question

Maguitinoco avatar image
0 Votes"
Maguitinoco asked LuisRodriguez-MSFT commented

Web Application Firewall with on-premise application

My applications are on-premises servers, so I want to use Azure WAF, is this possible? if yes, should i connect a vpn or.
not.
Is there a way for my back-end to be an on-premise server?

azure-application-gatewayazure-front-doorazure-ad-application-proxyazure-web-application-firewall
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LuisRodriguez-MSFT avatar image
0 Votes"
LuisRodriguez-MSFT answered LuisRodriguez-MSFT commented

Welcome to Microsoft Q&A Platform.

Application Gateway backend pools can contain:

  • NICs

  • Virtual machine scale sets

  • Public IP addresses

  • Internal IP addresses

  • FQDN

  • Multitenant backends (such as App Service)

Application Gateway backend pool members aren't tied to an availability set. An application gateway can communicate with instances outside of the virtual network that it's in. As a result, the members of the backend pools can be across clusters, across datacenters, or outside Azure, as long as there's IP connectivity.

More info: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-components#backend-pools

In your case, if the backend is hosted in your private network onpremise you should use VPN (or Expressroute) allowing traffic between both ends.
If the backend is exposed to the Internet you can just use public IPs (or FQDN).

I hope this helps!


Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Luis,

Thank you very much for your answer, it cleared my doubts.

Just to be sure, my backend is an on-premise web server, exposed to the internet, then only with the public IP it is enough to implement my WAF(application Gateway)?

0 Votes 0 ·

Hi yes, you are correct.

1 Vote 1 ·