With Azure trying to attract more than just Windows devs, we need to be able to VPN using non-Windows platforms for point-to-site connections.1,257 votes58 comments · VPN Connectivity (Point-to-Site, Site-to-Site) · Flag idea as inappropriate… · Admin →
Thank you for your suggestion, and all of the support it has received. We understand this is a major pain point for a lot of our customers. We are currently working on enabling non-Windows clients to connect to Azure.
IPv6 has been a standard for years and ISPs are starting to roll out native IPv6 stacks to consumers. The time is now to support IPv6.1,067 votes
As noted by SamirF, Azure now offers load-balanced, dual-stack (IPv4+IPv6) Internet connectivity for Azure VMs. This native IPv6 connectivity (TCP, UDP, HTTP…inbound and outbound initiated) all the way to the VM enables a broad range of service architectures. IPv6 for Azure VMs is available now in most Azure regions. Data transfers over IPv6 are billed at the same rates as IPv4. For more information, please visit this Overview of IPv6 for Azure Load Balancer: https://azure.microsoft.com/en-us/documentation/articles/load-balancer-ipv6-overview/
We realize load-balanced Internet connectivity is just the first step of what is implied by this suggestion & comments and support for more scenarios is under development.
Please add suggestions for specific scenario/service you need IPv6 enabled to help guide our prioritization and work?
The Azure Networking IPv6 feature team
When using an Application Gateway to provide SSL offloading for applications hosted on IIS / IaaS, there is no native option to redirect HTTP requests to HTTPS. Without redirection or a listener on 80 for the host name, users receive a 404 response. This leads to developing a more complex network topology to handle inbound HTTP request to the host name.
Possibly allow for an additional option on a listener, that will allow for returning a redirect HTTP code with the proper HTTPS URL, creating a clean/seamless experience for the end user.279 votes
We started working on this.
I want to be alerted, when my metered ExpressRoute is reaching a certain limit (that it is cheaper for me to go with unlimited model).
Overall no monitoring supported to verify if peering is up, how much inbound and outbound traffic is going through the ExpressRoute/Virtual Network Gateway.
The ExpressRoute is critical and therefore its state needs to be monitored.16 votes
The ask is pretty self-explanatory.
We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.
Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.
For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.144 votes
We are working on giving more control over authentication within Point-to-Site connectivity to Azure.
For the sake of security, it would great if we could get the following tags removed from the AG responses:
< Server: Microsoft-IIS/8.5
< X-Powered-By: ARR/3.0
< X-Powered-By: ASP.NET60 votes
Thank you for the feedback. We are working on removing these headers.
Display health probe status for each node in the backend pools in Load Balancer49 votes
We’re working on this feature.
Instead of requiring an App Service Environment, or Virtual Machines running IIS, allow us to put in the FQDN/IP Address of our Azure App Services.30 votes
Thanks for your feedback. We are working on enabling this.
currently as azure admin i can not see the gateway log when Vnet to Vnet connection is made91 votes
We should be able to fully customize the VPN gateway parameters for phase 1 & 2 negotiations:
* Specify the pre-shared key
* Lifetime values
* Static IP address that won't change if the gateway is deleted and recreated
* etc.197 votes
Update: We are working on adding more control over IPsec/IKE parameters.
I'm experimenting with using App Gateway as a frontend server to do URL routing to one Windows App Service and one Linux App Service, via the portal. I'm an hour in to this process because each and every step takes many minutes to complete.13 votes
Thanks for your feedback. We are working on improving the update experience to make it faster. As an alternate suggestion, please note that multiple configuration steps can be combined into a single update via PowerShell or ARM template for faster updates.
The only way to get diagnostics logs from a VNet gateway is via ASM cmdlets. CSP subscriptions do not offer any support for ASM, so troubleshooting is impossible. Please add native support in ARM for retrieving logs from a VNet gateway111 votes
Thank you for your suggestion. We currently have something in the Portal called “Resource Health Check” under “Support + Troubleshooting” within your Gateway. It will check the health of your Gateway and try to determine the cause of an unhealthy Gateway. We understand how important this is, and are working on further improvements to monitoring and diagnostics.
IPsec Parameters can be configured.
my host site uses Diffie-Hellman Group group 5 in Phase 1.37 votes
We are working on giving more control over IPsec/IKE parameters.
In case when the connection is done via Application Gateway, it shows no response when HTTP connection takes over 4 minutes.
I predict the root cause of this issue is due to Azure’s Load Balancer, as it depends on limitations.
Therefore, I ask you to change it so we can make the limitation optional.
Application Gateway を経由した通信の場合、 4 分間を超える HTTP 通信が発生すると、応答を返さなくなる。
この動作は、Load Balancer の制限に依存すると思われるが、これを任意で変更できるようにしてほしい。41 votes
We are working on providing this support. Customers would specify timeout on the PublicIPAddress resource which is attached to the Application Gateway.
Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)135 votes
We started working on this.
Allow secondary NICs to have public IPs. We're trying to deploy Palo Alto Network appliances as a VPN endpoint and it requires dual-NIC each with a public IP address. PA's reference architecture uses a NAT server to provide a second public interface. This is not idea since we have to manage multiple servers and routes. The completed multi public IP feature allows multiple public IPs on the same NIC. We're looking for public IPs on multiple NICs.8 votes
Hi there, this is in public preview now: https://azure.microsoft.com/en-us/updates/public-preview-multiple-ips-per-nic/
— Anavi N [MSFT]
It would be nice if we could purchase elastic IPv6 blocks of IPs, then when setting up an endpoint for a VM we could select the specific IP from the block for the endpoint.41 votes
We currently offer the option of reserving single IPv4 public addresses. Reservation of blocks of IPv4 and IPv6 public addresses is, unfortunately, still in work- we apologize for the delay.
On a related topic, Azure now offers load-balanced, dual-stack (IPv4+IPv6) Internet connectivity for Azure VMs. This native IPv6 connectivity (TCP, UDP, HTTP…inbound and outbound initiated) all the way to the VM enables a broad range of service architectures. IPv6 for Azure VMs is available now in most Azure regions. Data transfers over IPv6 are billed at the same rates as IPv4. For more information, please visit this Overview of IPv6 for Azure Load Balancer: https://azure.microsoft.com/en-us/documentation/articles/load-balancer-ipv6-overview/
Azure classic had a very good powershell cmdlet, Get-AzureEffectiveRouteTable, which showed the route table for a VM with all the UDRs applied to it from the VM's perspective. It would be great if we can apply this concept to NSG's and Routes in ARM and especially in the portal. If I click on a NIC, it will show me the effective inbound and outbound NSGs applied to it by combining the subnet level NSG rules and the NIC level rules. For routes, it should show me something similar to the cmdlet above by combining all the VNET peering routes, VNET routes, and UDRs.
This would be REALLY helpful in diagnosing routing and ACL issues in a deployment to see all of this information in one place instead of having to go to different areas in the portal to dig up the information.
Azure classic had a very good powershell cmdlet, Get-AzureEffectiveRouteTable, which showed the route table for a VM with all the UDRs applied to it from the VM's perspective. It would be great if we can apply this concept to NSG's and Routes in ARM and especially in the portal. If I click on a NIC, it will show me the effective inbound and outbound NSGs applied to it by combining the subnet level NSG rules and the NIC level rules. For routes, it should show me something similar to the cmdlet above by combining all the VNET peering routes, VNET…3 votes
Hi Erwen, thanks for your feedback, we appreciate you taking the time to let us know. We are actively working on this and you should hear more about it soon.
we urgently need multiple IP addresses on one VM (at least two, one for IIS:80 and one for wowza-server:80
we urgently need multiple IP addresses on one VM (at least two, one for IIS:80 and one for wowza-server:8012 votes
Hello there, this feature is currently in Private Preview: https://azure.microsoft.com/en-us/documentation/articles/virtual-network-multiple-ip-addresses-portal/
This would enable use of hosting multiple VIPs or SSL sites on a server w/o the use of host headers. 3rd party load balancers such as F5 simply cannot match on-prem capability without this.
Amazon has supported this since 201227 votes
In Public Preview now: https://azure.microsoft.com/en-us/updates/public-preview-multiple-ips-per-nic/
- Don't see your idea?