Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Display health probe status in Load Balancer

      Display health probe status for each node in the backend pools in Load Balancer

      69 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        2 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
      • Provide multi-factor authentication capabilities in VPN client

        The ask is pretty self-explanatory.

        We want to host sensitive data in Azure VMs and enable connectivity only via P2S VPN.

        Today, the VPN client only requires having the cert to gain access the Azure Network. As the cert can easily end up in the hands of someone who shouldn't have access to it...it's not very secure.

        For MFA, integration with PhoneFactor would be cool. At a minimum, the VPN client should require a username/password in addition to requiring the cert.

        162 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
        • Support IPv6 Throughout the Azure Platform

          IPv6 has been a standard for years and ISPs are starting to roll out native IPv6 stacks to consumers. The time is now to support IPv6.

          1,099 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            50 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →

            As noted by SamirF, Azure now offers load-balanced, dual-stack (IPv4+IPv6) Internet connectivity for Azure VMs. This native IPv6 connectivity (TCP, UDP, HTTP…inbound and outbound initiated) all the way to the VM enables a broad range of service architectures. IPv6 for Azure VMs is available now in most Azure regions. Data transfers over IPv6 are billed at the same rates as IPv4. For more information, please visit this Overview of IPv6 for Azure Load Balancer: https://azure.microsoft.com/en-us/documentation/articles/load-balancer-ipv6-overview/

            We realize load-balanced Internet connectivity is just the first step of what is implied by this suggestion & comments and support for more scenarios is under development.

            Please add suggestions for specific scenario/service you need IPv6 enabled to help guide our prioritization and work?

            Many thanks,
            The Azure Networking IPv6 feature team

          • Either add Point-to-Site SSTP VPN clients for Mac/Linux or enable other connectivity options

            With Azure trying to attract more than just Windows devs, we need to be able to VPN using non-Windows platforms for point-to-site connections.

            1,357 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)

              Thank you for your suggestion, and all of the support it has received. We understand this is a major pain point for a lot of our customers. We are currently working on enabling non-Windows clients to connect to Azure.
              Thanks,
              Bridget [MSFT]

            • Make VPN gateway more configurable

              We should be able to fully customize the VPN gateway parameters for phase 1 & 2 negotiations:

              * Specify the pre-shared key
              * Lifetime values
              * Encryption
              * Static IP address that won't change if the gateway is deleted and recreated
              * etc.

              203 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • Monitoring of ExpressRoute

                I want to be alerted, when my metered ExpressRoute is reaching a certain limit (that it is cheaper for me to go with unlimited model).
                Overall no monitoring supported to verify if peering is up, how much inbound and outbound traffic is going through the ExpressRoute/Virtual Network Gateway.
                The ExpressRoute is critical and therefore its state needs to be monitored.

                28 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  started  ·  3 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
                • Faster configuration updates

                  I'm experimenting with using App Gateway as a frontend server to do URL routing to one Windows App Service and one Linux App Service, via the portal. I'm an hour in to this process because each and every step takes many minutes to complete.

                  28 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

                    Thanks for your feedback. We are working on improving the update experience to make it faster. As an alternate suggestion, please note that multiple configuration steps can be combined into a single update via PowerShell or ARM template for faster updates.

                  • Automatically add Web hosting plan services to virtual network

                    I pretty much want to keep storage, SQL database, web app, VMs, and any other service I use within a private network to keep granular control of which services can connect to other services. The "open to all" connection strings to all services is a hard sell to any organization used to securing their IT behind firewalls and networks of networks. Where are you on this today? It must be considered a less secure since these connection strings always tend to leak..

                    5 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
                    • azure admin should be able to view the virtual network gateway log

                      currently as azure admin i can not see the gateway log when Vnet to Vnet connection is made

                      94 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • Support for gateway diagnostics in ARM

                        The only way to get diagnostics logs from a VNet gateway is via ASM cmdlets. CSP subscriptions do not offer any support for ASM, so troubleshooting is impossible. Please add native support in ARM for retrieving logs from a VNet gateway

                        117 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          4 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →

                          Thank you for your suggestion. We currently have something in the Portal called “Resource Health Check” under “Support + Troubleshooting” within your Gateway. It will check the health of your Gateway and try to determine the cause of an unhealthy Gateway. We understand how important this is, and are working on further improvements to monitoring and diagnostics.

                          Thanks,
                          Bridget [MSFT]

                        • Support for HTTP to HTTPS redirection for Application Gateway

                          When using an Application Gateway to provide SSL offloading for applications hosted on IIS / IaaS, there is no native option to redirect HTTP requests to HTTPS. Without redirection or a listener on 80 for the host name, users receive a 404 response. This leads to developing a more complex network topology to handle inbound HTTP request to the host name.

                          Possibly allow for an additional option on a listener, that will allow for returning a redirect HTTP code with the proper HTTPS URL, creating a clean/seamless experience for the end user.

                          318 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            15 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                          • Enable Multiple IP addresses for Azure Application Gateway

                            Azure Application Gateway is a nice Service for Load Balancing Layer 7 HTTP and HTTPS traffic. Today, we can only attribute one IP address (Public or Private) to the Application Gateway Deployment. It is fundamental that a Load Balancer can support multiple IP addresses to provide flexibility (Based on many customers feedback)

                            144 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                            • About Idle Timeout on Application Gateway

                              In case when the connection is done via Application Gateway, it shows no response when HTTP connection takes over 4 minutes.
                              I predict the root cause of this issue is due to Azure’s Load Balancer, as it depends on limitations.
                              Therefore, I ask you to change it so we can make the limitation optional.

                              (Japanese)
                              Application Gateway を経由した通信の場合、 4 分間を超える HTTP 通信が発生すると、応答を返さなくなる。
                              この動作は、Load Balancer の制限に依存すると思われるが、これを任意で変更できるようにしてほしい。

                              44 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow web apps to be backend pools in application gateways

                                Instead of requiring an App Service Environment, or Virtual Machines running IIS, allow us to put in the FQDN/IP Address of our Azure App Services.

                                30 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                • Remove Server/Framework Headers From Application Gateway Responses

                                  For the sake of security, it would great if we could get the following tags removed from the AG responses:

                                  < Server: Microsoft-IIS/8.5
                                  < X-Powered-By: ARR/3.0
                                  < X-Powered-By: ASP.NET

                                  67 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    6 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Effective NSG and Route

                                    Azure classic had a very good powershell cmdlet, Get-AzureEffectiveRouteTable, which showed the route table for a VM with all the UDRs applied to it from the VM's perspective. It would be great if we can apply this concept to NSG's and Routes in ARM and especially in the portal. If I click on a NIC, it will show me the effective inbound and outbound NSGs applied to it by combining the subnet level NSG rules and the NIC level rules. For routes, it should show me something similar to the cmdlet above by combining all the VNET peering routes, VNET…

                                    6 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                    • VPN parameter

                                      IPsec Parameters can be configured.
                                      my host site uses Diffie-Hellman Group group 5 in Phase 1.

                                      37 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • Allow IPv6 VIPs - Charge for *blocks of* IPv6 addreses

                                        It would be nice if we could purchase elastic IPv6 blocks of IPs, then when setting up an endpoint for a VM we could select the specific IP from the block for the endpoint.

                                        41 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →

                                          We currently offer the option of reserving single IPv4 public addresses. Reservation of blocks of IPv4 and IPv6 public addresses is, unfortunately, still in work- we apologize for the delay.

                                          On a related topic, Azure now offers load-balanced, dual-stack (IPv4+IPv6) Internet connectivity for Azure VMs. This native IPv6 connectivity (TCP, UDP, HTTP…inbound and outbound initiated) all the way to the VM enables a broad range of service architectures. IPv6 for Azure VMs is available now in most Azure regions. Data transfers over IPv6 are billed at the same rates as IPv4. For more information, please visit this Overview of IPv6 for Azure Load Balancer: https://azure.microsoft.com/en-us/documentation/articles/load-balancer-ipv6-overview/

                                        • Support CIDR in Point to Site Networking (RFC1918 bug)

                                          Azure forces clients to have a class A default route when using 10.x.x.x as their internal network. This should reflect the subnet mask illustrated in the portal

                                          More information:

                                          http://serverfault.com/q/818383/51457

                                          7 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          • When Network Security Group applied for Subnet or changes writes this Azure Log.

                                            We need records in log when someone apply or remove NSG for subnet. Also it would be great to log changes to NSR rules.

                                            16 votes
                                            Vote
                                            Sign in
                                            Check!
                                            (thinking…)
                                            Reset
                                            or sign in with
                                            • facebook
                                            • google
                                              Password icon
                                              I agree to the terms of service
                                              Signed in as (Sign out)
                                              You have left! (?) (thinking…)
                                            ← Previous 1
                                            • Don't see your idea?

                                            Feedback and Knowledge Base