Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow traffic across a VPN for management and utilization of the Azure DB SaaS (SQL) solution.

      I found many who would like this functionality, to be able to manage the SQL SaaS in Azure through a VPN connected VNet and associated service endpoint on the VNet. Allow what is being described as not available currently below, via a support ticket submitted to Microsoft:

      With Azure SQL Database being a public endpoint and not existing within a Subnet the overall NAT’ing process of traffic from the Azure SQL DB back to the on prem clients is not possible across a VPN. The only method is what was described which is to use some form of jumpbox inside…

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Support Point-to-Site auto-reconnect and DDNS on VPN clients

      We would appreciate support for auto-reconnect and DDNS. Ref:

      https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-
      about#does-point-to-site-support-auto-reconnect-and-ddns-on-the-vpn-clients

      1. Our Windows 10 ent. clients are not able to update DNS records via P2S VPN to our domain in Azure.

      2. P2S VPN is not auto-reconnecting if connection drops. We are looking for a forced / always-on VPN. If connection drops, or user manually disconnect, we want the P2S to automatically re-connect.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Need to obtain VPN server name (FQDN) using Powershell for P2S VPN.

      As we know we it doesn’t support obtain VPN server name (FQDN) for P2S via powershell. We must utilize the download package as stated in documentation.

      Could we obtain VPN server name (FQDN) using Powershell for P2S VPN in the future?

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. vpn point to site static

      Requesting the ability to set a static IP for a point-to-site vpn client. Currently the addressing is auto/random from a vpn pool. Would like the ability to strap that. Specifically for the OpenVPN peering - but all of the point to site peering options can benefit from this.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Allow advertisement of regional / datacentre routes from VPN Gateway

      Microsoft Peering can be employed with ExpressRoute, but there seems to be no such feature in VPN Gateway. If you could add a tick box for the peer to send out the region's ranges to which the VPN Gateway were provisioned, that would be great.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    6. Improve Point-to-Site VPN to support Windows 10 (2015 LSTB)

      We can't configure Point-to-Site VPN from Windows 10 (2015 LSTB) endpoint even when we apply the latest hotfix to the Windows 10 (2015 LSTB) endpoint.
      The error is 812 (The connection was prevented because of a policy configured on your RAS/VPN server).

      It would be great if we could configure Point-to-Site VPN from Windows 10 (2015 LSTB) endpoint.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Add activity logs events for failover and update of a virtual network gateway

      Currently, a VNG can be updated and fail-over (or, in our case, just plain fail) without any information for the end user. Updates and failover events should appear in the activity log so the end user has a chance of determining why users are disconnected or why the VPN is not working.

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. Microsoft.Network/virtualNetworkGateways provision so longgggggggggggggggggggggggggg

      Hi currently in our project we heavily using Azure Resource

      And with current implement we using ARM template and powershell to provisioning all kind of resource. So I notice that with normal resource it only take around few second to 2 or 3 minute to finish except

      Microsoft.Network/virtualNetworkGateways
      It sometime take up to 1 hour to provision and it is like a pain in my *** that I really don't know why. Can someone so me a way to reduce provision time for Microsoft.Network/virtualNetworkGateways or explain for me in detail way why it take so much time to provision?

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. We need a way to Monitor the S2S VPN Policy Based Its Health & If Connection Breaks we should get notify I checked Network Watcher but

      We need a way to Monitor the S2S VPN Policy Based Its Health & If Connection Breaks we should get notify I checked Network Watcher but its not Supported for Policy Based VPN.

      From SCOM also there is no information how to Monitor Azure S2S VPN

      Can some suggest

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Document for active-active S2S VPN with Forced Tunneling

      We would like you to add documentation for forced tunneling with Act-Act S2S VPN connection.
      Azure can create above structure with BGP default route advertisement from on-premises, however there is no documentation about this.
      We confirmed there are below documentation for Act-Act S2S VPN and for configuration of forced tunneling with VPN connection.

      Configure forced tunneling using the Azure Resource Manager deployment model
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm#configure-forced-tunneling>

      Configure active-active S2S VPN connections with Azure VPN Gateways
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell>

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Enable Auto-Reconnect for Point to Site Azure VPN connections

      I have not seen this exact suggestion prior so am adding what would be helpful for our users. Currently, when they connect remotely to a Shared Drive hosted on an Azure VM if the Network Gateway RAM hits peak utilization, or if the local users internet becomes interment they are kicked off the VPN connection and required to go back and connect all over again.

      This is a horrible customer experience.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    12. Increase the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      I am dealing with a very complex client network environment, which is managed by their vendor.

      The current route advertisement limit is severely impacting the works that we need to perform through to, and within the client's network.

      I would like to request, and strongly suggest for an increase in the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      Please also refer to the case reference number 119051322001294.

      Thank you.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    13. Fix the traffic selector of Basic VPN Gateway

      On the Azure side, on a Basic VPN S2S VPN Gateway, the VPN gateway is always configuring a traffic selector of 0.0.0.0/0 not taking into consideration the configured on premises address ranges. This is by design and makes the basic gateway a non usable product.
      If you want split tunneling you are forced to an advanced gateway, with Policy Based Traffic Selectors, even if you only are establishing one single tunnel.
      More info on case 119020925000183

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Point-to-site configuration for VNet gateway should provide some common addresses

      When setting up Virtual Network gateway with App Service which will connect to a VM (common use case) please provide options for address space that user can select for Point-to-Site Configuration. Currently, this is blank and would really help if you don't know the hard-coded ip address blocks that are required to make this work.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. BGP Peering IP modification on different subnet

      Hey,
      For business purpose, we wanna offer an idea of selecting peering IP from non-GW subnet while using Azure VPN BGP. this IP was currnetly allocated from ge subnet. but we wanna change to specific IP . let's say our address space range is 10.0.0.0/16, but our GW subnet is 10.0.0.0/24, Peering IP is 10.0.0.254. but one of subnet is 10.13.100.70/28, we wanna change peering IP to 10.13.100.70. but this is impossible, could we make some changes in further?

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    16. Notification of the change of VPN Gateway FQDN

      I've found change of VPN Gateway FQDN from "cloudapp.net" to "vpn.azure.com" without notification.
      And this caused that P2S connection was denied on our proxy server because the server had allowed only old FQDN "cloudapp.net".
      It takes time to add new FQDN to proxy server,
      so I want you to notify us before the change like this.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. Enable support for RADIUS authentication when VpnClientProtocol set to OpenVPN

      It appears that the recent public preview of OpenVPN protocol for P2S only supports Certificate Authentication. We would like to continue to use RADIUS authentication for our P2S clients.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Documentation out of date

      Can I request a Static Public IP address for my VPN gateway?
      No. Only Dynamic IP address assignment is supported.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. No comprehensive description of the limitations of basic gateway

      Why is there no documentation that comprehensively describes the differences between the different gateways? I set up a basic gateway thinking it would be sufficient for our immediate needs according to (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways) and the other offerings *start* at 5x the price of basic. But then I see in a different document that IKEv2 is not supported with the basic gateway. Is it supported or isn't it? What else can the Basic gateway not do?
      This is needlessly frustrating and making it that much more difficult to deploy our infrastructure because we have to backtrack plans due to poor…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base