AdminAzure Networking Team
(Product Manager, Microsoft Azure)
My feedback
-
125 votes
An error occurred while saving the comment -
47 votes
An error occurred while saving the comment Azure Firewall supports HTTP/S and MSSQL in application rules. We are adding FQDN filtering in network rules based on DNS resolution for all TCP/UDP protocols. Tentative preview is early Q3 CY2020.
-
193 votes
Thank you for the feedback. We’ll look into whether this can be included in our roadmap.
AdminAzure Networking Team
(Product Manager, Microsoft Azure)
supported this idea
·
-
1 vote
-
6 votes
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
An error occurred while saving the comment Azure Firewall now supports up to 100 public IPs. See more here - https://docs.microsoft.com/en-us/azure/firewall/overview#multiple-public-ip-addresses
-
360 votes
Apologies. There was apparently a misunderstanding and the status has been corrected.
This specific feedback item is for NAT from private IP space to private IP address
AdminAzure Networking Team
(Product Manager, Microsoft Azure)
supported this idea
·
-
262 votesAdminAzure Networking Team
(Product Manager, Microsoft Azure)
supported this idea
·
AdminAzure Networking Team
(Product Manager, Microsoft Azure)
shared this idea
·
-
61 votes
Thank you for your suggestion. We are working to improve this experience.
An error occurred while saving the comment The new V2 (Autoscaling) SKU reduces the update times to under a min in most cases. https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-autoscaling-zone-redundant
-
441 votes
We have raised the limit to 100 recently. We are regularly reviewing the limits and will continue to look for opportunities to raise the limits even further. Stay tuned :)
An error occurred while saving the comment We are working on supporting wildcard listeners in the near term. As mentioned before, if you need more than 100 listeners you can open a support ticket with your specific scenario details. The current limit of 100 is set based on performance tests and we are unable to set it to a much higher value for all customers at this time as it may degrade performance depending on individual scenarios. That being said, we continue to review periodically and optimize our data plane so that higher limits may be possible.
-
1,252 votes
URL rewrite for Application Gateway v2 is currently in public preview! With this, you can now rewrite URL path and query string parameters based on a condition. The condition will be on request or response parameters.
Also, you get the ability to choose the routing to a backend pool based on the original URL or the rewritten URL.
We’d love for you to try it out and let us know your valuable feedback. Learn more here – https://aka.ms/urlrewritepreview and https://aka.ms/urlrewriteconfiguration
An error occurred while saving the comment Please be assured we are working on this feature as one of our top priorities and will announce it as soon as it's ready.
-
127 votes
valid suggestion subject to upvote
An error occurred while saving the comment SNAT on incoming connections is done do ensure symmetric routing across the underlying firewall nodes for returning packets. This is needed as the Standard Load Balancer has TCP state checking rules today that will drop the session if the returning packet comes from a different firewall physical node. This will be fixed in the future, but no ETA yet.
-
15 votes
An error occurred while saving the comment We are working on adding Service Tags to Azure Firewall network rules and hope to have it released in Q1 2019.
-
2 votes
An error occurred while saving the comment Please elaborate on the scenario. You can already provide permissions on a zone to a specific user such that user is able to manage records within that zone but not other zones. Please see https://docs.microsoft.com/en-us/azure/dns/dns-protect-zones-recordsets#zone-level-rbac
-
10 votes
Thanks for the feedback. Not in near term plans.
— ChristianAn error occurred while saving the comment HTTP and HTTPS probes use an HTTP GET. Can you please expand on the scenario where something other than 200 is a valid response for this operation? 201 for example is typically used for a POST.
-
1 vote
An error occurred while saving the comment Thanks for the feedback. Agree with the feedback on destination address. We will explore having it as a drop down list that provides the firewall public IPs. This should eliminate also the confusion with the translated address.
-
3 votes
Thank you for the feedback. Can you clarify please if you are asking for the health probe to close the connection
a) WITH a 4 way close or
b) WITHOUT a 4 way close and send RST instead?
— ChristianAn error occurred while saving the comment @hisashima load balancer uses (a) today. why do you need the behavior described in (b). can you elaborate on the scenario and impact please?
-
1,128 votes
We are evaluating this feature ask. However, it is not on our immediate roadmap.
-Rohin KAn error occurred while saving the comment While we don't offer a 301 redirect service, we just announced support for Alias records which will let you point to any Public IP-backed resource (such as Application Gateway) or a Traffic Manager profile, from your zone apex. This may be an alternative if the need is to make sure both the zone apex and say the www subdomain point to the same load balanced application. For more details see https://azure.microsoft.com/en-us/blog/announcing-alias-records-for-azure-dns/
-
463 votes
Thanks for the feedback, we are working on enabling ASG references across subscriptions/VNets, it’s currently on our plans
AdminAzure Networking Team
(Product Manager, Microsoft Azure)
supported this idea
·
-
1 vote
An error occurred while saving the comment Hi, can you please indicate to which article/documentation you're referring?
-
33 votes
Hi,
Currently, the gateway private IP addresses are not required for configurations or operations, other than the GatewaySubnet range. They should have been hidden from users. The gateway resource model does not have a field for those either.
There may be use cases for new features down the road. We will update the gateway resource model accordingly and expose those properly.
Thanks,
Yushun [MSFT]An error occurred while saving the comment Taking offline with Farouk to further clarify.
Thanks,
Yushun [MSFT]
You can have both services - either side by side (Recommended) or chained. See more here - https://docs.microsoft.com/en-us/azure/architecture/example-scenario/gateway/firewall-application-gateway. We are looking to provide a better integration in the future