Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. VPN Show configuration

      Ability to see COMPLETE configuration of the VPN connection. See all the parameters of Phase 1 and 2, hash and encryption algorithms, PFS, DPD, SA, etc.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    2. VPN Debug

      Ability to execute a debug on the VPN Azure (Conecction - Local Network Gateway) and be able to see the logs in real time of traffic between the peers of vpn. For example, why a phase 1 or 2 is failing, why encryption domain matches or not, etc. Like a VPN onpremise do. Talking to the azure support team, they tell us that there is currently a way to do it, but only is allowed for the support team, not for azure users. Which makes losing a lot of time lifting a ticket, just to see a debug.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    3. No pricing plan for Legacy SKU on Virtual Network Gateway

      The pricing page just gives the pricing for the Basic from the Legacy SKU:
      https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/

      There is no pricing for Standard or High Performance.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    4. vpn point to site static

      Requesting the ability to set a static IP for a point-to-site vpn client. Currently the addressing is auto/random from a vpn pool. Would like the ability to strap that. Specifically for the OpenVPN peering - but all of the point to site peering options can benefit from this.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    5. No comprehensive description of the limitations of basic gateway

      Why is there no documentation that comprehensively describes the differences between the different gateways? I set up a basic gateway thinking it would be sufficient for our immediate needs according to (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways) and the other offerings *start* at 5x the price of basic. But then I see in a different document that IKEv2 is not supported with the basic gateway. Is it supported or isn't it? What else can the Basic gateway not do?
      This is needlessly frustrating and making it that much more difficult to deploy our infrastructure because we have to backtrack plans due to poor…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    6. Allow creation of your own Service Tags for use in NSGs

      Effectively allow you to create your own address group objects that can be referenced across all NSG's in any location/VNET.

      This would simplify NSG management considerably, even more than ASGs will (when they support being used across multiple VNETs)

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    7. Allow advertisement of regional / datacentre routes from VPN Gateway

      Microsoft Peering can be employed with ExpressRoute, but there seems to be no such feature in VPN Gateway. If you could add a tick box for the peer to send out the region's ranges to which the VPN Gateway were provisioned, that would be great.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    8. alerts

      Would appreciate if we have an option/metric to Monitor the VPN Tunnel status.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    9. The bgp peer ip configured on the local gateway is advertised back to the site router via the tunnel

      Azure BGP implementation advertises a route to on-premises BGP peer IP back to the on-premises network via Azure! This should have been filtered on Azure side.

      B 10.255.254.6/32 [20/0] via 10.16.1.4, 00:03:47
      via 10.16.1.5, 00:03:47

      10.255.254.6/32 is the loopback IP address on my VPN device.
      10.16.1.4 and 10.16.1.5 are the BGP IP addresses on Azure VNET.

      Ref. case: 119060721002544

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    10. Allow custom firewall on VPN GateWay interfaces

      At this time, a firewall on these public interfaces is not manageable. When conducting security evaluations, we have to specify an exception to our security policy because of the lack of control. I would like the ability to specify the TLS level and limit inbound IP addresses and ports

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    11. Increase the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      I am dealing with a very complex client network environment, which is managed by their vendor.

      The current route advertisement limit is severely impacting the works that we need to perform through to, and within the client's network.

      I would like to request, and strongly suggest for an increase in the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      Please also refer to the case reference number 119051322001294.

      Thank you.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    12. Even smaller "Dev" size of Virtual Network Gateway

      While the ability to set up a site-to-site tunnel between my local network and an Azure virtual network is a very great convenience, it's also quite the expensive convenience for the single-developer business. (If you have a VS Professional subscription, for example, you'll burn almost all of your included Azure credit on this alone.) This may be partly solved, at the cost of some overhead, by this request:

      https://feedback.azure.com/forums/217313-networking/suggestions/6169157-stop-start-virtual-network-gateway-to-don-t-pay

      ...but my first observation is that even the "Basic" size of VPN gateway is far more, at 100 Mbps and 10 S2S tunnels, than I actually require.

      How about a cut-down…

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    13. Cisco Meraki - 15x Code - IKEv2 - Certify Device on Azure List

      With Cisco Meraki's MX code release of 15.x, IKEv2 is now supported - Can we get the Cisco Meraki MX as certified for an Azure VPN Device?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    14. BGP password

      We would like to be able to set a BGP password for peering between VNG and on-prem.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    15. Allow GRE packets in Azure virtual networks for the purpose of configuring a PPTP VPN within an Azure VM

      This is to allow those who do not have access to on premises devices to be able to connect to the on premises VPN using the credentials that where provided to them. In my case site-to-site, point-to-site and other VPN connection methods offered by Azure are inadequate as they require installing or configuring something on site and I do not have access to any of the on premises resources.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    16. Fix the traffic selector of Basic VPN Gateway

      On the Azure side, on a Basic VPN S2S VPN Gateway, the VPN gateway is always configuring a traffic selector of 0.0.0.0/0 not taking into consideration the configured on premises address ranges. This is by design and makes the basic gateway a non usable product.
      If you want split tunneling you are forced to an advanced gateway, with Policy Based Traffic Selectors, even if you only are establishing one single tunnel.
      More info on case 119020925000183

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    17. Document for active-active S2S VPN with Forced Tunneling

      We would like you to add documentation for forced tunneling with Act-Act S2S VPN connection.
      Azure can create above structure with BGP default route advertisement from on-premises, however there is no documentation about this.
      We confirmed there are below documentation for Act-Act S2S VPN and for configuration of forced tunneling with VPN connection.

      Configure forced tunneling using the Azure Resource Manager deployment model
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm#configure-forced-tunneling>

      Configure active-active S2S VPN connections with Azure VPN Gateways
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell>

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    18. VPN connection monitoring

      Need a solution to monitor the Azure VPN connection status. Currently no option is available in the metric/log analytics to alert the status of VPN connection failure. When will be the feature available in portal to create such monitoring rule in Azure native monitoring?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    19. WireGuard VPN protocol in Azure VPN PaaS

      Add WireGuard as a VPN protocol in the Azure VPN PaaS offering.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    20. Azure VPN gateway should support Azure PaaS service

      Currently, Azure VPN gateway only support IaaS service, like Azure VM. We hope Azure VPN gateway can support PaaS service in near future. So that user can connect to PaaS service with its private address via VPN.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    ← Previous 1 3 4 5
    • Don't see your idea?

    Feedback and Knowledge Base