Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. X-Forwarded-For from firewall should be sending the external IP of the incoming connection.

      X-Forwarded-For is being overwritten by the firewall, so our internal servers cannot check the external IP of the incoming connection.

      This is a requirement of both business logic and PCI requirements, and the firewall should be sending the external real IP instead of its own IP to the internal servers.

      71 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
      • Add ASG support on Azure Firewall

        Currently it's not possible to utilize ASGs in the Azure Firewall which limits the possibility of having an autoscaling environment and at the same time limit the network access to only what is necessary by specific resources.

        If deploying new resources and adding them into existing ASGs, it would be beneficial to be able to utilize ASGs as source/destination in Azure Firewall as well to remove the need of having to configure IP specific rules each time a new resource is deployed.

        15 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
        • More public IPs on Azure Firewall

          At the moment you only have the possibility to have 1 public IP on Azure Firewall. When this IP is used for ex. access to AD FS WAP behind Azure Firewall, then you are not able to host other services on port 443/tcp behind Azure Firewall that needs to be accessible from the Internet.

          Please provide the option to add additional public IPs to Azure Firewall.

          4 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
          • Add Azure Firewall compatibility with Application Gateway

            I have an architecture with multiple subscriptions, virtual networks and connectivity to on-premises. In the hub subscription we use(d) Azure Firewall to filter network traffic between networks.

            It appears that Azure Firewall cannot be used in conjunction with Application Gateway, as (apparently?) the health probe traffic is not routed correctly and backend status is deemed as "unknown" even though everything is healthy. Microsoft Support confirmed that this is currently unsupported.

            This prevents us from using ready made PaaS solutions (App GW) in order to publish services running in Azure. At the same time, we consider network security a critical matter…

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
            • Azure Firewall showing up as "Other classic resources > Deployments"

              In Cost Management + Billing, Azure firewall cost shows up under the category "Other Classic Resources > Deployments. This can be misleading. I understand that Firewall billing is billed in two ways, But it should be better designated, so resources billing can be traced.

              Thanks

              Ref: Service request: 118111921002018

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
              • Disable source NAT on incoming sessions on Azure Firewall

                Hi,

                As far as I can tell, source NAT is applied to all incoming sessions crossing a destination nat-rule on the Azure Firewall.

                It would be great if there was an option for this implicit source NAT to be disabled. Doing so would allow internal Azure VMs to see the real public IP address of the system making the incoming connection.

                The Azure Firewall deployment docs state that a default route should be set on the host's subnets pointing to the Azure Firewall - so source NAT should not be necessary for (public) Internet IP addresses to be routed successfully…

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
                • Azure Firewall - NAT Rules Clarification

                  The NAT rules UI is little wonky and less intuitive than I would like. I think the terms "destination" address and "translated" address could be modified to be more clear. Almost every customer that I have worked with on deployment of Azure Firewall has reversed these and hence impacted their configuration and timing for deployment. I think the UI should have F/W interface address (it should know it since it only can have one today) and the translated address field should be labeled target. That simple change would've saved a couple of customers an hour or two of frustration and…

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
                  • Logs to Appear in Log Analytics Near Real Time

                    I have setup Azure Firewall wit Log Analytics. What would be useful is if the logs could get shipped near real time to Log Analytics. Experiencing about a 10 min delay.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
                    • Add Service Tag (Internet) to Azure Firewall Network Rule

                      Hello Team,

                      It would be nice to add some service tags like Internet in the network rule section when we have to configure an outbound rule to allow VMs to browse the Internet. The current option only allows for IPs, which makes it a bit difficult if one wants the VM to browse the Internet.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
                      • Don't see your idea?

                      Feedback and Knowledge Base