Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Offers BGP prefix/route summary at Microsoft Enterprise Edge (MSEE) ExpressRoute routers

      There is an urgent business need to summarize BGP prefix/route at MSEEs before being propagate to its peers at remote sites i.e. Cloud Gateway Access (CGA) routers in relation to Express Route service (as there is vary limit of allowable prefix entry set at remote CGA routers i.e. default 20 in some case).

      This BGP prefix summarization helps reduce the need of large number of prefix entries to be broadcasted from Azure to CGA especially for business case that have large number of spoke VNETs (Hub and Spoke model) leveraging on granular address space of a large prefix.

      For example,…

      227 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    2. Simplify creation and visualization of Azure VNET's

      Creating a virtual network that spans an on-premise deployment and more than 1 Azure datacenter is a pain and not easy to "see" if all thing are lined up correctly. Building a network like this shouldn't require importing or exporting files and running powershell commands if you don't want to. Would be great it was like using Visio (Drag, Drop, Pipe). Then use that same view to see the overall health, speed, and usage in real time on that network.

      179 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →

      Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    3. WAF on Application Gateway needs a function to exclude some condition like a trusted node.

      Now, Web Application Firewall feature would be available as part of Azure Application Gateway.

      Currently, WAF on Application Gateway seems to not have a function to exclude from blocking access by any condition.
      So, I would like to request to add this function for WAF on Application Gateway.

      Acutually, Many WAF product could exclude particular access from blocking like a trusted node.

      153 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    4. Allow basic port forwarding in Network Security Groups

      It'd be really nice if Network Security Groups allowed basic port forwarding without the use of Azure Load Balancers. Being able to use an alternate public port for RDP, for example 23456, and directing the traffic to the native port (3389) in the Azure environment via the network group would make things simpler than having to create a load balancer to sit in front of the NSG and VM.

      101 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    5. Azure Loadbalancer must delete unhealthy VM of Azure VMSS

      I have create Azure VMSS behind Public Azure Std LB with HTTP based Health Probe. Azure Loadbalancer is working as per expectation. But If VM is unhealthy then it must be deleted or re-provisioned. So that machine can attain healthy state again.

      98 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    6. azure zones dns-forwarder

      Please extend DNS zones solution to add forwarding & client features to implement the following in PaaS instead of with VMs:
      https://github.com/Azure/azure-quickstart-templates/tree/master/301-dns-forwarder

      Use case: use azure dns to forward dns queries to 168.63.129.16 & between subnets. Enterprise DNS would forward to Azure DNS. VNET has Azure-provided name resolution (*.internal.cloudapp.net). In this way Enterprise DNS could dynamically learn of a PaaS offering on VNET.

      81 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    7. Feature Central IP Object usable for ALL Azure Resources

      Central IP Object usable for ALL Azure Resources

      In this new feature (ex : Azure IP Object management) user can create IP Object (List of Ips or Subnet) this object can be added in any Azure Resources who have a Firewall (Azure SQL, Storage Account, WebApp,...)

      For Exemple:
      You create an Object "Company Public IPs" and you add in this object All your company Public IP.
      In your Azure resources Firewall (WebApp, AzureDB, NSG,...) you specify this Object to allowing access.

      If tomorrow you need to add a new public IP you just need to add this new public IP…

      78 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    8. Add additional Authorized CA for custom Certificate in Azure Front Door

      Actually it is possible to bring a custom certificate for custom domain name in Azure Front Door. Unfortunately, there is a restricted list of authorized CA (cf. https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https). CA like Lets Encrypt (https://letsencrypt.org/) are not in the list. Is possible to add it ?

      71 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      9 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Support WebSocket connections on Azure Front Door

      Add support for WebSocket connections with load balancing on Azure Front Door

      65 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. Azure Private DNS Zone resolution from OnPremise

      Make it possible to enable the Name Resolution from onpremise if i have an azure private dns Zone.

      It should be possible to make an Forward from onpremise dns to an azure private dns Zone.

      53 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Domain Name Service (DNS, Traffic Manager)  ·  Flag idea as inappropriate…  ·  Admin →
    11. 51 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    12. Disable source NAT on incoming sessions on Azure Firewall

      Hi,

      As far as I can tell, source NAT is applied to all incoming sessions crossing a destination nat-rule on the Azure Firewall.

      It would be great if there was an option for this implicit source NAT to be disabled. Doing so would allow internal Azure VMs to see the real public IP address of the system making the incoming connection.

      The Azure Firewall deployment docs state that a default route should be set on the host's subnets pointing to the Azure Firewall - so source NAT should not be necessary for (public) Internet IP addresses to be routed successfully…

      47 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    13. Azure Security Group

      Azure Security Group (ASG) should have the option to show all the NICs associated with it.

      46 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →
    14. Change WAF configuration: allow either changing prevention/detection by rule or disabling rule by application.

      Per application request, he wanted to change the WAF configuration to detection mode but this change can affect another applications that are locate di the same application gateway.
      We disable rule 942400 but we want to allow either changing prevention/detection by rule or disabling rule by application.

      45 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Multi Tenant, Service Endpoint, vNet Peering, Subnet Whitlisting

      We have had a use case that could not be implemented due to the functionality not being available, We have a Multi-Tenant Alliance of Companies that require interoperability in regards to network access,

      Use Case:
      Tenant 1 :-
      Subscription,
      CosmosDB with Vnet with CosmosDB Service Endpoint

      Tenant 2 :-
      Subscription,
      VPN vNet with CosmosDB Service Endpoint

      We have managed to get both virtual network Globally vNet Peered via resourceID, however, cannot get the external tenant vnet subnet whitelisted within the cosmosdb due to it not being implemented yet.

      Confirmed with MS support to raise a Azure Network Improvement

      43 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Networks (VNET)  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    16. Application Gateway V2 support of UDR

      Deploying a Application Gateway in a subnet with an UDR is needed in enterprise networks. For example if you advertise the default route from a ExpressRoute connection,.

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    17. Allow separate VLAN tags when peering to ExpressRoute circuits

      Currently ExpressRoute requires two client subnets, but restricts these to the same VLAN tag. It would be helpful if each of these VLANs could be tagged individually.
      e.g. currently I can specify "172.16.1.0/30" as the primary and "172.16.2.0/30" as the secondary but they have to have the same ID

      41 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    18. App GW with load balance should use single internal IP for single session

      App GW with auto-scaling enabled have Multiple internal IP for communicating hosted web service. The worst part is its communicating same session from client with Multiple IP internally because of load balance it has multiple machine for APP GW.

      e.g

      https://groups.google.com/forum/#!msg/pwm-general/miljylSaFjA/1qqhNS7lQgAJ;context-place=msg/pwm-general/za94hdmqPL4/tafnzLq5yUIJ

      We are using application with which
      NSG/IP restriction cannot be used because application is designed in such way it doesn’t allow same session from multiple IPs for security purposes and if we white list backend IP doesn’t makes sense because they always will be same from backend pools.
      Let’s suppose during some session of user some attacker hooks…

      40 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    19. Restrict Azure Bastion copy and paste by policy

      The Public Preview of the Bastion host allows copy and paste to and from the target host to the browser session and then the local machine. There is a requirement to restrict this capability to help reduce data loss. Perhaps this could be by policy?

      39 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    20. allow custom host header for azure load balancer health probes

      HTTP health probes for Azure load balancer are hard-coded to use the IP of backend as their host headers. This forces the backend hosts have to be configured to allow its IP as one of its allowed domain. It's very surprising that Azure doesn't custom host header for HTTP(s) health probes. Please add custom headers for HTTP(s) heath probes; at least, host header support should be there.

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    ← Previous 1 3 4 5 6 7
    • Don't see your idea?

    Feedback and Knowledge Base