How can we improve Azure Networking?

← Networking

Allow ICMP ping to VIP (Allow Ping inbound)

Vote for allowing UDP through the firewall. Such as ping inbound, because the ping are the minimal required for so much app.

62 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Charles C shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

6 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Rob Brown commented  ·   ·  Flag as inappropriate

    Wow, you didn't even read the part about the problems with forcing all the 3rdparty network checking tools to switch from ICMP to TCP. Please stop recommending impossible things as a solution or even as a work-around.

  • Rob Brown commented  ·   ·  Flag as inappropriate

    And we get complaints from our clients having troubles with our website saying that they can't even ping it! This makes it seems like our website is totally down instead of some other problem that they are experiencing. This is causing extraneous false alarms for those just trying to diagnose problems. And it's really just unprofessional, in the very least.

  • Rob Brown commented  ·   ·  Flag as inappropriate

    For security reasons and for better network diagnostics and for SOC compliance which requires all networks monitoring, the "ping" must respond on a Load Balancer public IP. The ICMP protocol should be able to be NAT to or load balanced to any virtual machine of choice. Or at the very least, just have an option to allow to enable to respond to all ICMP requests if there is sufficient network connectivity from the public routes, (just like AWS and all the other cloud providers allow.) Currently, UDP and TCP proto is supported, which is fine, but that isn't good enough to support what is required. Unfortunately, many 3rdparty monitoring applications do not allow you to choose something other than ICMP.

    For example:

    https://pingtool.org/

    https://ping.eu/ping/

    https://www.ipaddressguide.com/ping

    http://www.ipvoid.com/ping/

    All of which are reporting "100% packet loss" even for those Load Balancer public IPs that are up and running perfectly.

    The current behavior is inappropriate.

  • Vinod commented  ·   ·  Flag as inappropriate

    Ping works only for the public IP address associated to the virtual machine resource. Can it be allowed for the Load Balancer and VPN gateway resources as well.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Ping should be enabled in Load balancer. There should be option to enable/Disable ping Via Load Balancer. If someone don't want ping then keep disable this option.

Networking: Load Balancer

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice