Shulou(Shulou.com)06/03 Report--

Introduction to Azure firewall

Azure firewall is the Azure firewall, a hosted cloud-based network security service that protects Azure virtual network resources. It is a fully stateful firewall in the form of services with built-in high availability and unlimited cloud scalability. You can create, implement, and document application and network connection policies across subscriptions and virtual networks. Azure firewalls use static public IP addresses for virtual network resources to enable external firewalls to identify traffic from your virtual network. This service is fully integrated with Azure Monitor for logging and analysis.

Introduction to Application Gateway

Application Gateway, which provides a load balancer for OSI Layer 7. Application Gateway is similar to a reverse proxy service, sending client requests to the back-end server.

Features of Application Gateway:

1.Web Application Firewall (Preview)

Web Application Firewall (WAF), which protects Web applications from face-to-face Web attacks such as SQL injection, cross-site scripting attacks and session hijacking

2.HTTP load balancing

Provide 7-layer load balancing

3. Session persistence based on Cookie

This feature is very useful when we want to keep the user session on the same Azure back-end server

4.Secure Socket Layer (SSL) Offload

If we do not use SSL Offload,SSL encryption / decryption is the most server-intensive application, we are likely to find a significant decline in server performance and processing power after deployment from HTTP to HTTPS.

When we use SSL Offload, the traffic of Internet users accessing Azure Application Gateway is HTTPS encrypted.

5. End-to-end SSL encryption

6. URL-based routing

7. Multi-site routing

8. Support for Websocket

9. Health detection

10. Support for advanced diagnostic featur

The overall architecture is Internet- > Azure WAF- > Azure Firewall- > WEB

First, let's build a waf of Azure and configure the rules. We only have a simple http listener.

In the case of HTTP, we set the port to 100, which is to distinguish other applications

Note that the backend of this WAF is specified as the public network IP of firewall because the backend pool cannot add firewall directly.

Next, you need to configure the rules of NAT on Azure firewall. Note that the reason why we configure the port here is that the front-end Azure WAF will transfer the received requests to port 100. therefore, in FW, we need to do NAT for port 100, but after NAT, we still go to port 80 of the web server, so this process is transparent to the application, and there is no need to modify the configuration of the application.

Next, you can see in app gw that the status of the backend pool is healthy

At the same time, when we visit, we can also see that we can really see the correct results.

The advantage of this architecture is that it can take advantage of both the functions of Azure WAF and firewall to protect security at different levels.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.