Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support WebSocket connections on Azure Front Door

      Add support for WebSocket connections with load balancing on Azure Front Door

      1,002 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      29 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Allow file transfer to Azure Bastion sessions

      Not being able to transfer files to a VM using a Bastion session really limits the usability. Please enable this feature.

      727 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  22 comments  ·  Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    3. Azure DevOps Whitelisting

      Please create service tag for Azure DevOps Hosted Build Agents. I have been told that to allow hosted agent access through NSG - to my ASE's, I need to whitelist ALL external Azure IPs.. This is unaccesptable from a Security standpoint. Please address immediately

      https://developercommunity.visualstudio.com/idea/467755/static-ip-address-for-azure-devops.html?childToView=571222#comment-571222

      435 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    4. Offers BGP prefix/route summary at Microsoft Enterprise Edge (MSEE) ExpressRoute routers

      There is an urgent business need to summarize BGP prefix/route at MSEEs before being propagate to its peers at remote sites i.e. Cloud Gateway Access (CGA) routers in relation to Express Route service (as there is vary limit of allowable prefix entry set at remote CGA routers i.e. default 20 in some case).

      This BGP prefix summarization helps reduce the need of large number of prefix entries to be broadcasted from Azure to CGA especially for business case that have large number of spoke VNETs (Hub and Spoke model) leveraging on granular address space of a large prefix.

      For example,…

      314 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. Application Gateway V2 support of UDR

      Deploying a Application Gateway in a subnet with an UDR is needed in enterprise networks. For example if you advertise the default route from a ExpressRoute connection,.

      301 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    6. Frontdooor - TLS mutual authentication - X-ARR-ClientCert

      Allow Frontdoor to inject the client certificate into request header: X-ARR-ClientCert similar to App Services.

      https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth

      293 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      10 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    7. WAF on Application Gateway needs a function to exclude some condition like a trusted node.

      Now, Web Application Firewall feature would be available as part of Azure Application Gateway.

      Currently, WAF on Application Gateway seems to not have a function to exclude from blocking access by any condition.
      So, I would like to request to add this function for WAF on Application Gateway.

      Acutually, Many WAF product could exclude particular access from blocking like a trusted node.

      224 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      10 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    8. Add additional Authorized CA for custom Certificate in Azure Front Door

      Actually it is possible to bring a custom certificate for custom domain name in Azure Front Door. Unfortunately, there is a restricted list of authorized CA (cf. https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https). CA like Lets Encrypt (https://letsencrypt.org/) are not in the list. Is possible to add it ?

      223 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      14 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Intermediate CNAME for custom domain on FrontDoor

      Custom domains on Front Door and App service do not work the same way.

      Custom domains on Front Door and App service do not check DNS records for custom domains in the same way.

      My usecase:
      - I have hundreds of clients with custom domains they have registered on their own (like myclient.com)
      - My clients use www.myclient.com to access our services
      - My company owns mycompany.com
      - I've asked them to add a CNAME like this: www IN CNAME client.mycompany.com
      - I've setup this record: client.mycompany.com IN CNAME mycompany.azurewebsites.net
      - We are using custom domains on App service with…

      221 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. TLS 1.3 and HSTS Support for Azure Application Gateway

      This is about a feature request for an Azure Application Gateway to support TLS 1.3 and HSTS.
      At least HSTS is just a secure header which should be trivial to implement.
      I`m looking forward to a feedback.

      212 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    11. Enable the use of Azure App Service Certificate with Azure Application Gateway

      Today, you have to manage your certificate yourself and provide to Azure Application Gateway a .pfx file.
      It would be great if we can have in Azure Application Gateway the same integration we have between Azure App Service and Azure App Service Certificate in order to handle the purchase, renewal, configuration and security of our certificates.
      As far as I know, the ASC team has done a seperate Resource Provider and it might be easy to integrate it with other services such as Azure Application Gateway.

      183 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  4 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow Azure Tags to be updated after the Azure Front Door has been created

      Currently Azure Front Door only supports adding Tags when the AFD resource is created. Ideally, and inline with all other Azure Resources it should allow tags to be updated at any point during the resources lifetime.

      174 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Enable Azure Front Door managed certificates in ARM Templates

      Azure Front Door is GA. We really want to use it throughout our build/release cycles. We are not able to do so because it is not possible to setup the custom domain AFD managed certs via ARM templates. When will this be available.

      151 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    14. mutual TLS authentication on Application Gateway

      To verify authenticity of client sending traffic to Application Gateway, its required to have mutual TLS authentication.
      For use cases such as : Using a 3rd party caching or WAF tier like Akamai send traffic to AG, we would require mutual TLS.

      Currently we could limit source by IPs by putting an NSG rule. But cryptographic identity verification is the correct approach. Towards this I would like to request Mutual TLS.

      149 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. storage account firewall - Add inbound service tags for storage account.

      At the moment, storage account firewall can only be configured to "Allow Trusted MS Services" and the whitelisting of IPs/IP ranges.

      Our Power BI service needs to be able to access our storage account with storage account firewall enabled.

      Currently we have to manually whitelist data center IP ranges in order for this to work.

      Please add the ability to add inbound service tags for storage account firewall like you can with NSGs and add Power BI and other MS services to the "Allow Trusted MS Services".

      Thank you.

      148 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    16. Front Door Managed SSL for Apex Domain

      While you can add an apex domain by changing your name servers to Azure DNS and utilizing an alias record (similar to traffic manager), front door does not allow for "Front Door Managed" SSLs for the apex domain. As this will be one of the most required SSLs (since it's very rare for a company not to redirect the apex to www.***.com or vice versa), it would be very useful to not have to purchase a cert for this purpose since free managed SSL is a very big selling point for Front Door. Please add this, otherwise almost all customer…

      133 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    17. Application gateway V2 subnet to support UDR

      We need to support UDR association with Appgw V2 subnet, since as of now it's not yet support while Appgw V1 does support. Please add this feature.

      127 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow adding custom hostnames before DNS CNAME is set up on Azure Front Door

      Allow adding custom hostnames before DNS CNAME is set up. That way we could prepare the Front Door configuration before setting it live on our domain. This is useful for scenarios when some transitions to Front Door (for example from Traffic Manager) with a domain which is already in use in production.

      126 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    19. Disable source NAT on incoming sessions on Azure Firewall

      Hi,

      As far as I can tell, source NAT is applied to all incoming sessions crossing a destination nat-rule on the Azure Firewall.

      It would be great if there was an option for this implicit source NAT to be disabled. Doing so would allow internal Azure VMs to see the real public IP address of the system making the incoming connection.

      The Azure Firewall deployment docs state that a default route should be set on the host's subnets pointing to the Azure Firewall - so source NAT should not be necessary for (public) Internet IP addresses to be routed successfully…

      111 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    20. Add functionality to Application Gateway for routing based on HTTP headers

      The ability to route traffic to backend pools depending on HTTP headers would be much appreciated. At the moment the only way to do this is with a function app.

      109 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3 4 5 12 13
    • Don't see your idea?

    Feedback and Knowledge Base