---
title: "Configuring Azure Application Gateway"
slug: "configuring-azure-application-gateway"
updated: 2024-12-19T15:00:32Z
published: 2024-12-19T15:00:32Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://documentation.decisions.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuring Azure Application Gateway

## Overview

The Azure Application Gateway (AAG) combines WAF and Layer 7 Load-Balancing technology within the Microsoft Azure technology stack. The AAG contains many features for implementing a secure load-balancing technology, including WAF implementation. There are several configurations that need to be made. The configurations are not specific to AAG but to cookie-based session affinity. This document will discuss the necessary Virtual Machine configuration that will be hosting Decisions and how Clustering relates to the setup within an AAG environment.

When being used alongside Decisions, the AAG’s primary function is to handle incoming requests and route them to the appropriate cluster node, while maintaining cookie-based session affinity. The AAG is also capable of terminating SSL, which is then offloaded to the **Backend Pool** VMs. This offload can be in the form of HTTP or HTTPS - generally, to increase performance, HTTP traffic is maintained between the AAG and Backend Pool. As clients will never view any traffic outside of the AAG - securing HTTP traffic **internally** between the AAG comes in the form of **Network Security Groups** that maintain network traffic access controls.

It is important to note that the AAG offers better session affinity that is not available via the Azure Load Balancer configurations; specifically, **Cookie Based Session Affinity**. The Azure Load Balancer can only support IP Hash configurations, which are easy to utilize and a common load balancing session affinity, but may not provide the desired results for certain application use cases.

The following article demonstrates configuring Azure Application Gateway as a load balancer for the [Decisions cluster](/v9/docs/setting-a-cluster-server) environment.

## Prerequisites

An Azure account with an active subscription is required.

## Create an application gateway

1. Log in to the Azure Portal
2. Search for **Application gateways** in the search bar
3. From the search results, open the Application gateways. The **Load Balancing | Application Gateway** dashboard opens
4. Click on **Create** to create a new application gateway

---

## Basics

1. Choose the **Subscription**
2. Set the **Resource Group**
3. Give an Application gateway name
4. Select the desired **Region**
5. Set the Tier to **Standard V2**
6. Set the Minimum instance count to **0**
7. Set the Maximum instance count to **10**
8. Enable **HTTP2**
9. Choose a Virtual network or Create a new one
10. Choose a subnet or create a new one
11. Click Next

![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-PWAVLALC.png)

---

## Configure Frontends

1. Select a **Public IP address**name or give a new one
2. Click **Next**

![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-ES8MHBJZ.png)

---

## Configure Backends

This allows the users to configure the type of servers and their target IP/Name hosted in a clustered environment.

1. Click on **Add a backend pool**
2. Set the **Target Type** and **target** address of the backend servers in the cluster
3. Click **Next**

![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-JDM3K781.png)

---

## Rule Configuration

### Configure HTTPS routing rule

1. Click on **Add a routing rule**
2. Set the **Rule name**to **HTTPS**

**Adding SSL at the Listener:**

1. Set the Listener name as **HTTPS**
2. Set the Protocol to **HTTPS**
3. Set the Port to **443**
4. Upload a .pfx certificate file and add the cert password if required.

![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-W9JI1978.png)

**Configure Backend targets of the Listener:**

1. Click on the **Backend targets** tab located next to Listener
2. Choose the Already created backend target
3. For the **Backend Settings**, Click on Add new

![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-MZJ96RLI.png)
4. Set a **Backend settings name**
5. Set the Backend Protocol to **HTTPS**
6. Set the Backend Port to **443**
7. Set “Backend servers’s certificate is issued by a well-known CA” to **Yes**
8. Enable the **Cookie-based affinity**
9. Enable **Connection draining**
10. Set the Drain timeout to **60** seconds
11. Set the Request timeout to **600** seconds
12. Enable **Override with new host name**
13. Give the portal base URL of the server in the **Host Name**

![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-OBTVL67Z.png)

### Configure HTTP to HTTPS Redirection rule

**Configuring Listener:**

1. Click on **Add a routing rule**
2. Set a **Rule name**to **HTTP**
3. Set Listenre name as **HTTP**
4. Set the Protocol to **HTTP**
5. Set the Port to **80**

![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-SQPSTRQK.png)

**Configuring Backend targets:**

1. Click on the **Backend targets** tab located next to Listener
2. Change the Target Type to **Redirection**
3. Set the Target listener to **HTTPS**
4. Select Next: Tags and then Next: **Review + Create**.

![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-D1XKHKY9.png)

---

## Adding Health Probes

Load balancers monitor the status of application servers with a health probe. The health probe adds or removes servers/VMs from the load balancer based on their response to health checks.

If a server were to fail its [health check](https://documentation.decisions.com/v9/docs/app-server-health-monitor-healthcheck), the load balancer then redirects traffic away from that server until it passes the next health check.

1. Open the newly created AAG (Azure Application Gateway)
2. From the left panel, click on **Health Probes**
3. Give a **Name**
4. Set the protocol to **HTTPS**
5. Set the “Pick host name from backend settings” to **No** and enter the **Host** Name
6. Set the “Pick port from backend settings” to **Yes**
7. Set the path to `/home/healthcheck`
8. Set the Interval to **30** seconds
9. Set the Timeout to **30** seconds
10. Set the Unhealthy threshold to **3** seconds.
11. Set “Use probe matching conditions to **Yes**
12. Select the already created Backend settings

![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-CNK5JFA7.png)

Once the health probe is added, it will test the health of the servers, and it should be a green check for all the backend servers, denoting that the servers are healthy.

![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-SM5NBZCZ.png)

---

## Test the Application Gateway

As the SSL is added at the front end of the LB, users should be able to hit the configured Fully Qualified Domain Address of the server. e.g., `https://cluster.decisions.com`.