Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Need to modify the GET behavior on an Azure front door

      The null being returned in the GET for frontdoor is currently a limitation.

      Could we add the mintlsversion property to GET payload for resource type Microsoft.Network/frontdoors?

      20 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    2. Set headers detailing TLS handshake

      Additional x-azure-{x} headers which provide details about the TLS handshake between the client and front door, such as the selected cipher, TLS version and key length. This will help provide operational insight about the client base.

      19 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    3. Http/3 support for AFD

      Support Http/3 over the QUIC transport protocol.

      18 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    4. Add a URL Shortener / Short URL service to Front Door

      I have a map of rules that require redirects (301) and more flexible links for future maintenance -- similar to aka.ms or https://redirectiontool.trafficmanager.net tool that Microsoft uses internally.

      It'd be useful to have a service in Azure that provides these redirects backed by the CDN network (just how Azure Front Door works).

      I have thousands of these rules -- the costing per Routing rule would be too expensive to justify. Costing wise, perhaps redirects with no rewrites could be excluded from Routing Rules costs (or at least significantly cheaper)?

      18 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    5. Azure Front Door needs to do name checking on custom Azure web app SSL certificates

      If you have an Azure web app with a custom domain certificate, that has been working fine for a long time, then you move that wep app behind an Azure Front Door front end, the SSL certificate presently bound to the web app breaks Front Door. Front Door "add a front end" should check that the name used by the HTTPS probe to determine back end health matches the name on the custom domain certificate at that moment.

      17 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    6. Tag Front Door

      Allow tagging an existing Front Door. Currently is possible to tag a front door only during creation.

      16 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. Guaranteed time to roll out a custom SSL certificate when creating/updating FrontDoor endpoints

      When creating or updating a FrontDoor endpoint with a new URL it would be useful to have a expected time when all locations globally will serve with the correct certificate. I have been advised by Azure Support now that a normal turnaround time for our scenario (certificate provided by us, stored in Keyvault) should be 6-8 hours, but have just had an instance where it has taken over 24.

      Given we will be regularly adding new URLs and will need to advise clients when they should be able to correctly access the addresses a) it would be useful to be…

      15 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    8. Allow Front Door Services to be moved between subscriptions

      Allow Front Doors to be moved between subscriptions.

      15 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    9. Log failed requests due to TLS / Cipher Mismatch

      It's difficult to troubleshoot requests that are rejected due to TLS version or cipher suite support mismatch. Can those events be logged (as desired) to help rule out other networking related issues?

      15 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    10. Ability to skip specific rules in Font Door WAF without skipping all rules

      There are a number of managed rules that trigger false-positives in Front Door's Web Application Firewall. For example, Google will attach a "gclid" URL parameter onto links for tracking, however, due to the randomness of this value, it can trigger the SQLI 942450 rule.

      The only options to prevent this from affecting customer are either:

      a) Remove the rule altogether, thereby reducing overall security across your backend hosts.

      or, b) Add in a custom rule to skip ALL rules when the "gclid" parameter is set (ie. Allow traffic). This is perhaps even worse than option (b), since you've effectively removed…

      13 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    11. Redirect user if Front Door backend timeout occurs

      Rather than returning a 500 "Our services are unavailable" default page, it would be great to be able to set a URL that the user could be redirected to so we can present them with a nicer looking page. Ideally include the tracking ID as a header in that redirect so we can capture and present it nicely in the destination page.

      13 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    12. Add additional options to verify Domains besides TXT Records in AFD Standard/Premium

      Having to use dynamically created TXT Record values makes it hard to automate. It would be great if we could verify domains in the new AFD in the same way as we used to do it in the old AFD with using the afdverify.my.domain pointing to afdverify.myafd.azurefd.net

      12 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    13. Support Condition element in Front Door ARM Templates

      The condition element allows more general purpose templates to be authored, for example a single template that supports parameterising whether a custom front end is created. Currently when trying to use the Condition element on the Front End Endpoint as per the ARM snippet below the following error is received

      Template deployment returned the following errors:
      12:40:27 - 12:40:26 PM - Resource Microsoft.Network/frontdoors 'fd-uks-########-01' failed with message '{
      12:40:27 - "error": {
      12:40:27 - "code": "InvalidResource",
      12:40:27 - "message": "The property 'condition' does not exist on type 'Microsoft.Azure.FrontDoor.Models.DeepCreatedResource_1OfFrontdoorFrontendEndpoint'. Make sure to only use property names that are defined by the…

      12 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    14. Provide an identifiable user agent for Front Door health probe requests

      HTTP requests sent by Azure FD for health probes should provide an identifiable User Agent, enabling application insights to filter these as synthetic traffic.

      Given the volume of requests this is going to be a problem for every Front Door user who uses AI telemetry

      12 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    15. Make backend host header field behave consistently with portal

      Currently the behavior of a backend's "Backend Host Header" field behaves differently when you use the azure portal compared to when you use automation like ARM or Terraform.

      The documentation here states: https://docs.microsoft.com/en-us/azure/frontdoor/front-door-backend-pool#feedback

      For example, a request made for www.contoso.com will have the host header www.contoso.com. If you use Azure portal to configure your backend, the default value for this field is the host name of the backend. If your backend is contoso-westus.azurewebsites.net, in the Azure portal, the autopopulated value for the backend host header will be contoso-westus.azurewebsites.net. However, if you use Azure Resource Manager templates or another method…

      9 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    16. Add support to exclude POST request multipart/form-data fields in Azure Front Door WAF exclusion lists

      Binary data being sent in a multipart/form-data POST request is getting flagged by WAF rules. It shows up in WAF logs as being flagged under "matchVariableName": "InitialBodyContents". This is an issue because it cannot be excluded from evaluation as a false positive without completely disabling the triggering rule or creating a custom rule for the request which will exempt it from any further WAF scanning at all.

      Azure Front Door WAF exclusion lists currently only support the following types of exclusions:
      CookieValue:SOMENAME
      HeaderValue:SOME
      NAME
      PostParamValue:SOMENAME
      QueryParamValue:SOME
      NAME

      Please support the ability to exclude POST request multipart/form-data fields from…

      9 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    17. Configurable Timeout when route caching is enabled

      Front Door currently has a sendRecvTimeoutSeconds to configure the timeout for backend requests. However as spoken to a Microsoft technician (after raising an Azure ticket), this setting does not apparently apply to when the Front Door routing has caching enabled. If so it defaults to 30 seconds.

      This behaviour is very misleading and should be documented on this page https://docs.microsoft.com/en-us/azure/frontdoor/front-door-troubleshoot-routing#503-response-from-front-door-after-a-few-seconds .

      Furthermore, it is a huge downside to using Front Door if caching routes timeout within 30 seconds and this is not configurable.

      The Microsoft technician mentioned this issue is being addressed, however can we expect this to be available?

      9 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    18. Allow HTTP/2 to be disabled in favour of HTTP/1.1

      We would like to deploy FD but are unable to because of support for some legacy applications that are already deployed in the field.

      For reasons when they are allowed to communicate via HTTP/2 the change of case of header keys through the Front Door causes those legacy applications to misbehave. We would like to downgrade FD to use HTTP/1.1 and hence preserve the case of the header keys.

      It is not possible to reach out to the deployed desktop clients and get them to explicitly request HTTP/1.1

      9 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    19. Allow Azure Front Door API call result show updating state

      Hello team,

      Recently we found that if we use API call to put backend hosts in AFD, we cannot get the state that whether the operation was in updating state or succeed. Even though we run the get command, the AFD resource still updating, thus we cannot proceed other operation.

      Could you please kindly add result in PS/CLI/API command to show whether the resource was in updating state? Thank you!

      8 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    20. Provide ability to enforce baseline rules across Azure tenant for Azure Front Door WAF

      Providing the ability to define a baseline set of rules for Azure Front Door WAF will help enterprise security teams keep a consistent security posture for endpoints no matter who owns the deployment of the Azure Front Door instance. Ideally this could be configured to enforce this baseline across all Azure Front Door instances within an Azure tenant.

      7 votes
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    • Don't see your idea?

    Feedback and Knowledge Base