How to Create an Azure Application Gateway

This tutorial by Mohammed Waly, the author of Hands-On Networking with Azure, explains the creation of an Azure Application Gateway in 6 simple steps.

In 2015, Microsoft announced one of its coolest and most important enterprise networking solutions in Azure—the Azure Application Gateway. Ever since then, this service has witnessed many enhancements based on customers’ feedback.

Azure Application Gateway is a layer 7 load balancing service for applications. It comes with many features for customers using web applications, including SSL and CPU offloading.  It also provides a Web Application Firewall (WAF), which protects web applications and prevents malicious attacks.

Creating an Azure Application Gateway is a simple process, and you can learn how to do it by following these steps:

  1. Navigate to the Azure portal and search for application gateway.
  2. Once you’ve clicked on Application gateways, a new blade will open, displaying all the application gateways that have been created so far (if any). You can add new application gateways from here by clicking on Add.
  1. Once you’ve clicked on Add, a new blade will open wherein you’ve to specify the following:
    • Name: Specify a descriptive name for the application gateway.
    • Tier: Specify the flavour you’ll use.
    • SKU size: Select the SKU size that would fit your scenario.
    • Instance count: To be covered by application gateway SLA, you need to ensure at least two instances are specified. The higher the number of instances, the better the performance of the application gateway. Note that you cannot specify more than 10 instances.
    • Subscription: Specify the subscription to be charged for using this service.
    • Resource group: Specify the group in which this service will exist as a resource.
    • Location: Specify the location where this service will be created. 
  1. Once you’ve clicked on OK, you’ll be navigated to the next blade wherein you’ve to specify the following:
    • Virtual network: Specify a virtual network to be used with the application gateway. Ensure that it contains an empty subnet or a subnet with no other resource types besides the application gateways.
    • Subnet: When you select the virtual network, all the empty subnets within this VNet will be available in the drop-down list. You can select one of them.
    • Frontend IP configuration: Azure Application Gateway can either work facing the internet or in internal networks. Based on your scenario, you need to specify the following:
      • IP address type: You can select Public for internet facing scenarios and Private for internal networks.
      • Public IP address: If you’ve selected Public as the type, you need to specify the public IP address that will act as a frontend for the application gateway. If you’ve selected Private, you can specify the static private IP address that will be used for the application gateway by ticking this option. Otherwise, a dynamic private IP address will be assigned to the application gateway.
    • Listener configuration: You need to specify the following for the listener configuration:
      • Protocol: You can either use HTTP or HTTPS. At the moment, only these two protocols are supported with the application gateway. If HTTPS is selected, you’ll have to upload its PFX certificate and specify the user name and password for this certificate.
      • Port: Specify the port number on which the application gateway will listen to the traffic.
  • Upgrade to WAF tier: You can upgrade this tier from standard to WAF by ticking this option; you’ll then have to specify the following:
      • Firewall status: You can either select Enable to get it up and running once the application gateway is created or you can select Disable to disable it for the time being (it can be enabled later based on your requirements).
      • Firewall mode: If Enabled is selected, you’ll have to specify the mode of the firewall. It will either work for detection or for prevention. 
  1. Once you’ve clicked on OK, a Summary blade will open, displaying all the settings you’ve specified, so you can check its configuration before you upgrade, to avoid any misconfiguration.
  1. Once you’ve clicked on OK, the creation process of the application gateway will start. Remember that it will take a while to get up and running.

Note that creating a WAF application gateway will require no additional settings other than those specified. However, you’ll have to change the tier from Standard to WAF. If you’ve selected Standard but want it to work as WAF also, you can do so while configuring the settings. To know more about the same, you can read the book, Hands-On Networking with Azure.

Leave a comment

Your email address will not be published. Required fields are marked *