Skip to main content
Jorge Bernhardt Jorge Bernhardt
  1. Posts/

How to deploy an Azure Application Gateway

·941 words·5 mins· 100 views · 5 likes ·
Add-AzVirtualNetworkSubnetConfig Azure PowerShell Connect-AzAccount Get-AzApplicationGateway

Hi, today I want to talk to you about Azure Application Gateway. This Azure resource is a web traffic load balancer that redirects traffic (HTTP or HTTPS) to specific resources in a back-end group. These resources can be NICs, virtual machine scale sets, public and internal IP addresses, fully qualified domain names (FQDN), and Azure App Service. In this post, I will show you how to deploy an Azure Application Gateway using Azure PowerShell. Once explained the characteristics of the Azure Application Gateway we can begin this tutorial.


  • You created a Resource Group for these resources and the new ones deployed in this tutorial will join that group. If you want to know how to create a Resource Group, check out this link.
  • You already created the necessary Virtual Network and subnet. If you want to know how to create a Virtual Network, check out this link.
Azure PowerShell Workaround>

Azure PowerShell Workaround #

If you want to know how to install the PowerShell Azure module on your machine, check out this link. The simplest way to get started is to sign in interactively at the command line.


This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Select-AzSubscription -Subscription "My Subscription"

Once you set your default subscription, you’re ready to start.

Set the variables>

Set the variables #

Here, we define the characteristics of our environment and the resource’s properties.

#Define the parameters for the Azure resources.

$location = "northeurope"
$resourceGroupName = "RG-DEMO-NE"

#Define the existing VNet information.

$networkName = "DEMO-VNET"
Create a dedicated subnet for the App Gateway>

Create a dedicated subnet for the App Gateway #

First, you should create a new subnet for the App Gateway instances, this subnet is only to be used by the App Gateway. Use the Add-AzVirtualNetworkSubnetConfig cmdlet with the following syntax.

$vNET = Get-AzVirtualNetwork `
    -Name $networkName `
    -ResourceGroupName $resourceGroupName

Add-AzVirtualNetworkSubnetConfig `
    -Name AppGw-Subnet `
    -AddressPrefix "" `
    -VirtualNetwork $vNET

Set-AzVirtualNetwork -VirtualNetwork $vNET
Create a public IP address>

Create a public IP address #

Then you will need a public IP. To create a public IP address, you should use the New-AzPublicIpAddress cmdlet with the following syntax

$publicIP = New-AzPublicIpAddress `
    -Name PIP-AG-NE `
    -ResourceGroupName $resourceGroupName `
    -AllocationMethod Dynamic `
    -Location $location `
    -Sku Basic

$publicIP | Select-Object Name, IpAddress, ProvisioningState


Create the settings for the application gateway>

Create the settings for the application gateway #

In this section, you will create the resources and configure the previous settings. As you can see, each of the following commands loads the configurations into variables that will finally be used in the creation of the Application Gateway.

\## Private IP and subnet configuration.

$vNET = Get-AzVirtualNetwork `
    -Name $networkName `
    -ResourceGroupName $resourceGroupName

$appGwSubnet = Get-AzVirtualNetworkSubnetConfig `
    -Name AppGw-Subnet `
    -VirtualNetwork $vNet

$appGwIpConfig = New-AzApplicationGatewayIPConfiguration `
    -Name "AppGwIP" `
    -Subnet $appGwSubnet

## Create the backend group and set the configuration.

$appGwBKPool = New-AzApplicationGatewayBackendAddressPool `
    -Name "AppGwBKpool"

$appGwBKPoolSettings = New-AzApplicationGatewayBackendHttpSetting `
    -Name "AppGwpoolSettings" `
    -Port 80 `
    -Protocol Http `
    -CookieBasedAffinity Disabled `
    -RequestTimeout 30

## Public IP and frontend port configuration.

$appGwFESettings = New-AzApplicationGatewayFrontendPort `
    -Name "AppGwFeSettings" `
    -Port 80

$appGwFEIpConfig = New-AzApplicationGatewayFrontendIPConfig `
    -Name "AppGwFEPIP" `
    -PublicIPAddress $publicIP

## Create the listener and add a routing rule to the backend servers.

$appGwListener = New-AzApplicationGatewayHttpListener `
    -Name "AppGwListener" `
    -Protocol Http `
    -FrontendIPConfiguration $appGwFEIpConfig `
    -FrontendPort $appGwFESettings

$appGwRule = New-AzApplicationGatewayRequestRoutingRule `
    -Name "AppGwRule" `
    -RuleType Basic `
    -BackendHttpSettings $appGwBKPoolSettings `
    -HttpListener $appGwListener `
    -BackendAddressPool $appGwBKPool
Azure Application Gateway

Azure Application Gateway

Deploy the Azure Application Gateway>

Deploy the Azure Application Gateway #

You will first need to set the SKU for the application gateway. Use the New-AzApplicationGatewaySku cmdlet with the following syntax. With this command, you set the size, the number of instances, and whether WAF is used.

$sku = New-AzApplicationGatewaySku `
    -Name WAF_Medium `
    -Tier WAF `
    -Capacity 2

Values accepted in the parameters: -__Name: Standard_Small, Standard_Medium, Standard_Large, WAF_Medium, WAF_Large, Standard_v2, WAF_v2. -Tier: Standard, WAF, Standard_v2, WAF_v2. -Capacity: Set the number of instances of an application gateway and finally, you can create an Azure Application Gateway using the New-AzApplicationGateway cmdlet with the following syntax.

New-AzApplicationGateway `
    -Name "AG-DEMO-NE" `
    -ResourceGroupName $resourceGroupName `
    -Location $location `
    -BackendAddressPools $appGWBKPool `
    -BackendHttpSettingsCollection $appGwBKPoolSettings `
    -FrontendIPConfigurations $appGwFEIpConfig `
    -GatewayIPConfigurations $appGwIpConfig `
    -FrontendPorts $appGwFESettings `
    -HttpListeners $appGwListener `
    -RequestRoutingRules $appGwRule `
    -Sku $sku

Note that the deployment of this resource will take approximately 20 minutes to complete. Once finished, we can continue with the remaining steps.

Enable the Web application firewall>

Enable the Web application firewall #

Once the Application Gateway has been created, you can enable the Web Application Firewall (WAF). To do this,  you should use the Set-AzApplicationGatewayWebApplicationFirewallConfiguration cmdlet with the following syntax. This process will take approximately 20 minutes to complete.

$appGw = Get-AzApplicationGateway `
    -Name "AG-DEMO-NE" `
    -ResourceGroupName $resourceGroupName

Set-AzApplicationGatewayWebApplicationFirewallConfiguration `
    -ApplicationGateway $appGw `
    -Enabled $true `
    -FirewallMode Detection `
    -RuleSetType OWASP `
    -RuleSetVersion "3.0"

Set-AzApplicationGateway `
    -ApplicationGateway $appGw

Values accepted in the parameters: -FirewallMode: Detection, Prevention. -RuleSetType: OWASP



Verify the deployment>

Verify the deployment #

You can use the following command to verify the deployment of the Azure Application Gateway.

Get-AzApplicationGateway `
    -Name "AG-DEMO-NE" `
    -ResourceGroupName $resourceGroupName `
    | Select-Object Name,OperationalState,ProvisioningState

Azure Application Gateway
Now you can add your resources to the backend and use your Azure Application Gateway.

Thanks for reading my post. I hope you find it useful.

If you want to know more about Azure Virtual Network NAT, check out this link.