Deploy and configure an Azure Software Gateway for load balancing and web site safety.

Azure Software Gateway offers layer 7 load balancing with built-in Net Software Firewall (WAF) capabilities, enabling site visitors distribution throughout backend servers whereas defending towards frequent net exploits like SQL injection and DDoS assaults. This information walks by means of deploying an Software Gateway to front-end two Home windows Server IIS situations in an availability set.

Community Infrastructure Configuration

Step one you could take is to organize your Azure community infrastructure for Azure Software Gateway deployment. You are able to do this by performing the next steps:

Create Software Gateway Subnet

1. Navigate to Digital Networks and choose your IIS VNet
2. Choose Subnets > Add Subnet
3. Configure the subnet:

• Title: app-GW-subnet
• Beginning deal with: 10.0.1.0 (or subsequent accessible subnet vary)
• Go away different settings at defaults (no non-public endpoint insurance policies or subnet delegation required)app-gateway-iis-vms-narrated-itopstalk.txt​

Configure NSG Guidelines for Backend Site visitors

1. Choose the primary IIS VM’s Community Safety Group
2. Create an inbound rule:

• Supply: Software Gateway subnet (10.0.1.0/24)
• Service: HTTP
• Present precedence and descriptive identify

Software Gateway Deployment

As soon as the Azure community infrastructure is ready, you may then deploy the applying gateway and configure community site visitors safety insurance policies.

Primary Configuration

1. Seek for Software Gateways within the Azure Portal
2. Click on Create > Software Gateway
3. Configure fundamental settings:

• Useful resource Group: Identical as IIS VMs
• Title: (e.g., ZAVA-app-GW2)
• Area: Identical as IIS VMs
• Tier: Customary V2
• IP Tackle Kind: IPv4 solely

Backend Pool Configuration

1. On the Backends web page, choose Add a backend pool
2. Present a pool identify
3. Add each IIS VM non-public IP addresses to the pool.

Routing Rule Configuration

1. On the Configuration web page, choose Add a routing rule
2. Configure the listener:

• Present a rule identify
• Create a listener with a descriptive identify
• Protocol: HTTP
• Port: 80
• Listener kind: Primary

• Goal kind: Backend pool
• Backend pool: Choose the pool created within the earlier step
• Create new backend settings with port 80
• Configure non-compulsory settings (cookie affinity, connection draining) as wanted

Verification and Testing

1. Navigate to Software Gateways and choose your deployed gateway
2. Copy the Public IP Tackle from the overview web page
3. Entry the general public IP in a browser and refresh a number of instances to watch load balancing between IIS-1 and IIS-2
4. Navigate to Backend Swimming pools to view backend well being standing for troubleshooting.

Net Software Firewall Safety

1. In your Software Gateway, navigate to Net Software Firewall
2. Choose Create an internet utility firewall coverage
3. Present a coverage identify
4. Allow Bot Safety for enhanced safety
5. Save the coverage
6. Evaluation the coverage’s Managed Guidelines to substantiate OWASP Core Rule Set and bot safety guidelines are lively.

The Software Gateway now distributes site visitors throughout your IIS availability set whereas offering enterprise-grade safety safety by means of built-in WAF capabilities.

Discover out extra at: https://be taught.microsoft.com/en-us/azure/application-gateway/overview