@Veera ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are in the middle of migrating your OnPrem IIS servers to Azure.
I am not aware of the features provided by ARR+NLB layer, however, I can list the features available at Application Gateway and WAF.
App Gateway:
- Azure Application Gateway is a web traffic (OSI layer 7) load balancer that enables you to manage traffic to your web applications. More like a reverse proxy.
- You can add VMs in Azure to the backend pool of App gateway, this means you can add IIS Servers without an issue.
- See : Backend pools
App Gateway WAF:
- See : What is Azure Web Application Firewall on Azure Application Gateway
- WAF on Application Gateway is based on the Core Rule Set (CRS) from the Open Web Application Security Project (OWASP).
- Features : https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview#features
- In addition to the above, it lets you create Custom rules and includes Bot protection rule set
- Please note that you should Tune your WAF according to your requirements/environment should you feel you are facing a large number of false positives.
- You may do it by
1.Creating exclusions
2.Creating custom WAF rules
3.or Disabling the Rule ID matched
Should you have any specific feature requirement, please do let us know and I shall confirm if it is available in WAF or not.
Hope this helps.
Thanks,
Kapil