Can't connect App Service to Azure Web Application Firewall

3
votes

I have created a web application firewall in Azure with it's own Vnet (called GatewayVnet) and external IP address as described here: https://docs.microsoft.com/en-gb/azure/application-gateway/application-gateway-web-application-firewall-portal I have an existing App Service which I want to connect to the WAF. Eventually I want to make the access private. However when I go to:

App service -> Networking -> VNet integration -> Setup

but I can't use the GatewayVnet I set up as part of the WAF as it says 'This virtual network has no gateway'. What does this mean? What do I need to do so I can connect the WAF to the App Service?

2
azureazure-web-app-firewall

2 Answers

2
votes

Web apps are now supported with Application Gateway. They are added as backend pool members by their FQDN. There are specific settings that must be set on the probes and the rules to use the proper name when connecting to them and for the probes. More information can be found here: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-overview

1
votes

If you are not using ASE and just app service i think application gateway support is not yet there.

Q. What resources are supported today as part of backend pool?

Backend pools can be composed of NICs, virtual machine scale sets, public IPs, internal IPs, and fully qualified domain names (FQDN). Support for Azure Web Apps is not available today. Application Gateway backend pool members are not tied to an availability set. Members of backend pools can be across clusters, data centers, or outside of Azure as long as they have IP connectivity.

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq