How can we improve Azure Networking?

← Networking

Add Custom Tags to NSG Rules

It would be great if we can define our own on-premise network ranges (using 'Named networks' in AAD?) and add these as Custom Tags to our NSG rules. Now we have our on-premise ip-adresses/subnets as a seperate item in every NSG. When these ip-adresses/subnets change for whatever reason, we have to check every NSG and change this item. If we could use these 'centrally managed' ip-adresses/subnets as 'Custom Tags' in our NSG's rules we don't have to check and change every NSG rule with every ip-address change.

254 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
    Password icon
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    Rody shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    14 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Forgot password?
      Create a password
      Signed in as (Sign out)
      Close
      Close
      Submitting...
      • Masato commented  ·   ·  Flag as inappropriate

        I'ts very nice if you can add the NSG tag like "Backup[geo-name]".
        Now, we can not control specific ip address by using NSG in case of restoring files from Azure Backup.
        We tried to control from *.download.microsoft.com(443/TCP) and pod01-rec2.
        [geo-name].backup.windowsazure.com(3260/TCP) , but does'nt work well.
        So we tried to use Azure Firewall as FQDN Filtering , but Azure Firewall was only support for HTTP/HTTPS protocol.
        Please add the NSG tag for restoring from Azure Backup.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Hi, is there any update on this?
        Using custom tags in NSG would be a life saver and would help a lot in getting rules auto implemented on VM provisioning as well.

      • Benedikt Kittinger commented  ·   ·  Flag as inappropriate

        @MSFT: Are there any updates on this feature request?

        This would be a really useful feature in Hybrid and Multi-Cloud environments where you would want multiple (several hundred in our case) rules that share the same source or destination subnets that cannot be grouped into Application Security Groups.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I saw a couple of more tags added for Storage/SQL, but nothing for custom tags... any update on that?

      • Anonymous commented  ·   ·  Flag as inappropriate

        An update would be much appreciated. Suffering with multiple identical source/destination networks in NSG rules that we would like to manage as a set. Current process is dangerously unwieldy

      • Anonymous commented  ·   ·  Flag as inappropriate

        Is there any update on this? We are having this exact issue, and being able to define source / destination networks via subnet name or tag would really be nice. Entering the CIDR notation for each subnet in every rule is a serious pain to manage...

      • Vincent.su commented  ·   ·  Flag as inappropriate

        Hey Team, it's almost mind of year but we still didn't have no updates yet regaridng to this new feature, is there any latest news or timeline wanna share with us

      • Sean McNellis commented  ·   ·  Flag as inappropriate

        Yes please! Not sure, but it would make sense to include FQDN based sources so those of us using any type of dynamic DNS for server RDP, VPN access, etc. This could make life a lot easier for me :)

      • Mario Lopez [MSFT] commented  ·   ·  Flag as inappropriate

        Hi Rody

        We are currently working to enable users to defined their own Custom Tags, expect more information by mid this year about this feature

      Networking: Security (ACLs, Firewalls, Intrusion Detection)

      Feedback and Knowledge Base

      (thinking…)
      Hosted by UserVoice