application gateway compare service basic tire & standard tire and WAF - Microsoft Q&A (2024)

FAQs

What is the difference between WAF and Application Gateway? ›

WAF is an additional setting for the application gateway. It's used to increase the security of applications behind the application gateway, and it also provides centralized protection.

Azure Application Gateway has two pricing options: Basic and Standard. Basic offers basic load balancing, SSL termination, and cookie-based session affinity. Standard includes all the features of Basic, along with URL-based routing, multi-site hosting, and autoscaling.

Understanding Web Application and Network-level Firewalls

A WAF protects web applications by targeting Hypertext Transfer Protocol (HTTP) traffic. This differs from a standard firewall, which provides a barrier between external and internal network traffic.

Answer: Azure Load Balancer operates at the network transport layer (Layer 4), focusing on distributing TCP and UDP traffic efficiently. In contrast, Application Gateway operates at the application layer (Layer 7), providing more advanced routing, load balancing, and security features for web applications.

WAFs are crucial to any. By integrating API gateways and WAFs, the gateway efficiently handles traffic, while the WAF focuses on securing against potential threats, creating a comprehensive solution for API management and security.

App Gateway Advantages and Benefits

Key benefits and advantages include: Superior user experiences – with an app gateway, users seamlessly access all their applications and services, from any location or device, using a single set of logon credentials.

Front Door is a global service that can distribute requests across regions, while Application Gateway is a regional service that can balance requests within a region.

Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port. Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers.

Application Gateway v2 is the latest version of Application Gateway. It provides advantages over Application Gateway v1 such as performance enhancements, autoscaling, zone redundancy, and static VIPs. Deprecation of Application Gateway V1 was announced on April 28, 2023.

There are three primary types of WAFs: a cloud-based WAF, software-based WAF, and hardware-based WAF. Each type of WAF has its own advantages and disadvantages. Lastly, WAFs are increasingly part of a larger application security strategy: web application and API protection (WAAP).

What is the difference between a secure web gateway and a WAF? ›

Secure web gateways (SWGs) primarily work at the application level. They protect against advanced internet-based attacks and detecting malicious intent by inspecting actual traffic. WAFs also inspect traffic, but at the packet level, using deep packet inspection rules to identify safe applications.

WAF security detects and filters out threats which could degrade, compromise, or expose online applications to denial-of-service (DoS) attacks. WAF security examines HTTP traffic before it reaches the application server. They also protect against unauthorized transfer of data from the server.

Standard: Standard tier load balancer is generally available and offers higher-scale and new features. It is a paid-for feature using a complex set of consumption-based charges and the Basic tier continues to be free.

Azure Load Balancer has 3 SKUs - Basic, Standard, and Gateway. Each SKU is catered towards a specific scenario and has differences in scale, features, and pricing. To compare and understand the differences between Basic and Standard SKU, see the following table.

API gateways handle the "what" (routing, security, transformation) of your API traffic, while load balancers handle the "how" (distribution, scalability, fault tolerance). Both tools play crucial roles in modern microservice architectures, and often work hand-in-hand for optimal performance and user experience.

A SWG primarily aims to filter unwanted software and internet traffic to enforce corporate and regulatory policy compliance. In contrast, a WAF focuses on protecting web applications from attacks by filtering and monitoring HTTP traffic.

Pricing Model: AWS WAF follows a pay-as-you-go pricing model, where customers are charged based on their actual usage of the service. Cisco WSA, on the other hand, typically follows a traditional upfront licensing model, where customers need to purchase licenses based on their estimated capacity requirements.

While a proxy server protects a client machine's identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF operates through a set of rules often called policies.