Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Azure virtual Network Gateways should support IPv6

      Supporing IPv6 on Azure vNet is great. In hybrid hetwork scenarios IPv6 connectivity is important as well. If Azure vnet Gateway supports IPv6 VPN it would be, just great.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Azure VPN Client: Minimize to Tray

      Add an option to minimize the Azure VPN Client to the system Tray. It's annoying to have it in the taskbar all the time.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Issues with IKEv1

      Fix issues with using IKEv1 on Standard+ Gateways.
      Currently (North EU) You are getting Bad request picking IKEv1 in both AzurePS and webGUI.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Multiple P2S VPN IP address pools

      A point-to-site configuration on a Virtual Network Gateway only allows one pool of dynamic IP Addresses. There is no way to restrict access to resources from specific VPN client users.

      If there was provision to allow different address pools and each pool assigned either via a configuration profile or somehow published as a separate application, access could be restricted based on user role by grouping VPN clients by separate address pools.

      24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. VPN Gateway Issues Certificates

      VPN Gateway(P2S) must have the ability to issue certificates (root, client).
      In my case, there is a customer who uses VPN GW certificate authentication to authenticate the source device.
      There are cases where a customer does not have a CA station. In that case, the customer will need a CA station just to connect to the VPN GW.Alibaba's VPN GW has the ability to issue certificates.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Whitelisting of clients with common name (CN) or certificates

      I'm using VPN Gateway (VpnGw1) with openVPN configuration and Azure certificates. Currently there is no way to allow a client connection based on a certain condition, because in general all clients with a valid certificate can connect to the VPN Gateway. As there is a way to blacklist clients via revocation list, it would allow interesting use cases if whitelisting of clients is possible too.

      For openVPN this could be done quite easily with the '--tls-verify' plugin, but i guess there i no way to customize the openVPN server configuration / add plugins.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Display User Info next to Allocated IP Address when using Azure Active Directory Authentication

      On the Point-to-site configuration blade in the portal, for VPN's that are using Azure Active Directory for authentication, display the user info next to their allocated IP address

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Add automatic connect support on Azure P2S openVPN

      In case of internet connectivity restore, VPN gateway planned maintenance and other scenarios, it would be quite helpful for openVPN client to be able to automatically re-connect.

      Please add this feature.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. VPN connection

      Dear Azure team,

      It is not recommended to allow the complete vnet on the client side VPN devices. Our requirements is to restrict the communication to only small subnets. Please check the possibilities of restricting the access to small subnet instead of the whole vnet.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Make Azure VPN client accessible as a direct download

      The new Azure VPN client is only available on the Microsoft store. Our organization has the Microsoft store turned off per company GPO. This means, there is no way for us to download the executable, even though we have local administrative privileges on our laptop.

      34 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. point to site address pool per root certificate

      In the Virtual Network Gateway Point-to-Site connections it would be cool to have one address pool per root certificate to make it more flexible to manage rules in network security groups or other firewalls and policies based on IP ranges.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. S2S VPN Connection Status shows Connected even though phase 2 negotiation has failed

      When viewing the connectionStatus (whether through the portal, CLI, or PS), the value shows "Connected" even though the tunnel is not fully connected. For example if phase 1 completes and phase 2 does not (during initial tunnel negotiation with the remote firewall). The only real indicator is that the "Data out" shows zero bytes for the connection. There is data in, however. This equates to encaps but no decaps in network lingo.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Enable AAD group restriction for AAD authenticated P2S VPN

      Using Azure AD to authenticate against P2S VPN is handy but opens it up to all (member) users in the tenant.

      You should be able to further restrict VPN access via Azure AD group membership or similar.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. P2S Client Dynamic DNS Registration

      Point-to-Site (P2S) VPN Clients do not register DNS against VNet DNS Servers when connecting to VPN. This is supported by other VPN clients and should be supported by Azure.

      Expected Result: When a client connects to Azure P2S VPN, the client should initiate a Dynamic DNS Registration towards the VNet-defined DNS servers to register myhostname.mydomain.local with the IP address received via the VPN tunnel.

      This function is currently not supported, per this document:
      https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#does-point-to-site-support-auto-reconnect-and-ddns-on-the-vpn-clients

      58 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Block 8081, 8082, 8443, 8444, 10001, 10002, and 20000 access from Internet for Azure VPN Gateway

      Network ports 8081, 8082, 8443, 8444, 10001, 10002 and 20000 for Azure VPN Gateway are opened from Internet, these ports are used for Gateway management. We understand Azure platform has secured these ports in Azure platform level, however from security perspective, we would like to suggest to restrict these ports can only be accessed from Azure Platform.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Allow connection to an Azure SQL database over an Azure Gateway VPN

      I'd like to be able to allow remote users to connect to an Azure SQL database using a point to site VPN - everything seems to be in place to do this. With the VPN connected I can PSPing port 1433 on the IEP endpoint address but connecting Azure Data Studio fails and says I need to add my external IP to the Firewall.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Name resolution of PC connected by Point-to-site VPN

      We connect to Azure VNET from a client PC via a point-to-site VPN.
      Then, the client PC connects to the server (virtual machine) in VNET.

      We want to communicate using the computer name when communicating from the server to the client PC.

      We hope to be able to name resolution of the client PC connected by Point-to-site VPN.

      Best regards.

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow multiple parallel p2s vpn connections using Azure VPN Client

      Currently 'Azure VPN Client' from Microsoft Store limits the number of parallel connections to 1. However this is inadequate for most of the medium to large scale enterprise where IT Ops needs to connect more than 1 gateway i.e. more than 1 vpn connection simultaneously.

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Second Loopback IP for BGP Peering

      Is there a way we can add another second loopback IP for the BGP peering to the local network gateway? The reason is that we have 2 VPN headend routers they both share the VPN facing IP address using HSRP VIP to terminate the tunnels. Both routers have different loopback interface IP and cannot share that. It is only the active router is where the VPNs are terminated and BGP is established thru it. However if we failover to the secondary, yes VPN will be established but BGP will not. So in this case, a manual IP address change on…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Improvement of maintenance specifications for Azure VPN Gateway instances

      I already posted this feedback below on October 27th, and have collected 230 votes.
      However, due to UserVoice tool's trouble, the feedback cannot collect votes anymore, so I posted it again.


      We plan to provide a solution for financial institutions that utilizes Azure.
      However, we have 2 problems about maintenance specifications of Azure VPN Gateway instances.

      Request1: Could you extend the maintenance interval between two instances of VPN Gateway ?

      In some cases, the maintenance interval is not enough to reestablish VPN tunnel between on-premise devices and VPN gateway instances.
      We are having some trouble reestablishing of VPN tunnel.

      Request2:…

      240 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 6 7
    • Don't see your idea?

    Feedback and Knowledge Base