Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. network health monitor for each VM when there's hundreds of VMs

      Occasionally, Azure platform outage causes VMs to lost connectivity (to other VMs) briefly, nowadays, customer can only realize the issue as their VM applications reports certain errors and engage Azure Support to investigate and get the result.

      Is there anyway that we add a panel in Portal to show customer the network health log (inbound and outbound connectivity) for each VM, so that customer can monitor and report to their management team of the cause in time and be able to take proactive actions earlier?

      Network watcher connection monitor is not applicable for such scenario as is used for monitor…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    2. Consumption based pricing for Azure Firewall

      The fixed hourly cost of azure firewall makes it prohibitively expensive to use in low-volume scenarios. We don't want to be put in a situation where we have to make a financial decision that overrides security patterns/architectures. Please give us some more licensing options so that we can take this product and deploy comprehensively through our networks at any point of scale.
      Thanks,
      Ben

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    3. Adding a Website subdirectory as part of the CNAME

      Creating a CNAME should allow us to point to a Sub Directory for an existing Website.
      For example: I can add a CNAME for a website like www.xyz.com
      But I should also be allowed to point it to the a subdirectory within the Website like www.xyz.com/abc/

      This will help simplify the task and reduce the operational hindrance of using Application Gateways along with DNS CNAME

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    4. Create Azure IP address search tool for Network Watcher / Network Diagnostic Tools

      NSG logging is nice that it reports communication between azure objects. However, its not always obvious which service / vm the IP address represents in an NSG log.

      It would be very helpful if there was some kind of Azure IP address lookup tool where you supply a VNet address and an IP address and then the search tool would show you which Azure object that IP Address corresponds (Object Name, Object Type).

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    5. Allow NVAs etc... to establish BGP session directly with VNETs

      To make HA scenarios a lot simpler with NVAs that support BGP (which most of them do nowadays) each VNET should allow you to establish a BGP session directly with it so you can advertise and learn routes dynamically straight to the VNET.

      This would help so many HA scenarios and also making sure traffic flows are symmetric a lot simpler by using BGP local preference, AS Path and Weight attributes.

      Perhaps this could be enabled via a VNET service endpoint on your VNET as required?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow Bastion service connect to Linux VMs over 3389 RDP

      From Azure portal allow Bastion service to connect to Linux VMs over 3389 RDP session as well if xrdp11 or other RDP services are installed and running on Linux VM.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Bastion  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    7. Need to obtain VPN server name (FQDN) using Powershell for P2S VPN.

      As we know we it doesn’t support obtain VPN server name (FQDN) for P2S via powershell. We must utilize the download package as stated in documentation.

      Could we obtain VPN server name (FQDN) using Powershell for P2S VPN in the future?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow the creation of null MX records for domains that accept no mail

      As per RFC7505, allow the creation of a NULL MX record by entering a single period '.' for the MX Record's Mail Exchange field.

      Currently, attempting to create one raises the following error: "Each label must contain at least one character. You may not input consecutive period '.' characters"

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    9. Azure DNS Logs

      Need to access DNS Request Logs on "Azure DNS" service. Actually, we can't search on any logs if we get a DDOS attack on our zone. So, we can receive a big invoice because of huge query number without to know who is requesting our DNS zone.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    10. Allow moving a Standard SKU Load balancer between Resource Groups like possible with the basic one

      Allow moving a Standard SKU Load balancer between Resource Groups like possible with the basic one.
      while in place upgrade from basic to standard is not an option, this might help with the manual upgrade or even general maintenance of the service.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    11. HTTP -> HTTPS redirect routing shouldn't count in the price

      The current pricing of Azure Front door service is $0.03 per hour per routing rule (~27$ per month per routing rule). Adding a rule for simple HTTP -> HTTPS redirect immediately increases the cost by $27 per month.
      Who am I to suggest prices, but I think it would be nice if a simple HTTP -> HTTPS redirect didn't count in pricing.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. vpn point to site static

      Requesting the ability to set a static IP for a point-to-site vpn client. Currently the addressing is auto/random from a vpn pool. Would like the ability to strap that. Specifically for the OpenVPN peering - but all of the point to site peering options can benefit from this.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. Allow configuring the managed identity for app gateway through the portal

      The current CLI experience has a rather steep learning curve and is not ideal for someone just evaluating whether to use Azure.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    14. v2 Invalid Header support

      As V2 is built on NGINx, it's resulted in at least one undocumented breaking change.
      AGW v2 has the NGINX flag ignore_invalid_headers flag enabled. This results in headers containing a period being dropped.

      Whilst this might not be best practice, they're not technically invalid and this is something we have for historic reasons and makes it impossible to move to v2 without changing a lot of code.

      Making this setting configurable or disabling by default for backward compatibility with v1 would be welcome as I'm sure v1 App Gateways will be retired at some point.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Azure Front Door should automatically configure custom domains on backend app services

      When a custom domain is registered with Azure Front Door it should register that custom domain with backend app services.

      When backend app services do not have the same custom domain as AFD, app service session cookies are not passed back to the browser. Therefore session affinity is broken.

      Although there is a workaround that involves pointing the custom domain at the app services to register the domain, then pointing the custom domain back to AFD, it some cases that's just not feasible.

      We will be halting further rollout of AFD to our customers until this issue is resolved.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Offer a domain registry service to go along with Azure DNS

      Very simple convenience feature - when everything else is handled on Azure, why make me involve a third party just for the domain registration?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    17. AppGw WAF_v2 Undo breaking change with case sensitivity for PathbasedRules

      between older SKUs and WAF_v2 has been a breaking change
      regarding case sensitivity of Rules.

      Starting with v2 Rules are now Case sensitive.

      Having a SaaS - offering with public API,

      This is
      - breaking existing REST-APIs published to customers and partners
      - completely unexpected for Windows-Users
      - a source for many customer-problems and support-calls

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow advertisement of regional / datacentre routes from VPN Gateway

      Microsoft Peering can be employed with ExpressRoute, but there seems to be no such feature in VPN Gateway. If you could add a tick box for the peer to send out the region's ranges to which the VPN Gateway were provisioned, that would be great.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    19. CDN for root-DNS entry

      Actually it is by design not possible, to add a cname entry for the root-Level DNS entry. But a cname is needed to provide a CDN. I dont want to publish all my Websites with WWW, just to use a CDN.
      Some Providers already have the Workaround and provide a ANAME.

      Please provide also a Workaround, to provide a CDN for the root-Domain.

      Thanks, Martin

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    20. Front door t-msedge.net add ipv6 to auth nameservers.

      Front door cname domain fails to load in a IPv6 only scenario, since the auth nameservers for domain t-msedge.net is IPv4 only. Please add IPv6 to those nameservers ASAP.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base