Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Get Point-to-Site VPN status by Azure CLI

      I want to get health status of Point-to-Site VPN by Azure CLI.
      I can get this status by Azure portal, but Azure CLI can not.

      If I use Azure CLI command without debug, this status can not get.
      But if I use Auzre CLI with debug option, I can get this status.

      This coomand can get P2S status.
      ex) az network vnet-gateway show --resource-group RG --name VPNGW --debug

      I hope improving this issue.

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    2. Even smaller "Dev" size of Virtual Network Gateway

      While the ability to set up a site-to-site tunnel between my local network and an Azure virtual network is a very great convenience, it's also quite the expensive convenience for the single-developer business. (If you have a VS Professional subscription, for example, you'll burn almost all of your included Azure credit on this alone.) This may be partly solved, at the cost of some overhead, by this request:

      https://feedback.azure.com/forums/217313-networking/suggestions/6169157-stop-start-virtual-network-gateway-to-don-t-pay

      ...but my first observation is that even the "Basic" size of VPN gateway is far more, at 100 Mbps and 10 S2S tunnels, than I actually require.

      How about a cut-down…

      5 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    3. Fix Virtual Network Gateway IKEv2 Security Logging

      Ok, so logging access to enterprise networks is a basic security control which we shouldn't be asking for in year 2018.

      If we deploy P2S/Virtual Network Gateway w/IKEv2/certificate authentication in its current state, we open our networks to the internet and have no idea who logs into it and from where. There are basically NO events logged for an authenticated user. In addition, the "Connection Count" doesn't increment. So If I have 100 users connect via IKEv2, Connection Count still shows 0.

      THIS IS A SIGNIFICANT SECURITY HOLE.

      Microsoft - this product shouldn't have been released, not in its current…

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    4. Allow Service Endpoints on GatewaySubnets for P2S VPN Clients

      You should allow P2S clients to leverage the VPN gateway to connect directly to Azure SQL and other service endpoints through the backbone. This avoids having to maintain and update database firewall rules as users move to different locations. In fact, I deployed a VPN gateway into a testing subscription and was able to get this to work. I worked with support and was advised this was a deployment fluke. In my testing, it worked consistently and I had no issues. It used the service endpoints to connect, though I did have to modify the vpn client and add a…

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    5. Manually Assign GatewaySubnet and better field validation

      I want to be able to assign my GatewaySubnet, not have the system pick the next available subnet and crash everytime I try to change it!

      The only way I could get it to use the Subnet I wanted as the gateway was to create 63 other subnets so there was only one that was not in use.

      It also failed to create any virtual network with an Ampersand "&" in the Network name, even though it came up with a green tick next to the name when I tried to create it.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    6. The bgp peer ip configured on the local gateway is advertised back to the site router via the tunnel

      Azure BGP implementation advertises a route to on-premises BGP peer IP back to the on-premises network via Azure! This should have been filtered on Azure side.

      B 10.255.254.6/32 [20/0] via 10.16.1.4, 00:03:47
      via 10.16.1.5, 00:03:47

      10.255.254.6/32 is the loopback IP address on my VPN device.
      10.16.1.4 and 10.16.1.5 are the BGP IP addresses on Azure VNET.

      Ref. case: 119060721002544

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    7. VPN Gateway Fail Over

      Requesting a DR feature for VPN Gateways to provide better recovery from datacenter disasters.

      We plan to have dozens of VPN Gateways to a specific data center. In a disaster scenario we need a way for these gateways to fail over to a backup region where our VMs will fail to.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    8. Point to Site VPN Logs/History

      It would be helpful to be able to see a history of point-to-site VPN connections and associated dates and times. This would be helpful in troubleshooting connectivity issues for our remote users.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    9. Validate YAMAHA RTX830 and RTX1210 for Azure VPN Gateway

      YAMAHA RTX router series ( https://network.yamaha.com/products/routers )
      are not validated as VPN devices:
      https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-about-vpn-devices

      Nevertheless I or some Japanese are struggling to connect Azure VPN Gateway with YAMAHA RTX routers.
      we are able to have connection but there are some troubles reported on blogs.
      We need to verification.

      At kakaku.com(the most popular Bestbuy ranking site in Japan),
      YAMAHA RTX830 and RTX1210 are the top 2 selling products nowadays.
      Previous models are also popular for a couple of decades in Japan.
      I think the verification will have huge impact in Japan to support VPN Gateway at SOHO environments.

      4 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Folks,

      Thanks for reaching out to us regarding the VPN device issues. In general, our team needs to work with the VPN device vendor, in this case, Yamaha, to validate their VPN devices connecting to Azure VPN gateways.

      To get things started, we will need someone from Yamaha to contact us, either via Microsoft Japan if that’s easier, or open an issue on the page directly. Once we establish the contact, we can proceed to work with Yamaha to validate their VPN devices.

      Thanks,
      Yushun [MSFT]

    10. Cisco Meraki - 15x Code - IKEv2 - Certify Device on Azure List

      With Cisco Meraki's MX code release of 15.x, IKEv2 is now supported - Can we get the Cisco Meraki MX as certified for an Azure VPN Device?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    11. VPN connection monitoring

      Need a solution to monitor the Azure VPN connection status. Currently no option is available in the metric/log analytics to alert the status of VPN connection failure. When will be the feature available in portal to create such monitoring rule in Azure native monitoring?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    12. Please provide metric for Point-to-Site VPN traffic

      We can't meter Point-to-Site VPN usage now.
      Please provide metric for Point-to-Site VPN traffic like Site-to-Site tunnnel metric.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    13. Allow traffic across a VPN for management and utilization of the Azure DB SaaS (SQL) solution.

      I found many who would like this functionality, to be able to manage the SQL SaaS in Azure through a VPN connected VNet and associated service endpoint on the VNet. Allow what is being described as not available currently below, via a support ticket submitted to Microsoft:

      With Azure SQL Database being a public endpoint and not existing within a Subnet the overall NAT’ing process of traffic from the Azure SQL DB back to the on prem clients is not possible across a VPN. The only method is what was described which is to use some form of jumpbox inside…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    14. Support Point-to-Site auto-reconnect and DDNS on VPN clients

      We would appreciate support for auto-reconnect and DDNS. Ref:

      https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-
      about#does-point-to-site-support-auto-reconnect-and-ddns-on-the-vpn-clients

      1. Our Windows 10 ent. clients are not able to update DNS records via P2S VPN to our domain in Azure.

      2. P2S VPN is not auto-reconnecting if connection drops. We are looking for a forced / always-on VPN. If connection drops, or user manually disconnect, we want the P2S to automatically re-connect.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    15. vpn point to site static

      Requesting the ability to set a static IP for a point-to-site vpn client. Currently the addressing is auto/random from a vpn pool. Would like the ability to strap that. Specifically for the OpenVPN peering - but all of the point to site peering options can benefit from this.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    16. Allow advertisement of regional / datacentre routes from VPN Gateway

      Microsoft Peering can be employed with ExpressRoute, but there seems to be no such feature in VPN Gateway. If you could add a tick box for the peer to send out the region's ranges to which the VPN Gateway were provisioned, that would be great.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    17. Improve Point-to-Site VPN to support Windows 10 (2015 LSTB)

      We can't configure Point-to-Site VPN from Windows 10 (2015 LSTB) endpoint even when we apply the latest hotfix to the Windows 10 (2015 LSTB) endpoint.
      The error is 812 (The connection was prevented because of a policy configured on your RAS/VPN server).

      It would be great if we could configure Point-to-Site VPN from Windows 10 (2015 LSTB) endpoint.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    18. Add activity logs events for failover and update of a virtual network gateway

      Currently, a VNG can be updated and fail-over (or, in our case, just plain fail) without any information for the end user. Updates and failover events should appear in the activity log so the end user has a chance of determining why users are disconnected or why the VPN is not working.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    19. Allow creation of your own Service Tags for use in NSGs

      Effectively allow you to create your own address group objects that can be referenced across all NSG's in any location/VNET.

      This would simplify NSG management considerably, even more than ASGs will (when they support being used across multiple VNETs)

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    20. Microsoft.Network/virtualNetworkGateways provision so longgggggggggggggggggggggggggg

      Hi currently in our project we heavily using Azure Resource

      And with current implement we using ARM template and powershell to provisioning all kind of resource. So I notice that with normal resource it only take around few second to 2 or 3 minute to finish except

      Microsoft.Network/virtualNetworkGateways
      It sometime take up to 1 hour to provision and it is like a pain in my *** that I really don't know why. Can someone so me a way to reduce provision time for Microsoft.Network/virtualNetworkGateways or explain for me in detail way why it take so much time to provision?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Don't see your idea?

    Feedback and Knowledge Base