Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Azure Firewall NAT Rules

      When the UDR assoc the Subnet is not possible connect by RDP from the Internet, or other services exposed in the internet.

      If I could create the NAT Rule on the Azure Firewall I can expose any services in internet and this issue would be resolved.

      thank you so much.

      Best Regards

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Network Security Groups  ·  Flag idea as inappropriate…  ·  Admin →
    2. Traffic analysis on ExpressRoute connections on top dataflows

      If there are many VNET's connected to the ExpressRoute, traffic of one VNET can impact other VNET's traffic. We need a way to see which srcip and dstip traffic is responsible for filling up the ExpressRoute. Current NSG flow data does not include amount of data between endpoints, thus we need another way of analysing top consumers of the ExpressRoute.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  2 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    3. 1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    4. BGP Peering IP modification on different subnet

      Hey,
      For business purpose, we wanna offer an idea of selecting peering IP from non-GW subnet while using Azure VPN BGP. this IP was currnetly allocated from ge subnet. but we wanna change to specific IP . let's say our address space range is 10.0.0.0/16, but our GW subnet is 10.0.0.0/24, Peering IP is 10.0.0.254. but one of subnet is 10.13.100.70/28, we wanna change peering IP to 10.13.100.70. but this is impossible, could we make some changes in further?

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    5. VNET GW packet filter

      Hi All.

      I would like to set up a packet filter for VPN GW.
      It is the same as RRAS packet filter setting.
      Inbound IP address and port range filter, and outbound IP address and port range filter.

      Our VNET is connecting between sites with customers' VNET and VNET GW. Even if it is attacked from outside the customer's VNET, I do not want to endanger our VNET. I would like to filter traffic arriving at VNET with source IP and destination port number.

      How can it be realized?

      regards.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    6. MS-Azure BGP AS number enable viewing

      How about enabling the view of the MS-Azure AS number on the portal when configuring Private Peering.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback. If I understand correctly, you would like us to display the ExpressRoute ASN on the portal so that you do not have access the documentation when configuring the peer ASN – as an easy reference.

      Look forward to your response!

      Jared
      PM, ExpressRoute

    7. Add Ability to create a Dynamic Object "Local Subnet" Route in a Route Table

      We have a configuration where we want VMs on the same subnet to communicate directly through the virtual network, and VMs on different subnets to communicate through a firewall. We have done this by defining a unique route table for for each subnet.

      It would be far more better to have a "Local Subnet" object so that a single route table could be used for all the subnets in a vnet. For example, create a route with Address Prefix as "Local Subnet" with nexthop "Virtual Network".

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    8. Application Gateway needs to be faster and capable of greater transaction throughput

      Currently, Application Gateway is the only service on Azure that supports offloading certificates for SSL, but Application Gateway can take a long time to provision and update with changes, and is unable to handle the high stress levels imposed by some apps. Application Gateway should be quick to provision and update after configuration changes, and it should be able to handle large numbers of requests per minute (e.g., 6,000 per minute).

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      We recently introduced changes which make any updates to Gateway complete in less than a minute. We are also working on reducing provisioning time. Regarding SSL offload performance – you should be able to increase the number of instances to scale out and handle increased load. 6000 new SSL connections per minute is not a lot and should be able to be served by a single Large instance. Please open a support ticket if you are seeing issues with performance at this scale.

    9. VNet is difficult to manage

      Splitting a resource group for each service makes it hard to connect the service to the network.

      I offer VNet peering free of charge or demand network service globalization

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    10. About VPN gateway DNS

      Can VPN gateway push a new DNS server address to client when the client connected

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      need-feedback  ·  2 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    11. Delete a network security group: this description is insufficient. please make it better

      Delete a network security group: this description is insufficient. please make it better

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    12. Utilization

      I need to get the bandwidth utilized per month with cost only for internet traffic in/out from datacenter (**Excluding the VM to VM traffic in/out). It will be helpful for Firewall,WAF,SIEM kind of implementation analysis (if historic usage available for last (1hr,24,7days,30days,,matrix)

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    13. Allow VM's to have multiple Public IP's with a single private IP

      We should be able to attach multiple public IP's to a single NIC without having multiple private IP's.

      It is very difficult to configure 3rd party firewalls needing a 1:1 between public IP's and private IP's as far as routing rules go.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    14. There is a bug in firewall settings

      in this page:
      https://portal.azure.com/#@XXXX/providers/Microsoft.Network/networkSecurityGroups/xxxx/overview

      Where I try to change the ip for more that one inbound rule, there is a validation message says that the port is duplicated (although it is not)

      Excepted not to see this message

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Virtual Network  ·  Flag idea as inappropriate…  ·  Admin →
    15. SonicWall NSv (Firewall/Security/VPN/Router)-BYOL plans for SMB companies

      Currently SonicWall NSv (Firewall/Security/VPN/Router)-BYOL plans starts from NSv200, (unlimited nodes). For SMB offices and private companies optimal start plan - NSv25 (up to 25 nodes). Optimal for budget and used resources.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    16. Allow network flow logs from different regions to be dumped in storage account in different Region

      For now we can only dump network flow logs from nsg in the same region as our storage account. If we have to export flow logs from all regions we have to create 27 diff storage accounts. On top of that if i want to export my flow logs to external application i have to create 27 diff trigger functions, which is very cumbersome to manage

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    17. Dynamic Upgrade Problems - NNI at Capacity

      We've run into a recent problem where we couldn't dynamically upgrade (from 100Mb to 500Mb) an Expressroute circuit quickly when needed. We were told the MS NNI to our carrier (Verizon) was at capacity. The only option was to re-create the Expressroute circuit and then re-provision the Verizon SCI side of the link (took about 2 weeks). I would like to see Microsoft working with the carriers on a method of dynamically moving connections to different NNI's with capacity if needed. Maybe there is a grooming operation that runs between MS & the carriers that dynamically moves these links to…

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    18. Fix the traffic selector of Basic VPN Gateway

      On the Azure side, on a Basic VPN S2S VPN Gateway, the VPN gateway is always configuring a traffic selector of 0.0.0.0/0 not taking into consideration the configured on premises address ranges. This is by design and makes the basic gateway a non usable product.
      If you want split tunneling you are forced to an advanced gateway, with Policy Based Traffic Selectors, even if you only are establishing one single tunnel.
      More info on case 119020925000183

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    19. WAF fails to establish success health using the web service SAP cloud connector with custom TLS1.2 and struggled to find the issue from WAF.

      WAF fails to establish success health using the web service SAP cloud connector with custom TLS1.2 and struggled to find the issue from WAF stand point. Means, We modified multiple TLS1.2 algorithm and tested to fix the issue. Why the custom/selected TLS1.2 algo is not working? Can you build the "front end troubleshooting page or packet capture page" to select correct TLS1.2 or elect the correct TLS1.2 automatically?

      Moreover, Could you modify the name from "Listener" to "Backend Listener"? Boz, This name is really confusing with frontend certificate and backend TLS parameters.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    20. Sort Application Gateway Rules alphabetically

      My lists of Application Gateway Rules / Listeners and HTTP Settings is growing very fast. I've applied a naming convention but the lists are in random order so it's hard to find the settings which are for the same customer.

      1 vote
      Vote

      We're glad you're here

      Please sign in to leave feedback

      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

    • Don't see your idea?

    Feedback and Knowledge Base