to specify Azure Firewall SNAT IPs

      Current SNAT IP selection algorithm is random. Customer wants to specify this so that they can have more control over Firewall SNAT behaviour.

      SR: 2102250040000872

      4 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    14. IP Group Update

      When a new IP is added to an IP Group that is used in the Azure Firewall, please allow the firewall to recognize the new IP without having to change something in the firewall and do a Save.

      18 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    15. Is there any way to predict data processing traffic charges for Azure firewall before using it.

      Is there any way to predict data processing traffic charges for Azure firewall before using it.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    16. Allow tags to be updated, added, deleted

      Currently, we can apply tags when creating Firewall Policy but updating, adding, or deleting tags is not supported. I request to enable tags to be updated, added, or deleted.

      11 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    17. ip group

      IP Groups with shared responsibility

      Add support for end users to be able to change IP addresses in IP groups (access control / IAM for the IP group resource) within the provided addresspace (addresspace managed and locked by admins) for their landing zone.
      With this feature, the end users could have the possibility to manage source and destination in firewall rules them selves but within the limited (IP) scope set by admin.

      0 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    18. Set service tags as source in rules

      Why can we not set the source of a rule to be a Service Tag? We can set it as a destination but not a source.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    19. Firewall rule checker

      A quick tool to find out what rule allows/denies your test connection (source/dest, port, protocol etc.) would be very hand and an addition to being able to disable/enable rules

      27 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    20. Allow more than 100 IP Groups per firewall

      IP Groups are very strong features allowing the definition of dynamic IP adresses int one group that can be used for Firewall Rules. When such a dynamic IP address changed, the only thin to do it change the content of the IP group and all Firewall rules get the updated information, without the requirement to change them all individually.

      This great feuature is also used in our On Premise Palo Alto Firewall, having hundreths of so called Rule Objects. The limit in Azure seems to be 100 IP Groups per Firewall. Some Powershell/CLI/REST API command to check upon the existince…

      27 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5
    • Don't see your idea?

    Feedback and Knowledge Base