Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow NSG for VPN Gateway Subnet

      We want to connect several devices with our Azure VNET via the VPN Gateway. Therefore the VPN Gateway is configured for P2S connections.

      We want to restrict the devices so that they can only communicate with certain other devices.

      To implement this functionality we need to assign the VPN Gateway subnet a NSG. Furthermore this NSG should be dynamic, because the IPs provided by the VPN Gateway to its clients clould not be predetermined.

      Currently NSGs are not supported for VPN Gateway subnets as well as there is no way to control IP allocation for connecting devices.

      75 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  2 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    2. storage account firewall - Add inbound service tags for storage account.

      At the moment, storage account firewall can only be configured to "Allow Trusted MS Services" and the whitelisting of IPs/IP ranges.

      Our Power BI service needs to be able to access our storage account with storage account firewall enabled.

      Currently we have to manually whitelist data center IP ranges in order for this to work.

      Please add the ability to add inbound service tags for storage account firewall like you can with NSGs and add Power BI and other MS services to the "Allow Trusted MS Services".

      Thank you.

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    3. Add support for Azure Network Security Group Inbound rules to the Azure Application Gateway

      • In Azure, we CANNOT apply inbound NSG rule with destination public IP of APPGW to allow/block traffic to this APPGW. We known This is by design:
      Network security groups are processed after Azure translates a public IP address to a private IP address for inbound traffic, and before Azure translates a private IP address to a public IP address for outbound traffic.
      • Even for VM level public IP, we cannot allow/block traffic via inbound subnet level NSG with that destination public IP
      • The workaround I can think of is to deploy each gateway to dedicated subnet then…

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow the Front Door WAF to block/allow by the Socket IP, and not just the Client IP

      Currently, the option to block by IP on the Azure Front Door WAF only allows you to block by the RemoteAddr IP, which is the Client IP. We use a reverse proxy so need the ability to block by what is called the SocketIP in the Azure WAF Logs.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    5. ASG across vNets

      ASG are absolutely wonderful stuff.Would be good to have added features of ASG across subscriptions/Vnets and any possibility of specifying Hostnames

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    6. Add other network security group as source while creating rule for nsg

      Like in aws we have feature while creating security group you can give other security group as a source so that it will allow traffic from source security group.
      I am looking for same feature in azure...in Azure we have 3 option for only for source ..1st one is IP or CIDR based..2nd is based on azure service tag..3rd is application security group.

      Let’s take an example if I created one security group A and after that doing creation for security group B so I need option to select security group A as a source so that my all traffic…

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    7. Could we add service tag about specific country like Singapore for Network Security Group?

      Could we add service tag about specific country like Singapore for Network Security Group?

      We have some service tag for NSG like internet/ Virtual network.
      Since we have some feedback that customer need allow/block traffic from specific country for security reason.

      Please advise.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    8. Can we add GEO service tag in NSG?

      Some customer need this feature since they wanted to quickly whitelist/blacklist request from given geographic region. Please consider to add this feature in future.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    9. 2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    10. Allow Custom Network Security Group rules based on custom tags

      One of the biggest issue I have with Azure’s interpretation of Security Groups is the inability to apply custom tags to the ruleset. I should be able to filter traffic based on tags I generated for my resources. A good example would be creating a tag on an Azure IaaS VM called “app-x-webserver” and then tagging my Azure SQL Db with “app-x-sqldb”.

      While I know that you can use an Application Security Group for the IaaS part, it’s not supported on PaaS. It also is limited to a specific vNET inside of a single Region. This severely limits the usefulness…

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    11. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow Application Security Groups to Include load balanced IP

      Very often Application Servers are Load Balanced and there is currently no way to put the virtual IP address into the application security group.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    13. Harmonize the offer types

      It would be nice to have a way to describe the reason for a given NSG rule.
      https://www.ckitchen.com/
      This would greatly simplify, for instance, bookkeeping for PCI DSS 3.1 item 1.1.6 which demands a business notification for each NSG rule.

      Name field allows 80 chars but type description there is just not the right thing. Specially when you need to refer to a given rule while using CLI tools. Huge plus if it appears as a column while listing rules.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base