question

Ashuclouddev-1743 avatar image
0 Votes"
Ashuclouddev-1743 asked ·

Front door Global Web Application Firewall

Hi,

I have few questions regarding Azure WAF. I am planning to enable Global WAF on Azure Frontdoor, I know that it is managed service but still wants additional below things to increase SLAs. Please guide me how to enable below though they appear bit strange.

  1. Load balancing on Global WAF

  2. High availability of Global WAF

  3. DR of WAF ( am even fine to fail over or DR to AWS WAF)

  4. Reference architecture which enables above

I highly appreciate your thoughts, links and guidance for the above.

azure-front-door
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Experts, Please share any suggestions for this.

0 Votes 0 ·
MalleswarReddy avatar image
0 Votes"
MalleswarReddy answered ·
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TravisCragg-MSFT avatar image
0 Votes"
TravisCragg-MSFT answered ·

1) Azure Front Door is not a true 'Load Balancer', but it can distribute traffic based upon 4 methods: Latency, Priority, Weighted, and Session Affinity. If you would like to know more about Azure Networking's Load Balancing options, here is a great doc that outlines the pros and cons of your options.


2) Azure Front Door allows for a quick DNS based failover in the event that a deployment of your application fails. In order to achieve high availability in this method, you will need 2 independent deployments of your application, health probes to detect if one of your deployments fail, and routing configured to direct traffic to the working region.

3) I am unsure what you mean by this. AFD WAF is integrated in the AFD. If the WAF fails, your AFD will also fail. AFD is deployed on a highly redundant infrastructure, and a service failure is highly unlikely. If you would like a redundant or backup WAF, it will need to be configured independently of the AFD.

4) Here is an example architecture that uses Azure Web Apps to deploy a highly available application using Azure Front Door.


· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thanks for the response. My question is more toward HA and DR of WAF. As they are managed services, is there any way to create failover for WAF? Even in the architecture you have shared there is failover mechanism for web application for Frontdoor. What if frontdoor or WAF at application gateway fail, I should have fail over in place for that reason.

0 Votes 0 ·