Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Add a feature that gives you an static IP regardless of what server you attach to it.

      Add a feature that gives you an static IP regardless of what server you attach to it. That wat, if you have to migrate your server you keep your IP Address.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    2. Confirguration of caching rules in Front Door

      Allow configuration of content caching rules similar to how Azure CDN (Akamai) and Azure CDN (Verizon). This will allow better support of leveraging Front Door with Azure Storage Static Websites where it is impractical to set cache-control on a per-item basis.

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. Custom error pages in Azure Front Door

      As for Application Gateway, we need to be able to customize the error page displayed when the access to an url is refused by an ip restriction rule.

      See : https://feedback.azure.com/forums/217313-networking/suggestions/18749326-application-gateway-custom-error-pages

      109 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Support wildcard hosts in custom hostnames

      Many of current SaaS applications enable customers to select it`s own subdomain in order do have a personalized url.

      So let's say I own contoso.com and I let my customers select any subdomain (*.contoso.com) like:

      foo.contoso.com
      bar.contoso.com

      That's cool with a couple customers but when you have a large system it's not doable setup one by one, even that you can automate that.

      The ideal solution would be allowing custom hostname field to bind a wildcard domain, in this example *.contoso.com

      There's a similar idea for Application Gateway that has been for a while (https://feedback.azure.com/forums/217313-networking/suggestions/19527121-application-gateway-support-wildcard-hosts-in-lis)

      Similar products on…

      138 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    5. azure application gateway websockets latency metric

      When using websockets together with Azure Application Gateway, you end up with artifically increased latency_d in the ApplicationGatewayPerformanceLog. Indeed, all the 101 (websockets) connections remain pending, which is a normal behavior and their duration gets recorded by the gateway. The problem is this normal behavior increases the average latency of all requests (including non-101) and there is no way to filter 101 out of the ApplicationGatewayPerformanceLog logs...Therefore, if we setup an alert on latency_d, this will raise a lot of false positives...While this metric is very useful in the ApplicationGatewayAccessLog because it allows for calculation of average user sessions, it…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Add App Service Virtual IP (VIP) as Traffic Manager endpoints

      When using the Alias Record Set of Azure DNS, it becomes an error if it is a domain name.

      App Service has a VIP, I would like an option to add IP instead of domain name.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    7. Traffic analysis on ExpressRoute connections on top dataflows

      If there are many VNET's connected to the ExpressRoute, traffic of one VNET can impact other VNET's traffic. We need a way to see which src_ip and dst_ip traffic is responsible for filling up the ExpressRoute. Current NSG flow data does not include amount of data between endpoints, thus we need another way of analysing top consumers of the ExpressRoute.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    8. Make ASG independant of a VNET like NSG

      While it's possible to attach a NSG to multiple subnet or even different subnet in different VNET, it should be the same for ASG.
      Currently I can add machines only in the same VNET once a single machine had been added to the ASG.

      My usage : I've got different services I deploy in different vnet but identical usage just different environments. Then I have some shared resource such as nsg that are applied to these different instances and I wanted to add the different machines with same role to a single ASG instead of create one ASG/role/environment and just…

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    9. Allow Network Security Groups (NSGs) to Reference Application Security Groups (ASGs) From Different Location

      Remove the limitation of restricting Network Security Groups (NSGs) ability to leverage/associate Application Security Groups (ASGs) that are not within the same location of the target Virtual Network (VNET).

      This is especially important, to provide granularity and segregation/isolation in a hub-and-spoke networking model (i.e. VNetA-ASG1-to-VNetB-ASG1), in association with VNet Peering.

      256 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      14 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    10. Azure Firewall NAT Rules

      When the UDR assoc the Subnet is not possible connect by RDP from the Internet, or other services exposed in the internet.

      If I could create the NAT Rule on the Azure Firewall I can expose any services in internet and this issue would be resolved.

      thank you so much.

      Best Regards

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    11. Authentication to VPN Gateway using Azure AD

      Add option to authenticate to VPN Gateway using existing Azure AD accounts. For security reason there should be option to add a group of users allowed to use VPN.

      This should help to use Azure VPN Gateway by customers which not use local AD DS servers

      58 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    12. Azure Firewall

      Please add the ability to protect against inbound traffic from the public internet in addition to its present ability to protect outbound traffic. If this is going to be offered as a true SaaS 'Firewall' solution, I believe this should have that true firewall protection for incoming traffic (protection against common attacks, layer 7 packet inspection, etc.)

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  7 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    13. Site Categorization for the new Azure Firewall

      Adding the ability to restrict outbound traffic based on Site Categorization would be great. This would give the ability to restrict outbound access to adult, gambling and other questionable sites.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    14. Azure DNS private zone for non-empty vnets

      allow creating of private zone for non-empty vnet.

      46 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
    15. Add additional IP Protocols ls for NSG Rules

      Add the ability to add additional IP Protocols (i.e. ICMP, EIGRP, so forth) to an NSG rule. The only option today is TCP, UDP, or "*". Currently to allow ICMP you have to allow any protocol "*" and any port "*" in the rule instead of simply adding a rule for ICMP specifically. This inhibits the ability to meet security controls for isolation required in NIST SP800-53.

      39 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    16. vpn gateway slow to create

      Why does it take upwards of 30 minutes to create a vnet gateway?
      If I am doing a PowerShell script or a CI/CD deployment, the whole world stops while the VPN takes 30-odd minutes to be initialised and start. Can this please be addressed?

      40 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    17. Application Gateway Performance

      We have two large instances of Application gateway on our application which is a connected client application using long polling. When we did load testing, gateway starts to give 503 with just 10k connections whereas our back-end application just works with just 7 % CPU. When we raised ticket we got a response saying it is as per design. We did not expect this from Application gateway.
      Can you please let us know what is performance metrics of Application Gateway.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Auto-scale for Application Gateway

      I hope Application Gateway instance can increase with auto-scale.

      If it has this feature, we dose't need to add instance for many web access.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Outbound data transfer Zones - Country wise

      Hello, Please provide which country comes under which Zones for Outbound data transfer. This will help for correct pricing for customers for zone1, zone2 and zone3

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    20. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    ← Previous 1 3 4
    • Don't see your idea?

    Feedback and Knowledge Base