Configuring FrontDoor with multi-site Application Gateway as backend pool

SaumilShah-6177 1 Reputation point

We have multi-site Application Gateway that works at present. We want to optimize the performance, decrease #of hops and latency, so we want to put Azure FrontDoor in front of it.

We have successfully configured the FD with custom domains and with multi-site Application Gateway as the backend pool.

However, we can't figure out how to configure the FD Health probe to assess the health of Application Gateway or the multiple sites behind it.

Please help...

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
548 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
914 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. GitaraniSharma-MSFT 45,506 Reputation points Microsoft Employee

    Hello @SaumilShah-6177 ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    Below is a rough idea of deploying a multi-site Application gateway behind Azure Front Door which might help:

    Frontends/domains : You have successfully configured the FD with custom domains.

    Backend pools : Add a backend -
    Set the Backend Host Type to “custom host”, and for Backend Host Name, add the IP address of the Application Gateway and for Backend Host Header, add the site URL (the host name configured in your App gateway listener).
    Repeat this step for all your sites that are configured behind your App gateway.

    You can add upto 100 Backends per back-end pool.
    Reference :

    Health probe :
    Path: You need add the URL used for probe requests for the backends in the specified backend pool.
    For example, if your backend is and the path is set to /probe/test.aspx, then Front Door environments, assuming the protocol is set to HTTP, will send health probe requests to
    Protocol: Defines whether to send the health probe requests from Front Door to your backends with HTTP or HTTPS protocol.
    Method: The HTTP method to be used for sending health probes. Options include GET or HEAD (default).

    So you need to configure the health probe path as per your backend site health probe test page URL, which the application gateway is aware of. It should be a valid path starting with '/'.
    You can add all the sites with common health probe path into one backend pool.

    Routing rules :
    Then add the routing rules to map your frontend host and a matching URL path pattern to the specific backend pool.

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. i90runner 1 Reputation point

    Can someone please answer this question?. We have same issue and couldn't figure out any meaningful solutions.

    Frontdoor - > Application Gateway ( Primary in East and Secondary in West) -> AKS Ingress

    How do we configure frontdoor , so it checks the health of the application gateway rather than checking the health of specific application hosted in AKS.

    0 comments No comments