Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. X-Forwarded-For from firewall should be sending the external IP of the incoming connection.

      X-Forwarded-For is being overwritten by the firewall, so our internal servers cannot check the external IP of the incoming connection.

      This is a requirement of both business logic and PCI requirements, and the firewall should be sending the external real IP instead of its own IP to the internal servers.

      89 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    2. More public IPs on Azure Firewall

      At the moment you only have the possibility to have 1 public IP on Azure Firewall. When this IP is used for ex. access to AD FS WAP behind Azure Firewall, then you are not able to host other services on port 443/tcp behind Azure Firewall that needs to be accessible from the Internet.

      Please provide the option to add additional public IPs to Azure Firewall.

      61 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    3. Add ASG support on Azure Firewall

      Currently it's not possible to utilize ASGs in the Azure Firewall which limits the possibility of having an autoscaling environment and at the same time limit the network access to only what is necessary by specific resources.

      If deploying new resources and adding them into existing ASGs, it would be beneficial to be able to utilize ASGs as source/destination in Azure Firewall as well to remove the need of having to configure IP specific rules each time a new resource is deployed.

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    4. Remove requirement for public IP on Azure Firewall.

      Our organization requires access to Azure cloud only via VPN for internal users. We would prefer to use the Azure firewall however currently a public IP is required. The requirement for a public IP should be eliminated as from a security perspective, this is unacceptable if the firewall is used for internal traffic only.

      29 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    5. Disable source NAT on incoming sessions on Azure Firewall

      Hi,

      As far as I can tell, source NAT is applied to all incoming sessions crossing a destination nat-rule on the Azure Firewall.

      It would be great if there was an option for this implicit source NAT to be disabled. Doing so would allow internal Azure VMs to see the real public IP address of the system making the incoming connection.

      The Azure Firewall deployment docs state that a default route should be set on the host's subnets pointing to the Azure Firewall - so source NAT should not be necessary for (public) Internet IP addresses to be routed successfully…

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    6. Add Azure Firewall compatibility with Application Gateway

      I have an architecture with multiple subscriptions, virtual networks and connectivity to on-premises. In the hub subscription we use(d) Azure Firewall to filter network traffic between networks.

      It appears that Azure Firewall cannot be used in conjunction with Application Gateway, as (apparently?) the health probe traffic is not routed correctly and backend status is deemed as "unknown" even though everything is healthy. Microsoft Support confirmed that this is currently unsupported.

      This prevents us from using ready made PaaS solutions (App GW) in order to publish services running in Azure. At the same time, we consider network security a critical matter…

      25 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    7. Logs to Appear in Log Analytics Near Real Time

      I have setup Azure Firewall wit Log Analytics. What would be useful is if the logs could get shipped near real time to Log Analytics. Experiencing about a 10 min delay.

      24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    8. Support for network rules with dns name or application rules with packets other than http/https.

      Support for network rules with dns name or application rules with packets other than http/https.

      For example if my service require access to SFTP or SMTP outside my organization I would like to open a rule with its domain address name and port (TCP_22 or TCP_25 respectively).

      9 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    9. Integrate Azure Firewall with Just in Time VM Access

      I'd like to get rid of my NSGs but need to keep them around for Just in Time VM Access. It would be nice if that feature integrated with Azure Firewall instead of just the Network Security Groups.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    10. Azure Firewall - managed backup function

      Azure Firewall is a managed service but as of now is missing some critical operational functions like backup/restore and audit trail. Please enhance the service to automatically backup configuration (i.e. rules) and allow for restore into existing or a new instance of the Firewall. Also, enable some reporting capability that will show a history of configuration/rule modifications (add/delete/update)

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    11. Add Service Tag (Internet) to Azure Firewall Network Rule

      Hello Team,

      It would be nice to add some service tags like Internet in the network rule section when we have to configure an outbound rule to allow VMs to browse the Internet. The current option only allows for IPs, which makes it a bit difficult if one wants the VM to browse the Internet.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    12. Why does it take 5 minutes+ to save changes to Azure Firewall?

      Is it possible to make it quicker to save changes to Azure Firewall? A simple rule change takes upwards of 5 minutes to complete.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    13. Rules disappear

      I've had several instances where rules are saved but then disappear. This occurs in both Edge and Chrome.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    14. Azure Firewall geo based rules

      Support for geo based Rules in azure firewall.
      IE Any traffic from Country A will be blocked

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    15. Azure Firewall showing up as "Other classic resources > Deployments"

      In Cost Management + Billing, Azure firewall cost shows up under the category "Other Classic Resources > Deployments. This can be misleading. I understand that Firewall billing is billed in two ways, But it should be better designated, so resources billing can be traced.

      Thanks

      Ref: Service request: 118111921002018

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    16. Feeback regarding Firewall Deployment on Azure

      The following feedback has been posted by one of your customers regarding Deployments of Firewalls on Azure:
      "I did not recieve a cost per day when deploying, and no indication for the monthly cost via the analysis. So i was supprised that the cost in a matter of a few days exceeded 100. It was good that I triggered a cost alert. The dashboard should provide cost of FW up front, and a way to down the FW when the rest of the machines are turned off. I would like to run the VMs only when needed, so I would…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    17. Create default IP Rule for IP restrictions

      When creating first IP restrictions rule in a Web Application the default rule Deny all is implemented.
      This default rule is not visible and should automatically be generated on creation of first visible rule to then be configurable with Priority numeric.
      Otherwise many users of Azure Web apps will create a rule and no realise the whole site is blocked due to this default rule being applied.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    18. Please create a blog post discussing when FTP - Active client connections were blocked from Azure

      We had a case opened to learn that FTP - Active mode was blocked form Azure. This was documented internally at Microsoft but nothing we could find on the web or Azure documentation. Many companies still use Active FTP (not saying that is a best practice) and for these companies it would be helpful to call this issue out as a known fact for migrating to Azure (if code changes are required)

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    19. WAF fails to establish success health using the web service SAP cloud connector with custom TLS1.2 and struggled to find the issue from WAF.

      WAF fails to establish success health using the web service SAP cloud connector with custom TLS1.2 and struggled to find the issue from WAF stand point. Means, We modified multiple TLS1.2 algorithm and tested to fix the issue. Why the custom/selected TLS1.2 algo is not working? Can you build the "front end troubleshooting page or packet capture page" to select correct TLS1.2 or elect the correct TLS1.2 automatically?

      Moreover, Could you modify the name from "Listener" to "Backend Listener"? Boz, This name is really confusing with frontend certificate and backend TLS parameters.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    20. Azure Firewall - Allow rules for any port on FQDNs

      Currently there is no option to allow connections to FQDNs through the Azure firewall unless the connection is on port 80 or 443.
      This means that we can't secure connections from IaaS VMs to services such as Service Bus which requires ports 9350-9354.
      Currently the only other alternative is a 3rd party NVA.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: oidc
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    ← Previous 1
    • Don't see your idea?

    Feedback and Knowledge Base