Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. 120 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    2. Monitor Virtual network Gateway bandwidth

      We want to monitor the bandwidth usage of Virtual Network Gateway.

      We all know that the virtual network gateway(VNG) with different sku have different bandwidth limitation. However , we can't monitor the usage or the current status of VNG.

      118 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Allow specification of multiple ports in a single NSG rule

      Allow a comma separated list of port numbers to allow a single rule to provide (for example) access to a domain controller (which would normally require the following ports opened: 53, 88, 135, 139, 389, 445, 464, 636, 1025, 3268-3269, 5722, 9389, 49152-65535).
      This seems to be basic functionality for firewall applications, but the absence of this ability within NSG rules means that the 200 soft limit (400 hard limit) is reached extremely quickly in a corporate environment.

      110 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      19 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    4. Traffic Manager Logging & Alerts

      Traffic Manager needs to keep track of past endpoint health failures.
      In addition to this it should be possible to configure alerts about changes to endpoint health.

      107 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    5. Remove Server/Framework Headers From Application Gateway Responses

      For the sake of security, it would great if we could get the following tags removed from the AG responses:

      < Server: Microsoft-IIS/8.5
      < X-Powered-By: ARR/3.0
      < X-Powered-By: ASP.NET

      104 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Alias records

      I have a number of DNS records for various webapps in my zone... all of which point to the same host. I understand the limitations CN's, but the convenience of maintaining them is too great.

      My request is to provide an "alias" record, which provides a single record to maintain, but is applied as A/AAAA records.

      The benefit is to bridge CNAME convenience with RFC incompatible goals such as CN apex records.

      104 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    7. App Gateway to support an URL length which is greater than 2048 characters

      When running MVC applications with federated authentication with IdPs like Azure AD B2C, the OAuth response coming back from AD is always greater than 2048 character url length. This becomes limitation of AG as AG can not be used for application doing federated authentication with various IdPs including Azure AD B2C.

      Please remove the 2048 character limitation as well any other request size limitation which could truncate url as well as request body including cookies etc.

      102 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Support HSTS (HTTP Strict Transport Security) on Application Gateway

      There are no support concerning HSTS today, this is requested by many customers and they have to use 3rd party for accomplish it.

      101 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      This can now be accomplished using the new Header Rewrite capability in the V2 SKU. Please see the documentation here https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers#implement-security-http-headers-to-prevent-vulnerabilities
      Additionally, if you would like to get in touch with us to discuss your specific scenarios, please fill this form: https://aka.ms/ApplicationGatewayCohort

    9. Azure Loadbalancer / Application Gateway : Provide basic status indication for nodes

      Troubleshooting a loadbalancer in azure is a pain in the ***. A basic necesity is being able to see if a given node is regarded as up/down by the load balancer. The same applies to an application gateway too...

      99 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    10. Support EV SSL cerrtificates in application gateway

      Please support EV SSL certificates in Application Gateway. What is the reason they aren't supported already?

      97 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Display health probe status in Load Balancer

      Display health probe status for each node in the backend pools in Load Balancer

      95 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    12. azure admin should be able to view the virtual network gateway log

      currently as azure admin i can not see the gateway log when Vnet to Vnet connection is made

      94 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Enable UDR (Define Routing Table) for the Azure Gateway subnet

      After the nice added feature of virtual network UDR, we are faced to a new limitation, that is using ExpressRoute with Virtual Appliances. In fact, ExpressRoute can only be implemented using an Azure Gateway. That means that if you have ExpressRoute, you cannot use third party Virtual Appliances, unless Microsoft enable UDR for the Gateway subnet so we can route in/out traffic to the Gateway. This will allow us to use third party virtual appliances side by side with ExpressRoute.
      (Or Enable Third party virtual appliances to support Express Route, this is another alternative)

      91 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Global VNET peering remote gateway and gateway transit support

      Remote gateways and gateway transit are currently not supported with global vnet peering. Is there a plan to support remote gateways in the global vnet peering feature to build a global hub-spoke topology over multipe regions?

      85 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    15. Azure Application Gateway x-forwarded-for remove port information

      x-forwarded-for header set by Azure Application Gateway now will have random port information along with client ip. It makes no sense. Please help to remove that.

      81 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      The port information can now be removed by rewriting the X-Forwarded-For header using the Header Rewrite capability (https://azure.microsoft.com/en-us/blog/rewrite-http-headers-with-azure-application-gateway) available with Application Gateway’s V2 SKU. Please see details here:
      https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers#remove-port-information-from-the-x-forwarded-for-header.

      Thanks,
      Abhave

    16. Allow us to control IP/DNS settings for VMs which are added to a Virtual Network

      Currently, private IP addresses are assigned in the order that you create VMs. For some more complex scenarios such as AD, this adds an extra planning step. It also makes it difficult to replace VMs which have a knows static address.

      80 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      completed  ·  2 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    17. Add more configurability to Traffic Manager monitoring endpoint

      I would like for the monitoring endpoint configuration to support two new options:

      1) How many consecutive times TrafficMgr does not get an http 200 from the endpoint before it deems it down. I have a scenario where I want it to be deemed down immediately after one failure for a quicker failover.
      2) How many consecutive times TrafficMgr receives an http 200 after it has deemed it down before it will deem it up again. I have seen a scenario where table storage (or SQL Azure) is inconsistent (fails one query then succeeds the next, back and forth) and…

      79 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    18. Route Summarization in UDRs to direct traffic to Virtual Appliance

      For VNETS connected with Express Route, BGP Routes populate the Azure System Routes. So, we have to use UDRs to direct traffic to go to the Virtual Appliance Firewall, Traffic towards Any Route not in the UDR prefers the BGP Route and sends the traffic to the Virtual Network Gateway. This renders the summarized routes in UDR useless , as any route with a smaller subnet in BGP Routes, is preferred over the summarized UDR route, and the traffic for that route goes to the VNET Gateway instead of the Virtual Firewall.

      This limits our ability to route effectively, and…

      79 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      16 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    19. ACLs for Outbound Traffic to Limit Exfiltration

      ACLs currently limit only inbound traffic, and not outbound traffic. But to reduce the risk of data exfiltration on a compromised host, you want to limit outbound traffic as well. Many firewalls and security appliances already do this.

      79 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    20. 76 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base