Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Either add Point-to-Site SSTP VPN clients for Mac/Linux or enable other connectivity options

      With Azure trying to attract more than just Windows devs, we need to be able to VPN using non-Windows platforms for point-to-site connections.

      1,464 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      71 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. allow multi-site VPN's using static gateways

      being restricted to only one VPN when using a static gateway is extremely limiting. This means that once a static VPN has been created between a VNet and a site (i.e. our office) we have no way of connecting the Azure Vnet to another VNet using a different VPN i.e. no multi-site VPN feature if a static gateway has to be used for ANY VPN. This stops any other connectivity into the VNet apart from enpoints and ACL's which is both less secure and messy to manage.

      927 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      53 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Allow S2S VPNs from multiple sites to one Virtual Network

      Allow connection to VPN from multiple sites even from sites which are on Dynamic IP addressed to use azure as central site and others a branch offices

      As well as allow the possibility of windows machines with direct access to connect to azure VPN

      666 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      86 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. VPN Gateway monitoring

      It would be great to have monitoring options in the azure portal which would show the bandwidth usage and throughput charts. It would help in figuring out if the 100mbps limit of the standard gateway sku is being hit at peak loads. If the details can be further provided for each individual site-to-site or point-to-site connection then that would be great thing to have. It would help immensely in finding out which connection is hogging the bandwidth the most.

      434 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      24 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. Site to Site VPN: allow local network range to include Azure VNET range

      I’ve created a virtual network (10.25.0.0/17) that our instances will live in, and created a local network representing CORPNET (10.0.0.0/8). In effect, we’re trying to have the virtual network be a subnet within our larger internal IP block to emulate an internal datacenter. When trying to create the site to site VPN using the local network, I get an error about an address conflict, which seems to be due to the virtual network and local network be overlapping.
      Per MSFT: The local network range cannot include the Azure VNET range. The local network definition(s) are used to establish routes between…

      429 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. OSPF / BGP advertising from Azure to on-premisis network

      In order to ensure full resiliency to the Azure Network, I would like to be able to create two VPNs to two different geographical points on our physical network. Then use BGP to advertise the IP Ranges hosted in Azure, from Azure. This will allow the route to fail over to the second VPN automatically should the first fail for whatever reason

      421 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Auto-connect for point-to-site VPN.

      When the device is restarted, or internet connectivity is regained, the device automatically connects to the VPN again.

      401 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      25 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. VPN parameter

      IPsec Parameters can be configured.
      my host site uses Diffie-Hellman Group group 5 in Phase 1.

      227 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      17 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. VPN failover

      For a VPN site-to-site, configure 2 or more links of Internet. For provide a minimum of High Availability..What you think?

      225 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      24 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    10. Support for gateway diagnostics in ARM

      The only way to get diagnostics logs from a VNet gateway is via ASM cmdlets. CSP subscriptions do not offer any support for ASM, so troubleshooting is impossible. Please add native support in ARM for retrieving logs from a VNet gateway

      145 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. blob from azure virtual network

      As we follow PCI standards, we need to specify all outbound IP addresses from our services.
      This is a problem with azure services as IP ranges to Microsoft/Azure datacenters can change weekly.
      We would like to be able to create a site-to-site connection and access our azure resources through an IPSec connection to avoid weekly IP management . As I understand on Azure support, azure virtual network is only available from VMs and not azure services like BLOB storage containers.
      This is much desired!

      125 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Please look at Azure Service Endpoints at https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview, it is GA for storage as well as SQL.

      With service endpoints, service traffic switches to use virtual network private addresses as the source IP addresses when accessing the Azure service from a virtual network. This switch allows you to access the services without the need for reserved, public IP addresses used in IP firewalls.

    12. Monitor Virtual network Gateway bandwidth

      We want to monitor the bandwidth usage of Virtual Network Gateway.

      We all know that the virtual network gateway(VNG) with different sku have different bandwidth limitation. However , we can't monitor the usage or the current status of VNG.

      118 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    13. azure admin should be able to view the virtual network gateway log

      currently as azure admin i can not see the gateway log when Vnet to Vnet connection is made

      94 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Enable UDR (Define Routing Table) for the Azure Gateway subnet

      After the nice added feature of virtual network UDR, we are faced to a new limitation, that is using ExpressRoute with Virtual Appliances. In fact, ExpressRoute can only be implemented using an Azure Gateway. That means that if you have ExpressRoute, you cannot use third party Virtual Appliances, unless Microsoft enable UDR for the Gateway subnet so we can route in/out traffic to the Gateway. This will allow us to use third party virtual appliances side by side with ExpressRoute.
      (Or Enable Third party virtual appliances to support Express Route, this is another alternative)

      91 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      7 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Enable secure connections between virtual networks

      Amazon doesn't have this but it is rumored by their support that it's in the pipes (pin intended).

      There should be a way to use the built in Azure VPN infrastructure to connect to another Azure cloud.

      Example: Company Contoso performs a data exchange between their on-prem databases and their Azure (IaaS) cloud based web servers through a hardware VPN to the Azure VPN solution. Contoso hires Tailspin Toys to be their web contractor. Tailspin Toys has their own Azure cloud that they use as a dev environment for their web solutions as well as a code repository. Tailspin Toys…

      75 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      5 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
      completed  ·  Yushun Wang [MSFT] responded

      We have announced the general availability of the VNet-to-VNet connectivity in TechEd 2014. The feature enables VNet-to-VNet connectivity both intra-/cross-region, and same-/cross-subscription. We have published an MSDN page to describe the configuration steps:

      http://msdn.microsoft.com/en-us/library/azure/dn690122.aspx

      More documentation and blogs will follow. Please try it out and let us know if you have any questions.

      Thanks!
      Yushun [MSFT]

    16. GUI based configuration of ARM based Point-to-Site

      Currently ARM based Point-to-Site needs to be set up thru Powershell. If the management portal has ability to configure ARM based P2S, setup process will become much easier.

      39 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. P2S VPN in ARM V2

      Please implement P2S VPN in ARM. This is preventing our adoption of ARM.

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    18. add a visual status for vNet connection status to the tile like the one in the classic portal

      In the classic azure portal, there is a nice visual to quickly see if my S2S VPN tunnel is connected or broken. It was a nice quick way to troubleshoot if I have an Azure related problem. In the new portal, not only there's no visual image, I have to drill down a few level to see if my tunnel is connected or not. I know I can pin that tile to my dashboard but a visual in that tile would be nice.

      33 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      4 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Connect Different Deployments from the same subscription via VPN

      Simmiliar to the Azure Connect Client->Service VPN functionality, we would like to allow inter-site connections.

      The user scenario is that each deployment represents a different application (which requires deployment isolation). Nevertheless, each (Java) application requires a direct TCP connection to a central application that provides unified services for all other applications.

      24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    20. Confirming the number of currently connected P2SVPN clients using the new portal

      I want a function where we can confirm the number of currently connected P2S VPN clients using the new portal.
      We can confirm on the classic portal (ASM), but there's no way on the new portal (ARM).

      22 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    ← Previous 1 3
    • Don't see your idea?

    Feedback and Knowledge Base