Front door Global Web Application Firewall

asked 2020-06-04T15:58:19.143+00:00
Ashu_clouddev 101 Reputation points

Hi,

I have few questions regarding Azure WAF. I am planning to enable Global WAF on Azure Frontdoor, I know that it is managed service but still wants additional below things to increase SLAs. Please guide me how to enable below though they appear bit strange.

  1. Load balancing on Global WAF
  2. High availability of Global WAF
  3. DR of WAF ( am even fine to fail over or DR to AWS WAF)
  4. Reference architecture which enables above

I highly appreciate your thoughts, links and guidance for the above.

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
328 questions
{count} votes

Accepted answer
  1. answered 2020-06-11T07:21:45.783+00:00
    Malleswara Reddy 1,626 Reputation points
    No comments

1 additional answer

Sort by: Most helpful
  1. answered 2020-06-10T01:46:29.947+00:00
    TravisCragg-MSFT 5,626 Reputation points Microsoft Employee

    1) Azure Front Door is not a true 'Load Balancer', but it can distribute traffic based upon 4 methods: Latency, Priority, Weighted, and Session Affinity. If you would like to know more about Azure Networking's Load Balancing options, here is a great doc that outlines the pros and cons of your options.

    2) Azure Front Door allows for a quick DNS based failover in the event that a deployment of your application fails. In order to achieve high availability in this method, you will need 2 independent deployments of your application, health probes to detect if one of your deployments fail, and routing configured to direct traffic to the working region.

    3) I am unsure what you mean by this. AFD WAF is integrated in the AFD. If the WAF fails, your AFD will also fail. AFD is deployed on a highly redundant infrastructure, and a service failure is highly unlikely. If you would like a redundant or backup WAF, it will need to be configured independently of the AFD.

    4) Here is an example architecture that uses Azure Web Apps to deploy a highly available application using Azure Front Door.