Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow referencing an Azure resource by id in Network Security Groups

      NSG's should allow the use of Azure resource ID in addition to ip addresses for NSGs. For example, if I reference the ID of a webapp, then the rule will apply to the public IPs of that webapp. If I reference an azure VM, then the rule will apply to the ip address of that vm. And so on. It would make it so much more flexible to build up rules by using resource id's/names than today's very static and cumbersome implementation, especially for complex rules.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    2. Site Categorization for the new Azure Firewall

      Adding the ability to restrict outbound traffic based on Site Categorization would be great. This would give the ability to restrict outbound access to adult, gambling and other questionable sites.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    3. Roelant

      when adding endpoints to the traffic manager, you get all app-services that are available, but in our case, the list is very long, and searching makes it difficult. The list is not sorted, and neither can we filter it.
      Adding a filter would be very helpfull.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    4. Add Azure Service Fabric Reverse Proxy Port to AKAMAI CDN Allowed Origin Ports

      The Azure Service Fabric Reverse Proxy allows services running in the cluster to be reached from outside the cluster via HTTP(s). The default port for the reverse proxy is 19081.

      Azure CDN (with AKAMAI) allowed origin port list currently does not include that port.

      AKAMAI CDN should include the default reverse proxy port for Azure Service Fabric in the allowed origin port list so that integration can happen right out of the box.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      planned  ·  Anton Kucer [MSFT] responded

      Thank you for the feedback. We have confirmed the ability to add this port. We are targeting January 2018 to have this update in place as the Akamai network is currently locked down for this type of update until after the holiday season.

    5. Application gateway

      Hi MS team,

      Could you enable the 'Edit' option for the Listeners we are configuring in the Application gateway. This will be really helpful if we decide to change our certificate.

      Although we can do a workaround of deleting the listener and creating new one, but that needs some time investigating it, so I feel Edit option is a much better and easy approach for clients.

      Thanks,
      Thulasidas

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Please provide metric for Point-to-Site VPN traffic

      We can't meter Point-to-Site VPN usage now.
      Please provide metric for Point-to-Site VPN traffic like Site-to-Site tunnnel metric.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Application Security Groups, Service Tags, and Augmented security rules in Gov

      Application Security Groups, Service Tags, and Augmented security rules (public preview) would be great additions to managing networks security in Azure Government. NSG's are good, but a complex application can quickly increase the number NSG rules and potentially reach limits fast. These three features would be really REALLY nice.

      https://azure.microsoft.com/en-us/updates/public-preview-features-for-nsgs/

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    8. Add a feature that gives you an static IP regardless of what server you attach to it.

      Add a feature that gives you an static IP regardless of what server you attach to it. That wat, if you have to migrate your server you keep your IP Address.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    9. Add ServiceTags for login.microsoft.com and arm api endpoint in NSG

      Kubernetes requires access to the different endpoint to perform automation.

      We also need to restrict internet access with an outbound rule. It would be best if we could configured the NSG to prevent internet access while keeping the access to the internal Azure endpoints.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    10. Maintain "DNS Zone" name server across muliple Zones

      Currently Azure DNS Zone will randomly create Zone records in different DNS Servers.

      I have a public DNS server which I would like to migrate to Azure DNS Zone, to do this I need maintain my name servers but redirect to Azure's. because every time I create a new zone it is generated in a different DNS Server I can't create the CNAMEs to easily migrate my clients domains.

      Could this feature be added.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    11. Named network sets (avoid repeated network rules in every Azure service)

      Both SQL Server and Storage now support firewall for inbound requests, where I can inform authorized IP addresses or virtual networks that have access. It is expected that other Azure services will follow that (Key Vault? Data Lake?).

      The problem is that if I have a subset of services that use same firewall rules, I have to repeat these rules over and over.

      The suggestion is that Azure Network allows definition of a named network set, or simply named network definition, and then in each service I simply inform that name, instead of repeating the rules again,

      This way if…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    12. Show Traffic lights on an ILB Rule showing which node traffic is being passed too

      Load balance rules do not show which server(s) traffic is currently being sent to.
      Within a “Load Balance Rule” simple traffic light of Green /or Red against a node would give a quick visual indication that traffic is being sent to the node.
      This would help us identify if a service had/was stop on a specific node or if a node was turned off.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    13. API for Real-Time Stats of CDN

      Provide API to get live CDN metrics (number of requests, different cache statuses, different HTTP response codes, response time, origin time etc) from CDN. The same metrics is available now only via HTML dashboard in CDN manager as "Real-Time Stats", but enterprise setups need the data to our dashboard systems, not as yet another separate website.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. Akamai CDN Easly Expire Header Set and Purge ALL Available?

      Hello,

      I'm using Akamai General Web Delivery. Its seems fine but Purge all and on the images files specific have not able the set Leverage Browser Caching (expire headers). Its maybe easly be on the Azure control panel.

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
      planned  ·  Anton Kucer [MSFT] responded

      Both of these capabilities are in our backlog for making available via Azure CDN from Akamai later this year.

    15. azure application gateway websockets latency metric

      When using websockets together with Azure Application Gateway, you end up with artifically increased latency_d in the ApplicationGatewayPerformanceLog. Indeed, all the 101 (websockets) connections remain pending, which is a normal behavior and their duration gets recorded by the gateway. The problem is this normal behavior increases the average latency of all requests (including non-101) and there is no way to filter 101 out of the ApplicationGatewayPerformanceLog logs...Therefore, if we setup an alert on latency_d, this will raise a lot of false positives...While this metric is very useful in the ApplicationGatewayAccessLog because it allows for calculation of average user sessions, it…

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Azure Firewall NAT Rules

      When the UDR assoc the Subnet is not possible connect by RDP from the Internet, or other services exposed in the internet.

      If I could create the NAT Rule on the Azure Firewall I can expose any services in internet and this issue would be resolved.

      thank you so much.

      Best Regards

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    17. On Azure portal,under Load balancer the statement of floating IP should be updated.

      Recently i took a case ,customer complained this .On Azure portal,under Load balancer the statement of floating IP "says 'We recommend using this feature only when configuring a SQL Always" needs to be updated.
      The statement needs to be updated as follows :
      We recommend using this feature only when configuring a SQL AlwaysOn Availability Group Listener and SQL Failover Clustered Instance (FCI) IP Address.

      The current statement appears to be old and was true before we started supporting SQL FCI on Azure. You can see the details here
      https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-portal-sql-create-failover-cluster

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    18. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Traffic analytics error reporting IP vs NIC

      We have several app-ways in the same subnet.
      Traffic analytics is display a DestIP_s which does not correspond with the displayed NIC_s (it belongs to a different app-way).

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    20. Outbound data transfer Zones - Country wise

      Hello, Please provide which country comes under which Zones for Outbound data transfer. This will help for correct pricing for customers for zone1, zone2 and zone3

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base