Currently, Probing port in Application Gateway is the same with a service port.
For example, if it configures HTTP(80) port as backend port, Probing port would be HTTP(80) port.
In some application, it could not response correctly to HTTP/HTTPS probing by service port.
So it is better for us to set a probe port other than a service port like a probe port is 80 and service port is 8080.17 votes
I pretty much want to keep storage, SQL database, web app, VMs, and any other service I use within a private network to keep granular control of which services can connect to other services. The "open to all" connection strings to all services is a hard sell to any organization used to securing their IT behind firewalls and networks of networks. Where are you on this today? It must be considered a less secure since these connection strings always tend to leak..10 votes
Service endpoints for Storage and SQL are available in preview and we have more work in progress for webapps integration.
We have requirements from customers to restrict access via their company subnets. It would be very nice if the App Gateway supported not only the SSL offload but the ability to apply ACLs to allow or deny access via a defined network range using X-FORWARDED-FOR headers.124 votes
Please provide Azure Services with an Internal Endpoint (a least Azure Storage and Azure Backup) to build up machines without Internet Connection.47 votes
Storage service tags gives this capability and it was Completed. Private IP for storage is under review.
Open CDN map- and you will find that for MOST geographical regions- CDN is irrelevant. For exUSSR region closest CDN is in Poland but latency just on a few millisecond less than directly from WE region. For MEA region- the same...16 votes
Work is ongoing to provide POPs in additional Geographical regions. In November POP’s were added in India and South America. Additional POP’s in South America and in Oman will be added in the next few months. We also announced last year a partnership with Akamai which will allow us later this year to provide access to the entire Akamai network. Akamai has POP’s in over 110 countries. The following link from Akamai will help us see the level of coverage that they have today: http://wwwnui.akamai.com/gnet/globe/index.html
Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)372 votes
Support for both public and private IP at the same time is available on both V1 and V2 SKU. Customers can host multiple sites behind the same IP and port using multi-site listener today.
Support for allowing same port on both public and private IP is in the roadmap.
IPv4 addresses are running out and Azure has had a lot of problems with this, resolved by buying IPv4 address pools at a significant cost.
Some users and cloud deployments only require connectivity with on premises networks (either IPv4 or IPv6, not both).
Make IPv6 available for all services and allow the option of choosing what type of addresses are required (IPv4+IPv6 or IPv6 only).
● Giving each cloud service a /60 (or bigger) instead of a /64;
● Making IPv6 addresses static, since pool depletion is no longer an issue.78 votes
Please provide an api that will us to gather the full list of azure ip addresses, the ones added in the last week, and the ones deleted in the last week. This would be used to automate the weekly changes we need to make to accommodate these changes.45 votes
Hi Brian, we have this functionality through the Discovery API, you can find more information here: https://azure.microsoft.com/en-us/updates/service-tag-discovery-api-in-preview/
— Anavi N [MSFT]
We would like a virtual span port or port-mirroring ability381 votes
Thanks for recently adding the ability to specify custom DNS servers for virtual networks.
I assume this is implemented with DHCP.
We are unfortunately not able to rely on this feature yet because we also set a custom DNS domain search.
This can be done with DHCP option 119, and this is how we have our non-Azure LAN configured.16 votes
Azure DNS support for private zones is now in limited preview and custom DNS suffix will be part of that. See http://aka.ms/azureprivatedns for details of the feature.
The ask is pretty self-explanatory.
We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.
Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.
For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.306 votes
We are working on giving more control over authentication within Point-to-Site connectivity to Azure.
It would be nice if we could purchase elastic IPv6 blocks of IPs, then when setting up an endpoint for a VM we could select the specific IP from the block for the endpoint.57 votes
We have Public IP Prefix – you can reserve a block of IPv4 addresses.
- Anavi N [MSFT]
- Don't see your idea?