Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Add more metrics to better analyse capacity, firewall violations, etc

      Analysis via Log Analytics is useful, but it'd be nice to have some predefined reports or "blades" in Azure Portal to analyse events, throughput, capacity/utilization.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. HEAD requests to monitor health

      It would be nice to be able to use HEAD requests for health monitoring instead of full GET

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Add MTOM support to the Microsoft WAF

      We currently have a use case for utilizing MTOM to more efficiently transmit binary data in a SOAP-based service.

      We are also trying to place the application behind a Microsoft WAF in Azure, but are unable to do so due with the WAF in prevention mode as the WAF does not currently support/allow MTOM requests.

      We reached out to Azure support and were told that:

      "MTOM is not supported and it's not yet on implementations plans".

      We are requesting that the Microsoft WAF team add support for making MTOM calls to a service that go through the WAF.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow flags to be set on the Application Gateway Affinity Cookie

      Our security team is telling us that the cookie from the application gateway is failing security scans because the secure and httponly flags are not set.

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. Allow control of the ARRAffinity set cookie response header

      Problem:
      When a request for contoso.com hits an Azure App Gateway and the back end is routed to contoso.azurewebsites.com, the set ARRAffinity cookie response includes the optional domain attribute (as per RFC6225 Page 22) that specifies "contoso.azurewebsites.net". causing the user agent to never write the cookie since the Domain attribute doesn't match the requested domain.

      Proposed Solutions:
      Solution #1
      Give us a way to disable the Set Cookie: domain attribute similar to the way we can add a "Arr-Disable-Session-Affinity" response header to disable the cookie entirely. I'm suggesting an "Arr-Disable-Session-Affinity-Strict-Domain" response header to tell the ARR proxy not to write…

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. Show domain in logs

      The access logs for the application gateway only show the routes. We use a single gateway to host multiple sites and some have similar folder structures, this makes evaluating access and tracing issues a bit difficult. It would be great if the actual domain (http://www.something.com) was listed in there too.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Application Gateway Performance

      We have two large instances of Application gateway on our application which is a connected client application using long polling. When we did load testing, gateway starts to give 503 with just 10k connections whereas our back-end application just works with just 7 % CPU. When we raised ticket we got a response saying it is as per design. We did not expect this from Application gateway.
      Can you please let us know what is performance metrics of Application Gateway.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow Application Gateways to be moved between subscriptions

      Applications Gateways currently can't be moved between subscriptions.

      Allow them to be moved between subscriptions.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Allow APGW redirection from the root path

      Allow an Application Gateway's path-based rules to accept a forward slash ( / ) as a valid path.
      As of the time of writing this, trying to save such a configuration results in the following error:

      failed to save configuration changes to application gateway 'APGW_NAME'. Error: Path / should have a nonempty match value followed by '/' in PathRule RESOURCE_GROUP/providers/Microsoft.Network/applicationGateways/APGW_NAME/urlPathMaps/RULE_NAME/pathRules/REDIRECT_RULE_NAME'>APGW_NAME/RULE_NAME/REDIRECT_RULE_NAME.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Add Application Gateway support for Azure DevOps tasks

      Add Application Gateway support for Azure DevOps tasks. Currently public IP address is needed for release pipeline tasks like copying files and running PowerShell on Azure VM's.

      Here's a link to the statement that VM's are not supported behind Application Gateways: https://github.com/Microsoft/azure-pipelines-tasks/issues/3235#issuecomment-448126585

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Reduce price for V2 SKUs

      Reduce price for V2 SKUs to make them more affordable for small workload projects

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Application Gateway: SSL Offload: OWASP Header support

      Application Gateway: SSL Offload: OWASP Header support

      When using an Application Gateway to provide SSL offloading, there are no OWASP security header options. Without them, sites using ssl offloading will remain vulnerable to multiple attacks.

      Adding a security headers section to the WAF rules area will allow these to be set for SSL offload sites (and ssl passthrough ideally also). Alternately, these could be tied to each listener or the ssl policy.

      This would allow sites that depend on these headers for COMPLIANCE in their industry to use this product without having to configure an expensive workaround for this basic…

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. support ESI (Edge Side Includes) in the Application Gateway and CDN like Vanish or Akamai.

      ESI can be a great feature for server side content based integration ( transclude of html fragments ) in a microservice architecture. For more information please read : ( https://gustafnk.github.io/microservice-websites/#integrating-on-content ).

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Accept request only from specific source IP address

      I'm raising this again as the original from someone else was declined, possibly due to lack of clarity on purpose.

      On an app gateway that has multiple listeners, there might be a need for listener A to be accessible from IP x and listener B to be accessible from IP y.

      Using an NSG, only the whole of the App Gateway can have rules associated with it. I can't have listener A accept from one IP and listener B from another as listeners do not have a distinct identity that can be referenced in an NSG.

      The only way around…

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Azure Application Gateway CPU Utilization Metric

      The Application Gateway offering provides quite a few useful metrics, but lacks some core performance metrics. Please, at a minimum, provide a metric and alert for CPU utilization of the instances behind an Application Gateway. When CPU utilization is not monitored at this level, it can affect the performance of dependent applications.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Static public outbound IP for Application Gateway v1

      We use Application Gateway v1 because it has the possibility to assign a static private frontend IP.
      Now we would love to see the possibility to assign a static public IP for outbound traffic.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    17. Support traffic fork/shadowing/mirror on application gateway.

      Support traffic fork/shadowing/mirror on application gateway. Sometimes we need send shadow traffic to a testing/staging environment, and the best place to do this is layer 7 load balancer..

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. Headers to identify health monitoring requests

      My ApplicationInsights logs show all the health requests done by AG to monitor the health of the system.
      I'd like to have the possibility to recognize health requests through specific headers so that I can skip standard HTTP pipeline and immediately return 200 status code, without logging the request

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      under review  ·  0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Add functionality to Application Gateway for routing based on HTTP headers

      The ability to route traffic to backend pools depending on HTTP headers would be much appreciated. At the moment the only way to do this is with a function app.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. URL path management

      It would be nice to have ability to allow/block some path of the hosted sites:
      /page1/subpage1/subpage2 - allow
      /page1/subpage1 - block
      / - block
      or at least to allow/block only one page.

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base