Microsoft Azure Networking (Part – 3)

 

Hello Everyone 🙂 Thanks for following the blog.

As we know this blog is a part of Microsoft Azure Networking blog series. This blog is Part – 3 where we continue the Networking resources from understanding Azure Application Gateway. If you haven’t read the Part – 1 and Part – 2

Azure application Gateway

  1. Layer 7 : HTTP/HTTPS load balancing WebSocket support.
  2. Web application firewall
  3. URL-based routing.
  4. Routing based on tuple of source & destination IP addresses.
    • Round Robin
    • Session affinity via cookies
    • SSL decoding/terminations & end-to-end SSL processing.

Services:

  1. Two SKU’s -> Web Application firewall (WAF) and Standard.
  2. Small, Medium & Large services tiers.
  3. Differences in pricing for outbound data
  4. Small doesn’t support WAF
  5. Differenced in speed of putdound data processing.
  6. Inbound data is free for all service tiers.

Web Application Firewall

  1. Protects from common attacks.
  2. SQL Injection & cross-site scripting.
  3. Bots & Scanners.
  4. HTTP violation/anomalies/forgeries.
  5. Server Misconfigurations.

Detection Mode : Detects and logs threats; no direct alerting.

Prevention Mode : Sends 403 response to detected threats.

Pros:

  1. Super-simple to use.
    • Create it, assign it to an IP address and VNET, add a listener and you’re done.
  2. Can protect Web Apps(in a Virtual Network).
  3. Public and private IP’s load balancing.
  4. WAF protects against common attacks.
  5. SSL offloading
    • Requires additional configuration.
  6. Custom health probes.

Cons:

  1. Only works for HTTP/HTTPS.
  2. Round Robin and URL based routing limits overall routing options.
  3. Doesn’t support IP reservations.
  4. Laxer rule Vs Load balancer for health probes.

Usage Examples

  1. Protest Virtual Machines & Web Apps against Common Attacks(WAF)
  2. Routing traffic among several web servers VMs or web apps within a specific
    VNets.
  3. In concert with a load balancer for multities application.
  4. Maintain session affinity for specific applications (Shopping carts, Web mail, etc.)
  5. SSL-intensive workload.

Thanks for reading.. 🙂 Keep following for Part – 4

 

By |2017-11-25T13:20:20+00:00October 10th, 2017|Azure Application Gateway, Azure Networking|

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.