Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. NSG/ASG management and monitoring

      add capability to modify and monitor NSGs and ASGs.

      48 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    2. Make Traffic manager able to access Web Apps that uses Authentication

      Traffic manager is currently unable to get the status of a Web App that's using the Authentication/Authorization (simple auth) feature. It would be nice if it could use some kind of service account (or similar) to get authenticated and get the Web App status but still have the security features intact.

      46 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  4 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    3. Rename NSG policy

      Allow us to rename previously created NSG policy to another name. It would make naming much easier. Now we have to re-create all policy again

      46 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow ESP traffic through Azure Loadbalancer

      Azure Load Balancer, for external connections, can support only TCP (Protocol ID “6”) or UDP (Protocol ID “17”).

      It cannot support protocols like ICMP (Protocol ID “1”). As an example, also IPSec (and VPN using it) is not supported since you should open UDP port 500 (that is fine) and permit IP protocol numbers 50 and 51. UDP Port 500 should be opened to allow Internet Security Association and Key Management Protocol (ISAKMP) traffic to be forwarded through Azure Load Balancer. IP protocol ID 50 should be set to allow IPSec Encapsulating Security Protocol (ESP) traffic to be forwarded. Finally,…

      46 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    5. Block out access to azure resources from outside

      I am looking for a way to completely block out access to azure resources from outside of Japan. An access from abroad is most likely from a person who are not from our company.

      Recently, I am terribly worried because there are a lot of illegal access from the outside country. It's very reassuring to have the ability to shut off foreign access in Azure. This scenario is difficult to achieve because the NSG feature has a limit in a number of IP addresses which can be restricted.

      45 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    6. Be able to manage Role/Action at subnet level inside a vnet

      In ARM and RBAC model : Possiblity to have the subnet as an independant resource to be able to say using RBAC : "i want my user1 to be able to deploy VM to subnet 1 and 2 but not 3 because subnet 3 is an infrastructure subnet unhautorized to users."

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    7. designate set of name servers to all self hosted dns zones

      When maintaining DNS Records in Azure, you have to update registrars records to use name servers assigned to a domain. Now that those nameserver sets varies, it takes extra effort to create Records, specially if you have to do it manually.
      It would be easier if you could try and use same set of name servers to all dnz zones for the dns zones you are maintaining.

      40 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the suggestion. We are tracking this on our backlog.

      Some background: Azure DNS supports multiple name servers, which are dynamically assigned as zones are created. This allows us to let customers create zones without first proving that they own the domain name (since if we supported only a single name server set, we couldn’t allow just anyone to create a zone and thereby block the legitimate domain name owner). Domain proof-of-ownership checks are a significant hassle, so it’s important that we avoid them where possible.

      Having said all that, I do understand that in some scenarios having a consistent set of name server names is desirable, and we are considering options for how we might support this in future.

    8. We need the new configuration in Azure Traffic Manager.

      We need the new configuration in Azure Traffic Manager.

      When prior region is replying intermittent healthy response to Traffice Manager, It occurs Failover and Failback repeatedly.
      (e.g. In case the endpoint returns HTTP 500 intermittently by some system failure, if TM receives HTTP 200 by luck when TM probes there, TM sends requests to troublous endpoint until next probe chance.)

      We need the configuration that manual Failback.

      39 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    9. Support the proper use of webfonts on Azure Websites using Azure CDN

      We need an easy way of setting the http protocol "access-control-allow-origin" on webfonts used on Azure Websites and distributed via the Azure CDN. Please make the CDN service respect http-protocol settings in the web.config file on Azure Websites.

      39 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    10. Add a system route for KMS

      Could you please add a system route to the KMS server. (kms.core.windows.net / 23.102.135.246)
      When using forced-tunneling, we must set an UDR to the KMS manually.

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    11. Replicate NSG to new region when using Azure Site Recovery

      This is really needed feature!
      The benefit having this is when setup Azure Site Recovery, which replicates VNET and VMs to a different region BUT there is no way to replicate NSGs! Manual work to replicate all security rules from one NSG in source region to another NSG to target region can take up hours if there are 200+ security rules !

      Please implement this.
      Thanks

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    12. NAPTR Support (Name Authority Pointer)

      Support NAPTR records with Azure DNS. These are primarily used to complement SRV records which you currently support.
      https://en.wikipedia.org/wiki/NAPTR_record

      37 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    13. Network and Service object group support for NSG

      Network and Service object group support is missing in Network security Group (NSG). This makes NSG more difficult to Manage and control. Please consider this to make NSG more efficient.

      34 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    14. Add option to connect or disconnect vpn

      In ASM model, we have an option to connect or disconnect an vpn connection. Now in arm model if we need to disconnect a vpn we need to delete the connection and if we need to connect the vpn we need tonrecreate thw connection

      34 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. subnet expansion

      It would be nice if you could expand a subnet without having to remove all of the cloud services and VMs from the subnet. In our case we will have to destroy all of our subnets to expand one subnet. This is very inconvenient (yes we opened a support ticket).

      Additionally, make the tool available that the internal Microsoft support people use that creates a nice table of the various components of the subscription (I don't need to know datacenter, node, cluster). I've only seen snippets of the tables, but they are better than what I am getting from either…

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    16. Integrate Windows IPAM with Azure DHCP

      Integrate Windows IPAM with Azure DHCP services.
      Some info can be gathered for domain members using DDNS, but not for appliances and other services not using DDNS...

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    17. Manage allowed IP addresses - show and allow to add current IP address with one click (like in the old portal)

      Now you have to know your current IP address and enter it manually to allow access to SQL - means you need to find out your ip first.

      In the old portal you have the option to add your current IP address with one click (see attached screenshot).

      I would love it if you bring this feature to the new portal.

      32 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    18. Add DNS names to NSG source/ destination options like we currently can with IP addresses and tags

      Enable NSGs to use DNS names instead of only IP addresses, Tags and any. A lot of services have very dynamic IP adresses. Using DNS names would help a lot.

      32 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    19. Make CDN caching optimized for Smooth Streaming

      With Smooth Streaming, because of the latency and low bandwidth during the first access of the video (before it is cached by CDN), Smooth Streaming will choose a low bitrate stream, and the higher bitrate streams may never be cached at the CDN edge server because they are never accessed; or if we are lucky it requires at least many replays of the video before all streams are cached. This is a huge problem with videos not frequently accessed.

      Therefore it should be possible to force a container to cache all blobs within it as soon as one of its…

      31 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  1 comment  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    20. There is no way for us to find the private IP assigned for the application gateway in the back end. Hence please improve this feature.

      There is no way for us to find the private IP assigned for the application gateway in the back end. Hence please improve this feature. Please have it enabled for the GUI, so that this can be use full to troubleshoot any network issues.

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base