![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 85%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMN%3C/text%3E%3C/svg%3E)
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
683 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are trying to configure Application Gateway before Firewall set up.
To address your queries,
#1. Does placing the application GW in front of the Azure firewall cause the layer 7 load balancing feature to be lost?
- The Load Balancing will happen without any issues.
- From App Gateway perspective, the backends are still the VMs
- You are using the UDR to force the traffic to route via AzFW before the backend VMs.
#2. If the non-HTTPS traffic hits app GW and is then forwarded to Azure FW then it is forwarded back to app GW to keep l7 load balancing capabilities, does that add latency that Azure FW can't handle?
- I doubt you will be able to achieve such an architecture design.
- Moreover, in this scenario, non-HTTPS/HTTP traffic would not hit the App Gateway to begin with, see : Summarized Table
-
Please review the workflow,
- In step 2,
-
Please let us know if we can be of any further assistance here.
Thanks,
Kapil
Please Accept an answer if correct.
Original posters help the community find answers faster by identifying the correct answer.