Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. About VPN gateway DNS

      Can VPN gateway push a new DNS server address to client when the client connected

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    2. Option to specify whether health probes follow redirects

      Currently the 'test' button for Health Probes always follows redirects. However, when the gateway runs the Health Probe it does NOT follow redirects. This actually breaks the Health Probes.

      When setting up a Health Probe, one should be able to specify whether redirects should be followed and that should be done consistently whether manually run via the Test button or automatically run via the schedule.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    3. Monitor container network traffic within a node

      I would like to see a solution for monitoring traffic between containers on the same node. I'm not sure if the Network Watcher product already does this or not - it wasn't specified.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
    4. service chaining

      redirect traffic based on customizeable criteria to other network functions that could be represented also as custom NVA to build network service chains.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    5. App Gateway TCP Timeout isn't configurable and will close Web Socket connections

      Application Gateway default TCP idle timeout is set to 4 minutes and cannot be changed, users would like the ability to change the idle timeout.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    6. Query string does not support without value in Azure FrontDoor

      Currently, the query string parameter in Frontdoor does not support a key withou value, it only supports format key=value. However, in RFC, it does not mandate the format with key=value. Is there any load map to have FD supports this feature?

      https://tools.ietf.org/html/rfc3986#section-3.4

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    7. Azure bastion connection does not support host names

      The connect option on an azure bastion resource asks for a host name, but doens't actually resolve host names (only IP addresses). The text should either be changed to ip addresses, or the functionality should be changed to support host names.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    8. Have better checks on Application gateway

      Have better checks on Application gateway, after reinstalling listener certificates, the configured backends go into an "unknown" state, a reboot is necessary even though the AGW is in a running state.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    9. Traffic analysis on ExpressRoute connections on top dataflows

      If there are many VNET's connected to the ExpressRoute, traffic of one VNET can impact other VNET's traffic. We need a way to see which srcip and dstip traffic is responsible for filling up the ExpressRoute. Current NSG flow data does not include amount of data between endpoints, thus we need another way of analysing top consumers of the ExpressRoute.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  2 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    10. VNET GW packet filter

      Hi All.

      I would like to set up a packet filter for VPN GW.
      It is the same as RRAS packet filter setting.
      Inbound IP address and port range filter, and outbound IP address and port range filter.

      Our VNET is connecting between sites with customers' VNET and VNET GW. Even if it is attacked from outside the customer's VNET, I do not want to endanger our VNET. I would like to filter traffic arriving at VNET with source IP and destination port number.

      How can it be realized?

      regards.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. SonicWall NSv (Firewall/Security/VPN/Router)-BYOL plans for SMB companies

      Currently SonicWall NSv (Firewall/Security/VPN/Router)-BYOL plans starts from NSv200, (unlimited nodes). For SMB offices and private companies optimal start plan - NSv25 (up to 25 nodes). Optimal for budget and used resources.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    12. Harmonize the offer types

      It would be nice to have a way to describe the reason for a given NSG rule.
      https://www.ckitchen.com/
      This would greatly simplify, for instance, bookkeeping for PCI DSS 3.1 item 1.1.6 which demands a business notification for each NSG rule.

      Name field allows 80 chars but type description there is just not the right thing. Specially when you need to refer to a given rule while using CLI tools. Huge plus if it appears as a column while listing rules.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    13. Fix HTTP/2 Prioritization

      HTTP/2 is supported as a protocol but is effectively broken and resources are delivered out of order. It takes coordination of the software stack from the edge server through to the networking stack to make sure excessive data isn't buffered (including on the network with bufferbloat).

      Proper prioritization is critical for web performance and particularly for HTTP/2 where the server is responsible for honoring it.

      There is a GitHub repository with information on how to test for it as well as tracking support across CDN's and hosting providers: https://github.com/andydavies/http2-prioritization-issues

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Content Delivery Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. Let security group view show the order in which rules are processed

      The current security group view allows multiple ways to sort the security rules that show up. It would be most useful if there would be a way to sort the security rules in the effective way they would be processed, meaning:
      1. customer defined rules on the subnet
      2. default rules on the subnet
      3. customer defined rules on the NIC
      4. default rules on the NIC.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the suggestion, we’ll consider adding this sort option. The current UI in Portal provides you with tabs to see the security rules applied on the Subnet and the NIC, as well as the default rules.

      Note, the rule processing order you provided only applies for inbound traffic. From https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg :

      Inbound traffic

      1. NSG applied to subnet: If a subnet NSG has a matching rule to deny traffic, the packet will be dropped.

      2. NSG applied to NIC (Resource Manager) or VM (classic): If VM\NIC NSG has a matching rule to deny traffic, packet will be dropped at VM\NIC, although subnet NSG has a matching rule to allow traffic.

      Outbound traffic

      1. NSG applied to NIC (Resource Manager) or VM (classic): If VM\NIC NSG has a matching rule to deny traffic, the packet will be dropped.

      2. NSG applied to subnet: If…

    15. DNS Services

      Hello Support,
      we request you if there DNS Services we can use for our internal AD instead of using DNS of ISP or any other third party like Google or OpenDNS to lookup, is there anything similar to this not Azure AD services.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    16. VPN Gateway with full feature set ala Basic tier

      I have several small deployments requesting small VPN gateway with full feature set, like P2S IkeV2 connectivity etc. But we need small size of Azure VPN and price similar to Basic tier

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    17. asg

      Update the Subscription Limits Documentation specifically for: "Application security groups that can be specified within all security rules of a network security group"

      This is very misleading. This can be interpreted as all the ASGs combined, since it references them as application security groupS (more than one).

      Suggest to update its plural "groups" reference to a singular “group” to imply a single ASG (in relation to the amount of instances that a single unique ASG can be referenced in the NSG).

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    18. Add a preference route or cost when exist two or more route for the same destinations

      The client does not always have BGP options on their local firewall and traffic can go through one tunnel or the other. With the option of setting the priority helps and solve the problem.

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    19. Show Drops in Express Route Connection and VNET Gateway

      We had a big outage earlier in the year due to a Gateway going bad in a VNET. We also are frequently asked if there is a “Network” issue where only one VNET has an issue. Many of these issues seems to be with performance issues rather than a total loss of connections. We need a way to track drops in a VNET.

      Can Microsoft add “DropsInPerSecond/DropOutPerSecond” to the ExpressRoute Connection graph or the Gateway? This would help us determine if the issue is a Network issue or just and application issue.

      Thanks

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    20. VNet is difficult to manage

      Splitting a resource group for each service makes it hard to connect the service to the network.

      I offer VNet peering free of charge or demand network service globalization

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base