Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support to disable health check of Frond Door

      The health check of Frond Door is too frequent, which leads some negative impact. For example:
      1. More user pages, consume a lot of computing resources.
      2. If we use Azure DNS zone, DNS query will take extra charge.

      Sometimes we only have one backend VM as backend pool, which health check is not required.

      It would be highly suggested to have a feature like users can disable health check manually in case it's not needed.

      Thanks!

      17 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Allow SSL/TLS configuration on Azure Frontdoor

      Allow option to configure SSL protocols and best practices, same as an application gateway on Azure front door service.
      Currently, Azure Frontdoor supports TLS 1.0 as well, there should be an option to select protocols as well as the cipher suite.

      58 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    3. Increase limit of custom domains per front door

      There is a limit of 100 custom domains per front door.
      This works well for apps that only require only a handful of domains, but SaaS applications often require it's customers to be on their own domain. This limitation currently prevents SaaS platforms using Azure FrontDoor.

      Alternative platforms such as Cloudflare or AWS Cloudfront already support a very large number of custom domains.

      68 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Azure Application Gateway CPU Utilization Metric

      The Application Gateway offering provides quite a few useful metrics, but lacks some core performance metrics. Please, at a minimum, provide a metric and alert for CPU utilization of the instances behind an Application Gateway. When CPU utilization is not monitored at this level, it can affect the performance of dependent applications.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. AFD not honoring preserve destination path

      AFD not honoring preserve destination path

      I've setup a rule to redirect specific paths to another url and preserve the destination path. AFD is not keeping the destination path.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. ARM Template support for NSG Flow logs

      Add support to configure NSG Flow logs using Azure Resource Manager template.

      The goal is to have Azure Policy to deploy NSG Flow Log configuration.

      Reference to Docs:
      https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq#can-i-configure-traffic-analytics-using-powershell-or-an-azure-resource-manager-template-or-client

      122 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Great news! ARM Template support for NSG Flow Logs and Traffic Analytics is now available in all regions.

      Useful links:
      1. Documentation: https://docs.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-azure-resource-manager
      2. Template Reference: https://docs.microsoft.com/azure/templates/microsoft.network/2019-11-01/networkwatchers/flowlogs
      3. Quickstart Template: https://azure.microsoft.com/en-in/resources/templates/101-networkwatcher-flowlogs-create/

      We will soon be releasing a QuickStart template to make using this feature easier. Stay tuned.

      Thanks for your patience and keep your feedback on the forums coming.

    7. add support for internal loadbalancers on vm scalesets

      We don't want to use the external loadbalancer in a scaleset, we've got our own firewall setup in Azure and want the scaleset behind it, but with an azure internal loadbalancer.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    8. Azure ApplicationGateways needs to log effective TLS-protocol-version of each call

      As Cloud Solution provider we need to know
      - which customers and
      - how many customers
      would be hit by an change of tlsMinProtocolVersion from
      TLSv10 to TLSv12
      Currently we are not aware of any possibility to get hold of
      effective TLS-version (with TLS-offloading within AppGateway)

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      In Application Gateway V2, you can view SSL/TLS protocol used for each request in the Access logs (sslProtocol) – https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#access-log

      Also, you can use the new metric which will give you the SSL/TLS protocol distribution (Client TLS Protocol) – https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-metrics#application-gateway-metrics

    9. Paas service: How to check on portal if instance is active in load balancer or not

      Is there is any Azure Metric that is emitted whenever a resource is taken out of load-Balancer ? I am looking for a better method than IIS logs for this as going to IIS logs every time is quite slow and not very practical as we go to do testing on various resources.

      I understand if there is current limitation to not expose this via Portal (which I think should be exposed : a future feature request), However I would appreciate if there is any metric that we can sign up to know this detail.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    10. Configurable back-end health check aggressiveness

      Related thread:
      https://social.msdn.microsoft.com/Forums/en-US/75cfb536-71f6-4c88-ac80-ec693f3e6229/azure-front-door-healthcheck-frequency?forum=WAVirtualMachinesVirtualNetwork

      Behind my frontdoor are two "back-ends", each consists of a single web app.

      For each back-end I have configured a health check with interval of 120 seconds. My expectation was that this leads to roughly 30 requests per hour.

      In reality, my application insights shows 64000 requests in the past 24 hours, that's more than 40 requests per minute! A live traffic log confirms this: I see health check requests come in almost every second...

      With the current behavior there is hardly any correlation with the configured "Interval" setting.

      It would be great if there was an…

      165 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Backup and restore each network resource configuration settings

      Network resources configuration like VNET, Traffic Manager, Load Balancer, VPN GW, App GW, UDR, NSG, be able to backup and restore by each compornent.
      This would help if configuration ever gets lost, accidentally changes it, corrupt, or we want to recreate a new component and keep some favorite settings.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    12. Enable Accelerated Networking from the Portal

      Currently Accelerated Networking can only be enabled or disabled from the command line. It would be nice to have this available as a Portal switch in the NIC or VM menu.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Flag idea as inappropriate…  ·  Admin →
    13. [Azure Front Door Service]Support password protected PFX

      Support password protected PFX for HTTPS

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      completed  ·  1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    14. Azure Front Door service is incompatible with blob storage if using Azure storage's shared key authentication method

      We found Azure Front Door service is incompatible with Azure blob storage if using Azure storage's shared key authentication method. The root cause is AFD will add some x-ms-* headers into the request to storage backend, storage backend will use all headers begin with “x-ms-“ to calculate the MAC signature. So the request will be rejected by storage service if forwarded by AFD.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. Allow configurable timeout period for Front Door

      Currently Front Door forces a 30 second timeout for backend requests. This can severely restrict the usefulness of the service in production systems. It would be great to have the timeout period configurable to allow for a longer period of time. My understanding is that the Azure Load Balancer, which sits in a similar space as Front Door, defaults to a 4 minute timeout period.

      269 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      19 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Allow front door service URL Rewrite to file instead of path

      Allow URL Rewrite to rewrite a path to a file. This would enable users to host single page applications using front door.

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      10 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    17. Add a Virtual Private Network service endpoint for Event Grid

      We are trying to adopt the Azure Event Grid on our platform, but we need to ensure we can keep all the communication in our private address space. Is this feature coming soon?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. Application Gateway: Stop revealing internal IP addresses in Location header and in redirect body

      Currently a request to my application gateway on port 80 returns a Location header as part of the 302 redirect response. This header includes a private IP address. The same address is also included in the body of the response. Both are shown in the attached screenshot.

      Clients connecting to our application through the gateway should have no knowledge of our internal network's configuration, including IP addresses.

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    20. Provide option to change which TLS versions are supported

      Provide option to change which TLS versions are supported - similar to the Azure App Service. This will allow for use of Front Door with PCI compliant apps.

      123 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 16 17
    • Don't see your idea?

    Feedback and Knowledge Base