Front door Global Web Application Firewall

Ashu_clouddev 101 Reputation points
2020-06-04T15:58:19.143+00:00

Hi,

I have few questions regarding Azure WAF. I am planning to enable Global WAF on Azure Frontdoor, I know that it is managed service but still wants additional below things to increase SLAs. Please guide me how to enable below though they appear bit strange.

  1. Load balancing on Global WAF
  2. High availability of Global WAF
  3. DR of WAF ( am even fine to fail over or DR to AWS WAF)
  4. Reference architecture which enables above

I highly appreciate your thoughts, links and guidance for the above.

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
576 questions
Accepted answer
  1. Malleswara Reddy, G 1,631 Reputation points
    2020-06-11T07:21:45.783+00:00

    Hi,

    As you already know, Frontdoor, Application gateway are managed services and they come inbuilt LB, HA, DR. You can check SLAs in the below links -

    https://azure.microsoft.com/en-us/support/legal/sla/application-gateway/v1_2/
    https://azure.microsoft.com/en-us/support/legal/sla/frontdoor/v1_0/

    But if you are looking for failover based solution, you can try using Barracuda configuration by using Azure VM and you can build failover VMs with same configuration.

    https://campus.barracuda.com/product/cloudgenfirewall/doc/86545500/how-to-configure-a-high-availability-cluster-in-azure-with-the-standard-load-balancer/#:~:text=Configure%20a%20high%20availability%20cluster%20to%20ensure%20that%20the%20services,maintenance%20or%20a%20hardware%20issue.&text=Incoming%20connections%20are%20forwarded%20to,by%20the%20Azure%20Load%20Balancer.

    Regards,
    Eshwar

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. TravisCragg-MSFT 5,676 Reputation points Microsoft Employee
    2020-06-10T01:46:29.947+00:00

    1) Azure Front Door is not a true 'Load Balancer', but it can distribute traffic based upon 4 methods: Latency, Priority, Weighted, and Session Affinity. If you would like to know more about Azure Networking's Load Balancing options, here is a great doc that outlines the pros and cons of your options.

    2) Azure Front Door allows for a quick DNS based failover in the event that a deployment of your application fails. In order to achieve high availability in this method, you will need 2 independent deployments of your application, health probes to detect if one of your deployments fail, and routing configured to direct traffic to the working region.

    3) I am unsure what you mean by this. AFD WAF is integrated in the AFD. If the WAF fails, your AFD will also fail. AFD is deployed on a highly redundant infrastructure, and a service failure is highly unlikely. If you would like a redundant or backup WAF, it will need to be configured independently of the AFD.

    4) Here is an example architecture that uses Azure Web Apps to deploy a highly available application using Azure Front Door.