Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
vpn gateway slow to create
Why does it take upwards of 30 minutes to create a vnet gateway?
If I am doing a PowerShell script or a CI/CD deployment, the whole world stops while the VPN takes 30-odd minutes to be initialised and start. Can this please be addressed?260 votes -
Gateway upgrade notification
As per my understanding Azure does notify the customer on few of the events like a storage maintenance or a VM maintenance, etc but the gateway is not in the list as of now.
It would have been nice if Azure notified the stakeholders before such a gateway upgrade was due to occur in advance. Alternatively if that wasn’t possible, then at the very least the stakeholders should be notified that their Site2Site VPN tunnel is down post upgrade.
109 votesThank you for your feedback. Alerting for gateway connectivity is a common ask, so it is on our roadmap.
As of now, you can check connection status of your tunnel via the PowerShell cmdlet Get-AzureRmVirtualNetworkGatewayConnection.Thanks,
Bridget [MSFT] -
Improve VPN gateways performances and limits
Using VPN to connect sites to Azure is great. But we are rapidly hitting the gateways limits:
- One gateway per VNet
- A max of 30 Tunnels per gateway (10 and 20 for standard)
- A max of 200 Mb/s per gateway (shared by all VPNs)Today, not all regions and customers can afford 'ExpressRoute' to get more bandwidth and scalability. So why this 'very limited' options.
86 votesHi,
Thanks for the feedback. We do plan to improve the performance and scale of Azure VPN gateways. We will provide more updates once we have concrete plans and measurements.
Thanks,
Yushun [MSFT] -
Authentication to VPN Gateway using Azure AD
Add option to authenticate to VPN Gateway using existing Azure AD accounts. For security reason there should be option to add a group of users allowed to use VPN.
This should help to use Azure VPN Gateway by customers which not use local AD DS servers
78 votes -
Set up a VPN device script Link as present in the Classic Portal
I was setting up the Site to Site in New portal and found the link to download the VPN script wasn't present as in Classic portal. It would be good we have that link in new portal so that we can share that Network admins to setup site-site Connection with on-premise and Azure Vnet
29 votes -
19 votes
Thank you for your suggestion, we included this in our roadmap.
-
provide diagnostic ability in Azure Resource Manager VPN tunnels
The PowerShell command that is used in the classic "ASM" VPN troubleshooting is not compatible with the new Azure Resource Manager VPN tunnels. This makes it very difficult to troubleshoot VPN problems.
The newest Azure PowerShell doesn't provide any start-azureRMvirtualnetworkgatewaydiagnostics like the old azure services manager did.
13 votesThis item is under planning. We will update the status once we finalize the plan.
Thanks,
Yushun [MSFT] -
provide troubleshooting features to VPN gateways
Until Microsoft improves the Azure VPN technology, it would be good and sometimes necessary to provide some VPN troubleshooting tools on the Azure side. The local side logs sometimes are not enough and it gets very difficult to understand the reason of tunnel outages. This feature will also be definitely useful once the Azure VPN technology will be completely stable and reliable, in order to analyse traffic and build monitoring based on it.
11 votesThank you for your feedback. You provide a very good point; and this is in planning. We apologize for not having an ETA for you. We will get back to you with more details when we are closer to shipping.
Thanks,
Bridget [MSFT] -
Allow special chartacters in the pre-shared key for IPSec VPN tunnels
Allow special chartacters in the pre-shared key for IPSec VPN tunnels
10 votesThanks for the suggestion. We are planning to relax this constraint. The timeframe is not yet set though.
Thanks,
Yushun [MSFT] -
Please provide metric for Point-to-Site VPN traffic
We can't meter Point-to-Site VPN usage now.
Please provide metric for Point-to-Site VPN traffic like Site-to-Site tunnnel metric.3 votes -
The amount of hassle involved with getting some IKE logs for a VPN that will not connect is unacceptable. 15 Azure PoSH commands is insane.
Have a working troubleshooter in the web UI
1 voteThanks for the feedback. We plan to leverage Azure Monitor Diagnostics logs to allow customers to get IKE logs. Will update once the feature is in progress.
Thanks,
Yushun [MSFT]
- Don't see your idea?