Azure Utility Gateway offers layer 7 load balancing with built-in Net Utility Firewall (WAF) capabilities, enabling site visitors distribution throughout backend servers whereas defending towards widespread net exploits like SQL injection and DDoS assaults. This information walks by way of deploying an Utility Gateway to front-end two Home windows Server IIS situations in an availability set.
Â
Â
Community Infrastructure Configuration
Step one you must take is to arrange your Azure community infrastructure for Azure Utility Gateway deployment. You are able to do this by performing the next steps:
Create Utility Gateway Subnet
- Navigate to Digital Networks and choose your IIS VNet
- Choose Subnets > Add Subnet
- Configure the subnet:
- Title: app-GW-subnet
- Beginning tackle: 10.0.1.0 (or subsequent out there subnet vary)
- Depart different settings at defaults (no personal endpoint insurance policies or subnet delegation required)app-gateway-iis-vms-narrated-itopstalk.txt​
Configure NSG Guidelines for Backend Site visitors
- Choose the primary IIS VM’s Community Safety Group
- Create an inbound rule:
- Supply: Utility Gateway subnet (10.0.1.0/24)
- Service: HTTP
- Present precedence and descriptive title
- Repeat for the second IIS VM’s NSG to permit site visitors from the Utility Gateway subnet on port 80app-gateway-iis-vms-narrated-itopstalk.txt​
Utility Gateway Deployment
As soon as the Azure community infrastructure is ready, you’ll be able to then deploy the applying gateway and configure community site visitors safety insurance policies.
Fundamental Configuration
- Seek for Utility Gateways within the Azure Portal
- Click on Create > Utility Gateway
- Configure fundamental settings:
- Useful resource Group: Identical as IIS VMs
- Title: (e.g., ZAVA-app-GW2)
- Area: Identical as IIS VMs
- Tier: Customary V2
- IP Handle Sort: IPv4 solely
- Choose Configure Digital Community and select the IIS VNet
- Choose the Utility Gateway subnet created earlier
- Create a brand new public IPv4 tackle for the gateway frontend.
Backend Pool Configuration
- On the Backends web page, choose Add a backend pool
- Present a pool title
- Add each IIS VM personal IP addresses to the pool.
Routing Rule Configuration
- On the Configuration web page, choose Add a routing rule
- Configure the listener:
- Present a rule title
- Create a listener with a descriptive title
- Protocol: HTTP
- Port: 80
- Listener sort: Fundamental
- Configure backend targets:
- Goal sort: Backend pool
- Backend pool: Choose the pool created within the earlier step
- Create new backend settings with port 80
- Configure elective settings (cookie affinity, connection draining) as wanted
- Specify a precedence for the routing rule
- Full the wizard to deploy the gatewayapp-gateway-iis-vms-narrated-itopstalk.txt​
Verification and Testing
- Navigate to Utility Gateways and choose your deployed gateway
- Copy the Public IP Handle from the overview web page
- Entry the general public IP in a browser and refresh a number of instances to look at load balancing between IIS-1 and IIS-2
- Navigate to Backend Swimming pools to view backend well being standing for troubleshooting.
Net Utility Firewall Safety
- In your Utility Gateway, navigate to Net Utility Firewall
- Choose Create an online software firewall coverage
- Present a coverage title
- Allow Bot Safety for enhanced safety
- Save the coverage
- Overview the coverage’s Managed Guidelines to verify OWASP Core Rule Set and bot safety guidelines are lively.
The Utility Gateway now distributes site visitors throughout your IIS availability set whereas offering enterprise-grade safety safety by way of built-in WAF capabilities.
Discover out extra at: https://be taught.microsoft.com/en-us/azure/application-gateway/overview
