Deploy and configure an Azure Utility Gateway for load balancing and web site safety.

Azure Utility Gateway gives layer 7 load balancing with built-in Net Utility Firewall (WAF) capabilities, enabling site visitors distribution throughout backend servers whereas defending in opposition to frequent internet exploits like SQL injection and DDoS assaults. This information walks by deploying an Utility Gateway to front-end two Home windows Server IIS situations in an availability set.

Community Infrastructure Configuration

Step one it’s worthwhile to take is to organize your Azure community infrastructure for Azure Utility Gateway deployment. You are able to do this by performing the next steps:

Create Utility Gateway Subnet

1. Navigate to Digital Networks and choose your IIS VNet
2. Choose Subnets > Add Subnet
3. Configure the subnet:

• Identify: app-GW-subnet
• Beginning deal with: 10.0.1.0 (or subsequent accessible subnet vary)
• Go away different settings at defaults (no personal endpoint insurance policies or subnet delegation required)app-gateway-iis-vms-narrated-itopstalk.txt​

Configure NSG Guidelines for Backend Visitors

1. Choose the primary IIS VM’s Community Safety Group
2. Create an inbound rule:

• Supply: Utility Gateway subnet (10.0.1.0/24)
• Service: HTTP
• Present precedence and descriptive title

Utility Gateway Deployment

As soon as the Azure community infrastructure is ready, you may then deploy the appliance gateway and configure community site visitors safety insurance policies.

Primary Configuration

1. Seek for Utility Gateways within the Azure Portal
2. Click on Create > Utility Gateway
3. Configure fundamental settings:

• Useful resource Group: Identical as IIS VMs
• Identify: (e.g., ZAVA-app-GW2)
• Area: Identical as IIS VMs
• Tier: Customary V2
• IP Deal with Sort: IPv4 solely

Backend Pool Configuration

1. On the Backends web page, choose Add a backend pool
2. Present a pool title
3. Add each IIS VM personal IP addresses to the pool.

Routing Rule Configuration

1. On the Configuration web page, choose Add a routing rule
2. Configure the listener:

• Present a rule title
• Create a listener with a descriptive title
• Protocol: HTTP
• Port: 80
• Listener kind: Primary

• Goal kind: Backend pool
• Backend pool: Choose the pool created within the earlier step
• Create new backend settings with port 80
• Configure non-compulsory settings (cookie affinity, connection draining) as wanted

Verification and Testing

1. Navigate to Utility Gateways and choose your deployed gateway
2. Copy the Public IP Deal with from the overview web page
3. Entry the general public IP in a browser and refresh a number of instances to look at load balancing between IIS-1 and IIS-2
4. Navigate to Backend Swimming pools to view backend well being standing for troubleshooting.

Net Utility Firewall Safety

1. In your Utility Gateway, navigate to Net Utility Firewall
2. Choose Create an internet software firewall coverage
3. Present a coverage title
4. Allow Bot Safety for enhanced safety
5. Save the coverage
6. Evaluation the coverage’s Managed Guidelines to substantiate OWASP Core Rule Set and bot safety guidelines are energetic.

The Utility Gateway now distributes site visitors throughout your IIS availability set whereas offering enterprise-grade safety safety by built-in WAF capabilities.

Discover out extra at: https://be taught.microsoft.com/en-us/azure/application-gateway/overview