Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Traffic Manager provides auto SSL verification for trafficmanager.net

      One of the customer said when he is using both web app service & traffic manager, web app service can provide ssl verification for azurewebsites.net, but traffic manager can not provide similar ssl verification service unless purchasing a custom domain.
      So he suggests to improve this function for trafficmanager.net.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    2. enable Bastion users to select either RDP or SSH for connecting to Linux VM

      Currently the Bastion service only lets you connect to a Linux VM using SSH. It would be nice if one could use Bastion to connect using RDP protocol as well, assuming xRDP was enabled and the port was opened to the Linux VM.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    3. Fully private App Gateway v2

      From: https://docs.microsoft.com/en-us/azure/application-gateway/migrate-v1-v2

      " v2 gateways currently don't support only private IP addresses."

      We need to be able to create fully private App Gateway V2, without public IP.

      At the moment V2 Gateways will be public facing so we need to stick with V1. We cannot rely on NSG/Firewall to restrict traffic: we need to be able to provision a private load balancer.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    4. Azure Bastion

      When will be the Azure Bastion ready to use in East US 2 region?

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    5. When there is a scheduled maintenance on a gateway, the vpn fall momentarily and generate an alert on the part of the user who does not know

      When there is a scheduled maintenance on a gateway, the vpn fall momentarily and generate an alert on the part of the user who does not know if it is a problem or a maintenance. This creates a ticket to Azure with the loss of time and especially the loss of confidence in the plant form Azure. It would be nice to know and be informed when this is going to happen.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    6. Make pricing of VPN sku clearer

      It wasn’t clear that the VPN would be charged while it was deployed even if not used. Especially when, as far as I could tell, I never got access to it. The pricing is per day deployed, not I/0 like all the other resources.
      The second problem is that the VPN can only be taken down, then has to set back up again. No way to switch on and off.

      The overall effect is that when I got the invoice I felt I had been social engineered by a scam.
      119102723000032

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    7. Add tool to see if IP of backend pools are resolvable on App Gateway interface

      Just an information from my end:
      - If loadbalancer’s backend IPs are not resolvable in the vnet where it is connected then it will not send requests to those backend servers, no matter what binding you create on IIS front.
      - Once IPs are resolvable then, a binding on IIS front is required with the same FQDN name which can be resolved against the IP on the attached vnet with AppGateway. I achieved by creating Private DNS resource in the same vnet and created mapping of those IPs.
      - This is true that loadbalancer should not say healthy if it…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    8. Add exclusion feature in CDN profile to be able to exclude certain user IPs for country filter rule

      Team, please consider to add this feature in future roadmap as we have customer use case that they need to whitelist certain user IPs as the users could be working outside of the country or travel abroad temporarily.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    9. Setting disableIpMasking to true tracks the load balancer IP, not the client IP

      I'm really pleased that we can now disable the IP masking in Application Insights (https://docs.microsoft.com/en-us/azure/azure-monitor/app/ip-collection). However, I've set disableIpMasking to true in my ARM template for AI, and the IP that gets recorded doesn't match the Client IP that I expect to get. I have a Docker App Service and a Linux App Service Plan, so I'm assuming the IP I do get is the load balancer (but I'm not entirely sure how App Services work under the hood)

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    10. Option for disable health probe on UDP traffic for Load Balancers

      Current solution for Load balancer health probe on UDP is to provide a seperate TCP service internally checking the status of the UDP service. This can easily obfuscate the health of the UDP service by adding an additional layer to manage. I think it would be just as useful to have the ability to disable probing UDP ports

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    11. Application gateway setup for API using multi path using only HTTPS listners

      Hi Team,

      Recently we encounter an issue in APG .
      We created the Application gateway for API's . We used Path BAsed rule. In the Listner configuration we are unable to connect API's using multi-site, so we used basic and port base lisner by defining different port number. We need improvement of using multi-site to connect API's using APG. So that i dont't want to define Port numbers for each Listner.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    12. Handle passthrough of ARR affinity cookied when routing through FrontDoor

      Given that the ARR affinity at App service level relies on a cookie in the domain of the service's host name binding, FrontDoor renders this effectively dead when serving the URL differently externally. Some form of cookie passthrough/rewriting for this would allow for app-level affinity to still be possible

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Support to disable health check of Frond Door

      The health check of Frond Door is too frequent, which leads some negative impact. For example:
      1. More user pages, consume a lot of computing resources.
      2. If we use Azure DNS zone, DNS query will take extra charge.

      Sometimes we only have one backend VM as backend pool, which health check is not required.

      It would be highly suggested to have a feature like users can disable health check manually in case it's not needed.

      Thanks!

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    14. give FrontDoor health probes an identifiable user agent to enable traffice to be filtered in Application Insights

      Health Probe requests from Azure FrontDoor should have an identifiable user agent string, which ideally should be included in the default ApplicationInsights.Config filters section.

      Any user of FD whose sites us AI are going to find their telemetry feeds flooded with multiple requests a minute otherwise, and all suggestions given from other users or MS have been workarounds for what should be a standard filter being missing

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. Provide an identifiable user agent for Front Door health probe requests

      HTTP requests sent by Azure FD for health probes should provide an identifiable User Agent, enabling application insights to filter these as synthetic traffic.

      Given the volume of requests this is going to be a problem for every Front Door user who uses AI telemetry

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Azure CDN should have the possibility to rewrite response code from origin

      Azure CDN should have the possibility to rewrite response code in case of error (404,500 response) from origin like AWS CloudFront has:

      "You can choose the HTTP status code CloudFront returns along with a custom error page for a given HTTP status code. For example, if your origin returns a 500 status code to CloudFront, you might want CloudFront to return a custom error page and a 200 status code (OK) to the viewer."

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    17. Subdomain supportability via azure portal - public IP - DNS name label

      Currently, this option does not support subdomain at all, e.g. test.arias.southeastasia.cloudapp.azure.com is not supported but only arias.southeastasia.cloudapp.azure.com is supported.
      Can we consider to add this new feature into future roadmap - since some customer would depend on this easier way to create A record for their subdomain, without creating a whole Azure DNS zone and have to delegate it to a name registrar.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    18. The Ability to change/define the BGP IP address assigned to the Virtual Network Gateway (automatically by Azure) when enabling BGP

      The BGP Peer IP addresses when randomly assigned creates issues with the On-premise networks and private IP addresses ranges being advertised and currently in use. Customers have VPN's to various other devices and platforms, the static address provided creates routing issues when the BGP peer advertised is a part of a cutomer On-premise network.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. Azure Firewall - FQDN Based NAT!

      I strongly hope AzureFirewall has "FQDN-based-Nat" function!!!

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    20. Application Gateway does not support a long content-security-policy header

      I am attempting to set our content-security-policy (CSP) HTTP header using a Rewrite rule.

      When I exceeded 1000 characters (the maximum allowed in AG for a header value), I was stuck.

      I attempted to add a second HTTP header for "content-security-policy" but it seems the built-in behavior is to replace the first HTTP header with the second.

      The CSP standard allows for multiple duplicate headers. AG does not appear to support this.

      I am utterly stuck. I cannot set the CSP I need because of the 1000 character limit.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 13 14
    • Don't see your idea?

    Feedback and Knowledge Base