Skip to main content
Azure Application Gateway is an intelligent, Layer 7 load-balancer and application delivery controller designed to be the entry point for your web applications. It inspects HTTP/HTTPS traffic and makes routing decisions based on application-layer attributes (host, path, headers), not just network-level information. This enables advanced scenarios such as SSL termination, cookie-based session affinity, path- or host-based routing, and integration with a Web Application Firewall (WAF). How a request flows through Application Gateway:
  • Client request hits the Application Gateway front-end IP.
  • A configured HTTP/HTTPS listener accepts the request and inspects Layer 7 attributes.
  • Routing rules evaluate the request and forward it to the appropriate backend pool using configured HTTP settings.
  • Backend pools consist of Azure VMs, VM scale sets, App Services, or on-premises endpoints; health probes monitor them and the gateway keeps traffic directed to healthy targets.
Key runtime behaviors:
  • Front-end listeners accept incoming HTTP/HTTPS requests.
  • Rules (path- or host-based) map listeners to backend pools.
  • HTTP settings control protocol, ports, timeouts, session affinity, and client/backend certificate handling.
  • WAF integration protects applications from common web attacks when required.
The image illustrates application gateway routing, showing path-based routing and multiple-site routing with an application gateway directing traffic to various server pools.
Path-based and host-based routing examples:
  • Path-based routing: Route requests for specific URL paths to distinct backend pools. Example: /images → image servers, /video → video-optimized pool. This lets you scale and tune resources per content type.
  • Multi-site (host-based) routing: Host multiple domains behind a single Application Gateway. The gateway inspects the Host header and routes traffic to separate backend infrastructures (for example, example.com and api.example.com on the same public IP).
These application-aware capabilities are far more flexible than network-only or DNS-based routing, and they simplify management of complex web architectures.

Choosing a SKU

Selecting the correct SKU matters for performance, autoscaling, SLA, and available features (WAF, autoscale, etc.). The most common SKUs are Basic (for simple or dev/test workloads) and Standard_v2 (recommended for production).
The image is a comparison chart for choosing an Azure App Gateway SKU, showing the features and service level agreements for "Basic (Preview)" and "Standard_v2" options with notes on migration and upgrading.
High-level SKU comparison:
Standard_v1 is deprecated. If you run Standard_v1, plan migration to Standard_v2. See the official migration guide: https://learn.microsoft.com/en-us/azure/application-gateway/migrate-v1-to-v2
If you need a managed WAF, choose WAF_v2. For third-party firewall appliances (Palo Alto, FortiGate, etc.), use Standard_v2 and place the firewall appropriately in your network architecture.

Core configuration concepts

Deploying Application Gateway requires planning the following building blocks so your gateway meets access, security, and performance requirements.
The image is a diagram showing the configuration planning process for an application gateway, illustrating how users connect through an application gateway to a backend pool consisting of virtual machines and app services, with a web application firewall managing HTTP/HTTPS settings and rules.
Configuration planning essentials: Sample Azure CLI snippets for common tasks Create a public IP for Application Gateway:
Create an Application Gateway (Standard_v2 example):
Add a basic HTTPS listener and routing rule (high-level example):
Note: Use the Azure CLI az network application-gateway subcommands to script advanced configuration including path-based rules, host-based routing, WAF policy attachment, and custom health probes. For detailed reference, see the Azure Application Gateway docs: https://learn.microsoft.com/azure/application-gateway/
This lesson includes deeper configuration guidance for listeners, routing rules, HTTP settings, health probes, and WAF policies with examples and best practices for production deployments.

Watch Video