Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Is adding external endpoints via IP address available instead of FQDN? i don't think it is? can some one clarify it please..

      On Azure Traffic Manager, is external endpoints addition via IP address available instead of FQDN? i don't think it is yet? can some one clarify it please..

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    2. Maximum Internet Traffic supported by Application Gateway . Sometimes there will be a performance test conducted . So it is better to know

      Would be great if there is some information on the maximum traffic supported by Application gateway

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    3. we just wanted to have the OWASP rules in detection mode and Bot rules in prevention mode.

      Enable Bot rules in prevention mode independent of OWASP rules status.
      There should not be state dependency of other rule set on Bot Rules.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Web Application Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    4. Allow network flow logs from different regions to be dumped in storage account in different Region

      For now we can only dump network flow logs from nsg in the same region as our storage account. If we have to export flow logs from all regions we have to create 27 diff storage accounts. On top of that if i want to export my flow logs to external application i have to create 27 diff trigger functions, which is very cumbersome to manage

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    5. Azure GUI BUG Network Security Group for Gateway

      Portal allowing to associating an NSG to a gateway subnet

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    6. there should be S2S tunnel continuous monitoring feature.

      there should be S2S tunnel continuous monitoring feature. As we have established more than 5 tunnel but there is no automation available currently, we have to rely on manual network watcher.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    7. Site to Site VPN tunnels should allow using DNS Host names, not just IP address

      Currently, if you configure a site to site IPsec tunnel Azure will only let you input a public IP address. Many sites firewall receive private IP address's from ISP equipment and receive Dynamic public address. This

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    8. VPN connection

      Dear Azure team,

      It is not recommended to allow the complete vnet on the client side VPN devices. Our requirements is to restrict the communication to only small subnets. Please check the possibilities of restricting the access to small subnet instead of the whole vnet.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Azure Services consistent domain ownership verification

      It would be nice to have a single method for verifying domain ownership prior to DNS change.

      E.g. App Services uses "awverify TXT <appname>.azurewebsites.net" and Front Door uses "afdverify.www.contoso.com CNAME afdverify.contoso.azurefd.net"

      Similar to O365, we should be able to specify a single TXT record (maybe a hashed tenant ID) that indicates domain ownership.

      Thanks.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    10. I need to see a SIMPLE ASCII LOG listing what traffic is being passed and what is being filtered.

      I need to troubleshoot why traffic is not passing a certain point.

      I NEED to see a SIMPLE ASCII LOG listing what traffic is being passed and what is being filtered. SIMPLE.

      I don't need to load THREE APPLICATIONS, WRITE CODE, Delve into a mess of complications and take FOUR DAYS OF MY TIME to navigate how to look at what should be an ASCII LOG.

      IT IS SIMPLE. Network Security gear has been doing this for DECADES!!! MAKE IT SIMPLE.

      I want to see Flow Logs from an NSG. SEE?!? SIMPLE.

      Let me click ONE THING to see the…

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    11. No MFA available without RADIUS server on Azure Gateway

      Wanted to use Azure VPN Gateway but does have a requirement to use MFA. The ideal scenario would be ​integration between Azure Gateway and Azure AD without the need to issue certificates for Azure Gateway or host a RADIUS server.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    12. API for Azure IP Address Ranges

      Users would like to programmatically whitelist CIDR ranges for Azure Service instead of downloading XML file whose link changes when it is published.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    13. ChaCha20

      Add the ChaCha20 stream ciphers to our list of available TLS cipher suites in the near future.
      TLSCHACHA20POLY1305SHA256
      TLS
      ECDHEECDSAWITHCHACHA20POLY1305SHA256
      TLS
      ECDHERSAWITHCHACHA20POLY1305_SHA256

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    14. Gateway rewrites are dissapearing when cluster pods restarts

      azure application gateway rewrites are disheartening when some changes happens in kubernetes cluster.This is causing very high bussiness impact as the site will go down as the rewrites dissapear

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    15. Documentation on Persistent MAC addresses for VMs in Azure

      Looking for documentation on persistent MACs for VMs, assuring that the VMs will not change its initial MAC address.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    16. The Ability to change/define the BGP IP address assigned to the Virtual Network Gateway (automatically by Azure) when enabling BGP

      The BGP Peer IP addresses when randomly assigned creates issues with the On-premise networks and private IP addresses ranges being advertised and currently in use. Customers have VPN's to various other devices and platforms, the static address provided creates routing issues when the BGP peer advertised is a part of a cutomer On-premise network.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    17. Azure Application Gateway (AG) – Rule associations not deleted.

      Deleting Application Gateway Rules does not delete the any associations to other existing backend pools. The ask is if a rule is deleted, then any existing backend pool that is associated with the rule be deleted.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    18. Issues with IKEv1

      Fix issues with using IKEv1 on Standard+ Gateways.
      Currently (North EU) You are getting Bad request picking IKEv1 in both AzurePS and webGUI.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. Azure Network: PrivateLink-like feature to let SaaS ISVs expose their service as Service Endpoints in customer's VNet

      Users wants to be able to create custom service endpoints for their service within their customers' VNets. This is a feature that is available on competitor's cloud named PrivateLink, but is not available on Azure Network.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    20. alerts

      Would appreciate if we have an option/metric to Monitor the VPN Tunnel status.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    • Don't see your idea?

    Feedback and Knowledge Base