Anonymous

My feedback

  1. 94 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  Web Apps » App Service Environment  ·  Flag idea as inappropriate…  ·  Admin →
      Anonymous commented  · 

      We bought dedicated Application Gateways for each slot to get around all of the problems of going through a central Application Gateway/Web Application Firewall for all deployment environments. Well now we find out that IP Restrictions are not sticky to the deployment slots. Isn't this a fine mess? Please escalate this request as even throwing money at all the extra Gateways does not help us unless we open a gaping hole in security.

    • 4 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Networking » Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
        Anonymous supported this idea  · 
        Anonymous commented  · 

        Application Gateway backend pools are not natively aware of an App Service's deployment slots. I have to get around this by, instead of targeting a backend pool to type "App Service", I need to target type "IP or FQDN" and then put in the "client-staging.azurewebsites.com" or "client-development.azurewebsites.com" values (if using the original example).
        At the very least, make the backend pool App Service target aware of the deployment slots to select in the drop down list.
        However, the original poster's (OP) request would be a complete solution: Have the Application Gateways be aware of app service deployment slot swaps so we don't need to manually fuss with App Gateways for slot swaps. App Gateways should be swap-aware.

      • 360 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          22 comments  ·  Networking » Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
          Anonymous commented  · 

          I am surprised this doesn't have more votes. The App Service Certificate terribly loses its value by not giving the front end direct access to use it.

          Anonymous supported this idea  · 
          Anonymous commented  · 

          Application Gateways not able to access the certificate from Azure Key Vault is a security problem because of the need to export a PFX.
          It also greatly diminishes the value of the higher price of an Azure App Service Certificate (ASC). It is no more secure than going to any other CA at this point who can charge far less for a certificate of the same value.

        • 957 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            29 comments  ·  Networking » Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
            Anonymous commented  · 

            Glad to hear that this is being actively developed. It can't come soon enough.

            Anonymous supported this idea  · 
          • 544 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              planned  ·  26 comments  ·  Networking » Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
              Anonymous commented  · 

              This is a major blocker to implementing on Azure. We have 100's or 1000's of mini-sites with custom sub-domains to distinguish them. Application Gateway is not scalable - dead in the water.

            • 101 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                3 comments  ·  Networking » Application Gateway  ·  Flag idea as inappropriate…  ·  Admin →
                Anonymous commented  · 

                This is very important. Since we need to use the App Service Certificate at the Application Gateway, we are forced to turn off auto-renew on the certificate and do it manually. This is a noticeable loss of value to the ASC offering. Allowing the Application Gateway to get the certificate from Azure Key Vault would maintain full functionality.

                Anonymous supported this idea  · 
              • 4 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Web Apps  ·  Flag idea as inappropriate…  ·  Admin →
                  Anonymous commented  · 

                  Yes, please make dynamic DNS native for the Azure DNS service

                  Anonymous supported this idea  · 

                Feedback and Knowledge Base