Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Add activity alert feature for DNS record add/delete/modify

      Current activity alert for DNS zones available but not for records. Add activity alert feature for DNS record add/delete/modify also.

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
      • Adding multiple NSGs to a NIC

        I have several virtual machines in several different subnets that need to apply a certain set of network security rules. But for each VM there are also their own unique rules. I would like to be able to set multiple NSG for the NIC of each virtual machine. I do not want to copy common rules to each NSG.

        4 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Predefined Access Rules for Every Region

          Microsoft Azure should have predefined access rules for every region.
          For example, if someone wants to block traffic for every region except only one, should choose to allow for the specific one and add block rule for every other region.
          That would be good for DDos attacks

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Network Watcher  ·  Flag idea as inappropriate…  ·  Admin →
          • Streamline SSL Certificate Renewal

            I have a SAN SSL certificate that contains 6 different addresses, these each have their own listeners etc. To apply a renewed certificate today I've spent 4hours with Azure support, adding the new certificate, updating each site to use the new certificate one by one, and then going through the HTTPSettings and changing the certificate over in there for each site as well.
            In IIS this is much simpler, I add the new certificate and update the binding on one website and all sites are updated - done, in 1minute.
            In summary making it quicker and simpler to update a…

            6 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
            • Predefined Access Rules for Every Region

              Microsoft Azure should have predefined access rules for every region.
              For example, if someone wants to block traffic for every region except only one, should choose to allow for the specific one and add block rule for every other region.
              That would be good for DDos attacks.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • Load Balancer real time statistics

                I suggest to add the real time statistics in the load balancer so that user can view how much connections are being made to the front end servers and how much data has been transferred.

                Also it must show the sessions ids and how much hits on the backend pool.

                7 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
                • Support EV SSL cerrtificates in application gateway

                  Please support EV SSL certificates in Application Gateway. What is the reason they aren't supported already?

                  24 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    2 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                  • Add Azure and AWS IP ranges to easily restrict traffic without using Powershell

                    Currently adding Azure or AWS IP addresses need to be done by Powershell commands and also need to be updated every time an IP Address change. People need this to be easily configurable

                    4 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
                    • add support of '--idle-timeout' for "az network lb rule update -g lwm2m6 --lb-name lblwm2m6 --idle-timeout 30 -n IPv6Tcp80_8080"

                      Want to configure '--idle-timeout':

                      az network lb rule update -g lwm2m6 --lb-name lblwm2m6 --idle-timeout 30 -n IPv6Tcp80_8080

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
                      • add a source tag for Office 365 IPs to NSG Rules

                        Consider adding support for multiple address ranges in NSG rules or add a source tag for Office 365 IPs.

                        Currently it is a nightmare to add all addresses for Exchange Online. We need a NSG policy for each address range :)

                        https://feedback.azure.com/forums/217313-networking/suggestions/11716131-add-a-source-tag-for-azure-datacenter-ips-to-nsg-r

                        14 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • Allow Static Public IP Address

                          Hi,
                          We currently have VMSS running inside a public Load Balancer, that ensures all the apps have the same Public IP address. This is important for us, as we need to be able to publish our IP Addresses for all clients to whitelist.

                          We really want to move to using the Application Gateway, but can't because it doesn't support static Public IP addresses.

                          I don't believe there is a work around either?

                          46 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                          • Application Gateway Public IP to be allocated to existing Virtual Machine

                            We want Application Gateway Public IP to be used and associated with Virtual machine. If we remove application Gateway , its public IP should be retailed.

                            4 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                            • WAF - Allow access to configure ModSecurity variables such as tx.high_risk_country_codes

                              The tx.high_risk_country_code and other variables like GeoIP database need to be configured for rules in REQUEST-910-IP-REPUTATION to have any affect. These could be defaulted to a value (and documented) for now, but overriding these ModSecurity variables per instance is needed in the future.

                              As it stands right now it appears that these are not configured, and are leading to people thinking they are protected by these rules when they are not.

                              17 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • Add Standard set of Network Security Group Rules for Inbound and outbound traffic when creating new rules.

                                I would like to see standard set of NSG rules for each new subscription that gets created for securing environment. for example SQL, SCCM, DMZ, App servers(Web servers), RDP etc. where we have ability to change the names according to our naming conventions and populate or have options to choose subnets, single VM.

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                • Provide NSG Tags for PaaS Services

                                  Provide a way to TAG resoures in NSG - such as Azure Storage, Azure SQL and other PaaS Services or let user define his own custom tags.

                                  12 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                  • Application Gateway WAF support EV certificates

                                    Application Gateway WAF does not support EV certificates

                                    7 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Application Gateway WAF support gzipped content in the request body

                                      Application Gateway WAF does not support gzipped content in the request body.

                                      4 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Please give feature SSL certificate setup in Azure Load balancer and/or static public IP in application Gateway instead dynamic IP.

                                        Please give feature SSL certificate setup in Azure Load balancer and/or static public IP in application Gateway instead dynamic IP.

                                        4 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Remove IP address trial filtering

                                          Why would you filter out trial requests by IP address when you have a CC for personal identification? You do realize there ARE dynamic IP addresses and SO MUCH ISPs actually provide BY DEFAULT only dynamic IP addresses, right? Seriously Microsoft, its 2017 and IPv4 has been long depleted ...

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
                                          • IPv6 over IPv4 - Protocol 41

                                            Our remote workers use Direct Access to connect to applications and services hosted in Azure.

                                            Outbound management from Azure to the clients is currently not support.
                                            Microsoft have confirmed Azure does not support IPv6 over IPv4 - Protocol 41.

                                            It would be a huge help if we could get support for this.

                                            13 votes
                                            Vote
                                            Sign in
                                            Check!
                                            (thinking…)
                                            Reset
                                            or sign in with
                                            • facebook
                                            • google
                                              Password icon
                                              I agree to the terms of service
                                              Signed in as (Sign out)
                                              You have left! (?) (thinking…)
                                              0 comments  ·  IPv6  ·  Flag idea as inappropriate…  ·  Admin →
                                            • Don't see your idea?

                                            Feedback and Knowledge Base