Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support SSHFP records in Azure DNS zones

      Since Windows now supports OpenSSH natively, as well as Linux and other clients/servers on the same network, supporting this standard for server authentication seems like an obvious win.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    2. Challenges in making AFD Work as a CDN for on prem resources

      We would like to use the AFD's WAFs capability and CDN for protecting our on premise farm

      We will need to create the service on AFD and have Backend access via an IP and Backend header
      Conceptually and by design the service should be able to do it
      Challenges:


      1. On a single IP we have many Names that are published in HTTPS only, a single certificate with SAN entry for all the names
        The IP address normally does not respond to any request and give a 403

      We have modified the IP to respond with 200 for HTTP
      but HTTPS…

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    3. Add custom error pages like 405(with TRACE method) at global level of application gateway V2

      Please add custom error pages like 405(with TRACE method) and other status code returned by appgw(without forwarding request to backend) at global level of application gateway V2, where customer can block other scenarios and return a designated URL to original client.
      Sometime customer has a requirement of completely removing 'Microsoft-Azure-Application-Gateway/v2' in response header, so please consider to add this feature in future.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. include support SFTP as Sink in ADF v2

      Currently there is no support for SFTP as Sink in ADF v2, though it has support for SFTP as Souce.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
    5. We should have the visibility/Dashboard to see what all rules are being triggred from the owasp rules

      We should have the visibility/Dashboard to see what all rules are being triggred from the owasp 3.0

      Currently if my website goes slow and application team reports that its slow because of waf we dont know what rules are being triggered.

      We raise a ticket to Microsoft backed and then they will provide the set of rules to us. This dependency should be remove

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Web Application Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    6. Even smaller "Dev" size of Virtual Network Gateway

      While the ability to set up a site-to-site tunnel between my local network and an Azure virtual network is a very great convenience, it's also quite the expensive convenience for the single-developer business. (If you have a VS Professional subscription, for example, you'll burn almost all of your included Azure credit on this alone.) This may be partly solved, at the cost of some overhead, by this request:

      https://feedback.azure.com/forums/217313-networking/suggestions/6169157-stop-start-virtual-network-gateway-to-don-t-pay

      ...but my first observation is that even the "Basic" size of VPN gateway is far more, at 100 Mbps and 10 S2S tunnels, than I actually require.

      How about a cut-down…

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    7. downgrade attack prevention - TLS_FALLBACK_SCSV

      Downgrade attack prevention should be a necessary addition to the Azure Application Gateway.

      All security audits (SSL Labs among others) show this to be a necessary security measure and as such they all downgrade your security compliance if you dont have it.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Azure Application Gateway wasp rule issue : 941120

      Since we have observed the exlusion rule in Application Gateway WAF is not working. For one of the azure ad cookies that are being generated randomly creating 403 issue on gateway and blocking the request. So cookie will be like 'OpenIdConnect.nonce' which need to excluded but its not working since name got concatenated with the value of the cookie. Please have a review on this since this seems bug on the wasp rule

      For Ex. REQUESTCOOKIESNAMES:OpenIdConnect.nonce.XcAqQkCKX3DproXEwEN5OnpgG3E2wFYTzxvyttvCLZo%3D ....

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Cisco Meraki - 15x Code - IKEv2 - Certify Device on Azure List

      With Cisco Meraki's MX code release of 15.x, IKEv2 is now supported - Can we get the Cisco Meraki MX as certified for an Azure VPN Device?

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    10. Support Azure Traffic Manager endpoints that are nested and external to allow us to use alias records

      We have an Apex domain that needs to point to Traffic Manager. We use Traffic Manager nested profiles.
      We want to use alias records to point to our DNS alias record to Traffic manager. This requires using external endpoints in traffic manager.
      Problem is that we use nested profiles. It is not possible to create nested external endpoints in traffic manager.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    11. Improve user experience for BGP Route Advertisement Limit from Azure

      There is currently an internal Azure hard limit of 200 on BGP routes advertised over a connection from an Azure virtual network. When exceeded Azure drops all routes and connectivity for the entire virtual network until the route limit falls back below 200. No error is produced and there is no simple way to query how close a connection is to this route limit.

      Any virtual network update that would result in exceeding the route limit should throw an error and there should be a way to easily determine your current route count per connection (rest/cli and portal).

      In addition,…

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. I would like a probe for load balancers that uses the status of a DSC from an automation account

      I would like a probe for load balancers that uses the status of a DSC from an automation account. That way, when a VM is reimaged in a scaleset, it is unavailable to traffic until the DSC shows Compliant.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Load Balancer  ·  Flag idea as inappropriate…  ·  Admin →
    13. Support Longest Prefix Match in VNet Peering

      Allow VNet Peering between two VNets that may have overlapped IPs by supporting Longest Prefix Match in routing.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    14. When there is a scheduled maintenance on a gateway, the vpn fall momentarily and generate an alert on the part of the user who does not know

      When there is a scheduled maintenance on a gateway, the vpn fall momentarily and generate an alert on the part of the user who does not know if it is a problem or a maintenance. This creates a ticket to Azure with the loss of time and especially the loss of confidence in the plant form Azure. It would be nice to know and be informed when this is going to happen.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    15. Allow increase of DNS alias quota

      Currently there is a hard limit of 20 DNS alias records per public IP. This quote is not documented anywhere, nor is it able to be changed by any support staff.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    16. User / Group based Firewall Rules

      To move existing Webservices to Azure (Linux Webservers with internal Services) i would like to place them behind an Azure Firewall with Path Through Authentication against Azure AD, so that employees have access to the Ressource and any other access is blocked.I want to create Rules based on users not on IP-Addresses.

      Regards,
      Reiner

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    17. Allow update of TCP timeout for frontend private IPs in Azure application gateway

      Please allow support of updating TCP timeout for private IPs.

      At the moment the TCP Timeout value is available only for public IPs. Would like it to be available for private IPs as well.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    18. CDN for root-DNS entry

      Actually it is by design not possible, to add a cname entry for the root-Level DNS entry. But a cname is needed to provide a CDN. I dont want to publish all my Websites with WWW, just to use a CDN.
      Some Providers already have the Workaround and provide a ANAME.

      Please provide also a Workaround, to provide a CDN for the root-Domain.

      Thanks, Martin

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    19. Allow creation of your own Service Tags for use in NSGs

      Effectively allow you to create your own address group objects that can be referenced across all NSG's in any location/VNET.

      This would simplify NSG management considerably, even more than ASGs will (when they support being used across multiple VNETs)

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    20. enable Bastion users to select either RDP or SSH for connecting to Linux VM

      Currently the Bastion service only lets you connect to a Linux VM using SSH. It would be nice if one could use Bastion to connect using RDP protocol as well, assuming xRDP was enabled and the port was opened to the Linux VM.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    1 2 5 7 9 13 14
    • Don't see your idea?

    Feedback and Knowledge Base