Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. We need a way to Monitor the S2S VPN Policy Based Its Health & If Connection Breaks we should get notify I checked Network Watcher but

      We need a way to Monitor the S2S VPN Policy Based Its Health & If Connection Breaks we should get notify I checked Network Watcher but its not Supported for Policy Based VPN.

      From SCOM also there is no information how to Monitor Azure S2S VPN

      Can some suggest

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    2. Document for active-active S2S VPN with Forced Tunneling

      We would like you to add documentation for forced tunneling with Act-Act S2S VPN connection.
      Azure can create above structure with BGP default route advertisement from on-premises, however there is no documentation about this.
      We confirmed there are below documentation for Act-Act S2S VPN and for configuration of forced tunneling with VPN connection.

      Configure forced tunneling using the Azure Resource Manager deployment model
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm#configure-forced-tunneling>

      Configure active-active S2S VPN connections with Azure VPN Gateways
      <https://docs.microsoft.com/ja-jp/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell>

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    3. Increase the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      I am dealing with a very complex client network environment, which is managed by their vendor.

      The current route advertisement limit is severely impacting the works that we need to perform through to, and within the client's network.

      I would like to request, and strongly suggest for an increase in the hard limit of allowed advertised routes for IPSec tunnels over BGP.

      Please also refer to the case reference number 119051322001294.

      Thank you.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    4. Fix the traffic selector of Basic VPN Gateway

      On the Azure side, on a Basic VPN S2S VPN Gateway, the VPN gateway is always configuring a traffic selector of 0.0.0.0/0 not taking into consideration the configured on premises address ranges. This is by design and makes the basic gateway a non usable product.
      If you want split tunneling you are forced to an advanced gateway, with Policy Based Traffic Selectors, even if you only are establishing one single tunnel.
      More info on case 119020925000183

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    5. Point-to-site configuration for VNet gateway should provide some common addresses

      When setting up Virtual Network gateway with App Service which will connect to a VM (common use case) please provide options for address space that user can select for Point-to-Site Configuration. Currently, this is blank and would really help if you don't know the hard-coded ip address blocks that are required to make this work.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    6. BGP Peering IP modification on different subnet

      Hey,
      For business purpose, we wanna offer an idea of selecting peering IP from non-GW subnet while using Azure VPN BGP. this IP was currnetly allocated from ge subnet. but we wanna change to specific IP . let's say our address space range is 10.0.0.0/16, but our GW subnet is 10.0.0.0/24, Peering IP is 10.0.0.254. but one of subnet is 10.13.100.70/28, we wanna change peering IP to 10.13.100.70. but this is impossible, could we make some changes in further?

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    7. Notification of the change of VPN Gateway FQDN

      I've found change of VPN Gateway FQDN from "cloudapp.net" to "vpn.azure.com" without notification.
      And this caused that P2S connection was denied on our proxy server because the server had allowed only old FQDN "cloudapp.net".
      It takes time to add new FQDN to proxy server,
      so I want you to notify us before the change like this.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    8. Enable support for RADIUS authentication when VpnClientProtocol set to OpenVPN

      It appears that the recent public preview of OpenVPN protocol for P2S only supports Certificate Authentication. We would like to continue to use RADIUS authentication for our P2S clients.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    9. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    10. No comprehensive description of the limitations of basic gateway

      Why is there no documentation that comprehensively describes the differences between the different gateways? I set up a basic gateway thinking it would be sufficient for our immediate needs according to (https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways) and the other offerings *start* at 5x the price of basic. But then I see in a different document that IKEv2 is not supported with the basic gateway. Is it supported or isn't it? What else can the Basic gateway not do?
      This is needlessly frustrating and making it that much more difficult to deploy our infrastructure because we have to backtrack plans due to poor…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    11. Provide certificate-based authentication for S2S VPN

      Can you describe the technical reason why you decide not to offer this option when creating a s2s vpn and you offer only the phase1 pre-shared key method? The communications in Madrid HC Region are administered by Cesus and they follow directives from the Security Group of Madrid Digital (former ICM). In their form to require a s2s vpn only cert based is accepted for ipsec tunnels and without a clear technical reason it is almost impossible to negotiate an exception to shift to pre-shared key based phase 1 vpn

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thank you for the suggestion. The key reasons for not offering cert-based IKE authentication is due to the additional compliance requirements and validations related to handling certificates. As a result, this is currently not on the roadmap.

      If certificate-based authentication is a requirement, currently customers will need to leverage a VPN appliances available from Azure Marketplace.

      Thanks,
      Yushun [MSFT]

    12. When creating a VPN Gateway Connection, create an error when the password doesn't meet the password requirements.

      When you create a new VPN gateway connection, if you enter a password that doesn't meet the password restrictions (no special character), you can still create the connection and not know that there is an issue.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    13. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    14. Site to site VPN passwords are not able to hide. Its showing in pleain text. Please help us ASAP.

      Site to site VPN passwords are not able to hide. Its showing in pleain text. Please help us ASAP.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    15. Classic to ARM VNet Migration - Recreate Site-to-Site connections

      I have recently migrated a classic virtual network with a Site-to-Site VPN connection to an ARM VNet using platform-supported migration.

      When the connection between the 2 networks was recreated under the ARM platform it defaulted to a VNet-to-VNet connection which meant a loss of connectivity between the 2 networks. I had to add create another LNG and recreate the connection as a Site-to-Site.

      Now I understand the benefits of VNet-to-VNet connections but I would like the platform-supported migration to respect the existing connection type and recreate this correctly.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    16. No pricing plan for Legacy SKU on Virtual Network Gateway

      The pricing page just gives the pricing for the Basic from the Legacy SKU:
      https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/

      There is no pricing for Standard or High Performance.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    17. pls put the two powershell scripts together

      today I made the mistake to execute the one, then missed the point for the client certificate creation and finally the VPN client did not find it.
      The evening I read the article again... the text descriptoin obfuscates this a bit, it only says "same powershell sessoin" or something, but just throwing both of them in powershell IE and execute them together got me to the goal.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    18. 1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    19. BGP password

      We would like to be able to set a BGP password for peering between VNG and on-prem.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    20. there should be S2S tunnel continuous monitoring feature.

      there should be S2S tunnel continuous monitoring feature. As we have established more than 5 tunnel but there is no automation available currently, we have to rely on manual network watcher.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Don't see your idea?

    Feedback and Knowledge Base