SOLVED

Is Application Gateway enough for PaaS based HTTPS enabled application

%3CLINGO-SUB%20id%3D%22lingo-sub-2085678%22%20slang%3D%22en-US%22%3EIs%20Application%20Gateway%20enough%20for%20PaaS%20based%20HTTPS%20enabled%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2085678%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20folks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20planning%20to%20deploy%20Web%20app%20in%20Azure%20and%20checking%20as%20what%20is%20the%20latest%20option%20to%20take%20care%20of%20Vulnerability%20besides%20Firewall%20level%20security.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20Application%20gateway%20in%20front%20of%20the%20Web%20Apps%20enough%20or%20do%20I%20need%20to%20factor%20Azure%20Front%20Door%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2093903%22%20slang%3D%22en-US%22%3ERe%3A%20Is%20Application%20Gateway%20enough%20for%20PaaS%20based%20HTTPS%20enabled%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2093903%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F180469%22%20target%3D%22_blank%22%3E%40Admin%20O365%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%26nbsp%3B%20it%20depend%20of%20your%20routing%20and%20availability%20requirement%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20your%20application%20don't%20need%20to%20be%20deployed%20cross%20region%20you%20can%20go%20with%20application%20gateway%20%2Bwaf%20which%20provide%20protection%20against%20Top%2010%20Owasp%20vulnerabilities%20.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20documentation%20it%20is%20mentionned%20%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWhile%20both%20Front%20Door%20and%20Application%20Gateway%20are%20layer%207%20(HTTP%2FHTTPS)%20load%20balancers%2C%20the%20primary%20difference%20is%20that%20Front%20Door%20is%20a%20global%20service%20whereas%20Application%20Gateway%20is%20a%20regional%20service.%20While%20Front%20Door%20can%20load%20balance%20between%20your%20different%20scale%20units%2Fclusters%2Fstamp%20units%20across%20regions%2C%20Application%20Gateway%20allows%20you%20to%20load%20balance%20between%20your%20VMs%2Fcontainers%20etc.%20that%20is%20within%20the%20scale%20unit.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapplication-gateway%2Fapplication-gateway-faq%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EFrequently%20asked%20questions%20about%20Azure%20Application%20Gateway%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Ffrontdoor%2Ffront-door-faq%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Front%20Door%20-%20Frequently%20Asked%20Questions%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2109859%22%20slang%3D%22en-US%22%3ERe%3A%20Is%20Application%20Gateway%20enough%20for%20PaaS%20based%20HTTPS%20enabled%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2109859%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F540591%22%20target%3D%22_blank%22%3E%40ibrahimambodji%3C%2FA%3E%26nbsp%3Bthanks%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Hello folks,

 

We are planning to deploy Web app in Azure and checking as what is the latest option to take care of Vulnerability besides Firewall level security.

 

Is Application gateway in front of the Web Apps enough or do I need to factor Azure Front Door?

 

3 Replies
best response confirmed by Admin O365 (Frequent Contributor)
Solution

@Admin O365 

 

Hi  it depend of your routing and availability requirement 

If your application don't need to be deployed cross region you can go with application gateway +waf which provide protection against Top 10 Owasp vulnerabilities .

 

In the documentation it is mentionned : 

While both Front Door and Application Gateway are layer 7 (HTTP/HTTPS) load balancers, the primary difference is that Front Door is a global service whereas Application Gateway is a regional service. While Front Door can load balance between your different scale units/clusters/stamp units across regions, Application Gateway allows you to load balance between your VMs/containers etc. that is within the scale unit.

Frequently asked questions about Azure Application Gateway | Microsoft Docs

Azure Front Door - Frequently Asked Questions | Microsoft Docs

@Sumit Sancheti 

 

Do you need more help on this ? If not can you mark it as answer please ?