Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Azure VPN gateway support two VPN connections without requiring BGP

      The Azure VPN gateway currently requires the BGP protocol to connect two VPNs.
      I wanted to connect the office with on-premise using one gateway in the network in MS Azure and unfortunately it is not possible.
      MS Azure only supports this via the BGP protocol.
      Solved with MS support ticket ID-120072425001459.
      At the moment, MS Azure cannot connect 2 separate and functional VPN tunnels to the gateway without BGP (it does not matter if it is a combination of P2S and S2S or two site-to-site tunnels.
      I think it would be useful and more people would use it. Thank you

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Azure VPN with Azure MFA should require two-factor authentication every time it connects.

      Azure VPN with Azure MFA should require two-factor authentication every time it connects. If someone obtains the Windows credentials for a user, an attacker with access to the laptop can connect remotely to the VPN using only the Windows credentials, what does not look like a secure solution for remote access. We would like to see a behavior more like other VPN solutions, where users have to enter the second factor every time they connect to the VPN. Thank you.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Azure VPN Client: Support for http proxy settings

      When using the Azure VPN Gateway for p2s-connections in connection with Azure AD authentication you are required to use the Azure VPN Client application.
      This client does not allow the configuration of any proxy settings and does not seem to honor system wide proxy settings as well.
      Because of this is the usability of the p2s-VPN-client is severely limited for enterprise users that usually do not have direct non-proxied internet access.

      Please consider implementing additional settings in the azurevpnconfig.xml file you can use to configure the Azure VPN Client application.

      As the client application probably does not re-implement the OpenVPN…

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Fix P2P + P2S statuc route behaviour after additions on Azure VPN Gateways

      At present, in a situation where a single Azure VPN Gateway is used as both a P2P and P2S device, adding fixed downstream routes to the Local Gateway and P2S endpoint (both split and forced tunnel modes) results in VPN endpoints being unable to reliably route to the downstream locations. BGP is not in use.

      At present, a reset of the VPNGW is required when adding new routes in order for them to work correctly (even though routing works correctly from any servers inside an attached VNET, and published routes propagate correctly to the P2S clients via intune or manual…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Azure virtual Network Gateways should support IPv6

      Supporing IPv6 on Azure vNet is great. In hybrid hetwork scenarios IPv6 connectivity is important as well. If Azure vnet Gateway supports IPv6 VPN it would be, just great.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Azure VPN Client: Minimize to Tray

      Add an option to minimize the Azure VPN Client to the system Tray. It's annoying to have it in the taskbar all the time.

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Issues with IKEv1

      Fix issues with using IKEv1 on Standard+ Gateways.
      Currently (North EU) You are getting Bad request picking IKEv1 in both AzurePS and webGUI.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Multiple P2S VPN IP address pools

      A point-to-site configuration on a Virtual Network Gateway only allows one pool of dynamic IP Addresses. There is no way to restrict access to resources from specific VPN client users.

      If there was provision to allow different address pools and each pool assigned either via a configuration profile or somehow published as a separate application, access could be restricted based on user role by grouping VPN clients by separate address pools.

      26 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. VPN Gateway Issues Certificates

      VPN Gateway(P2S) must have the ability to issue certificates (root, client).
      In my case, there is a customer who uses VPN GW certificate authentication to authenticate the source device.
      There are cases where a customer does not have a CA station. In that case, the customer will need a CA station just to connect to the VPN GW.Alibaba's VPN GW has the ability to issue certificates.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Whitelisting of clients with common name (CN) or certificates

      I'm using VPN Gateway (VpnGw1) with openVPN configuration and Azure certificates. Currently there is no way to allow a client connection based on a certain condition, because in general all clients with a valid certificate can connect to the VPN Gateway. As there is a way to blacklist clients via revocation list, it would allow interesting use cases if whitelisting of clients is possible too.

      For openVPN this could be done quite easily with the '--tls-verify' plugin, but i guess there i no way to customize the openVPN server configuration / add plugins.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Display User Info next to Allocated IP Address when using Azure Active Directory Authentication

      On the Point-to-site configuration blade in the portal, for VPN's that are using Azure Active Directory for authentication, display the user info next to their allocated IP address

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Add automatic connect support on Azure P2S openVPN

      In case of internet connectivity restore, VPN gateway planned maintenance and other scenarios, it would be quite helpful for openVPN client to be able to automatically re-connect.

      Please add this feature.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. VPN connection

      Dear Azure team,

      It is not recommended to allow the complete vnet on the client side VPN devices. Our requirements is to restrict the communication to only small subnets. Please check the possibilities of restricting the access to small subnet instead of the whole vnet.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Make Azure VPN client accessible as a direct download

      The new Azure VPN client is only available on the Microsoft store. Our organization has the Microsoft store turned off per company GPO. This means, there is no way for us to download the executable, even though we have local administrative privileges on our laptop.

      95 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. point to site address pool per root certificate

      In the Virtual Network Gateway Point-to-Site connections it would be cool to have one address pool per root certificate to make it more flexible to manage rules in network security groups or other firewalls and policies based on IP ranges.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. S2S VPN Connection Status shows Connected even though phase 2 negotiation has failed

      When viewing the connectionStatus (whether through the portal, CLI, or PS), the value shows "Connected" even though the tunnel is not fully connected. For example if phase 1 completes and phase 2 does not (during initial tunnel negotiation with the remote firewall). The only real indicator is that the "Data out" shows zero bytes for the connection. There is data in, however. This equates to encaps but no decaps in network lingo.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Enable AAD group restriction for AAD authenticated P2S VPN

      Using Azure AD to authenticate against P2S VPN is handy but opens it up to all (member) users in the tenant.

      You should be able to further restrict VPN access via Azure AD group membership or similar.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. P2S Client Dynamic DNS Registration

      Point-to-Site (P2S) VPN Clients do not register DNS against VNet DNS Servers when connecting to VPN. This is supported by other VPN clients and should be supported by Azure.

      Expected Result: When a client connects to Azure P2S VPN, the client should initiate a Dynamic DNS Registration towards the VNet-defined DNS servers to register myhostname.mydomain.local with the IP address received via the VPN tunnel.

      This function is currently not supported, per this document:
      https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#does-point-to-site-support-auto-reconnect-and-ddns-on-the-vpn-clients

      122 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Block 8081, 8082, 8443, 8444, 10001, 10002, and 20000 access from Internet for Azure VPN Gateway

      Network ports 8081, 8082, 8443, 8444, 10001, 10002 and 20000 for Azure VPN Gateway are opened from Internet, these ports are used for Gateway management. We understand Azure platform has secured these ports in Azure platform level, however from security perspective, we would like to suggest to restrict these ports can only be accessed from Azure Platform.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Allow connection to an Azure SQL database over an Azure Gateway VPN

      I'd like to be able to allow remote users to connect to an Azure SQL database using a point to site VPN - everything seems to be in place to do this. With the VPN connected I can PSPing port 1433 on the IEP endpoint address but connecting Azure Data Studio fails and says I need to add my external IP to the Firewall.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 6 7
    • Don't see your idea?

    Feedback and Knowledge Base