Quickstart: Direct web traffic using the portal - Azure Application Gateway (2024)

  • Article

In this quickstart, you use the Azure portal to create an Azure Application Gateway and test it to make sure it works correctly. You assign listeners to ports, create rules, and add resources to a backend pool. For the sake of simplicity, a simple setup is used with a public frontend IP address, a basic listener to host a single site on the application gateway, a basic request routing rule, and two virtual machines (VMs) in the backend pool.

Quickstart: Direct web traffic using the portal - Azure Application Gateway (1)

For more information about the components of an application gateway, see Application gateway components.

You can also complete this quickstart using Azure PowerShell or Azure CLI.


An Azure account with an active subscription is required. If you don't already have an account, you can create an account for free.

Sign in to the Azure portal with your Azure account.

Create an application gateway

Create the application gateway using the tabs on the Create application gateway page.

  1. On the Azure portal menu or from the Home page, select Create a resource.
  2. Under Categories, select Networking and then select Application Gateway in the Popular Azure services list.

Basics tab

  1. On the Basics tab, enter these values for the following application gateway settings:

    • Resource group: Select myResourceGroupAG for the resource group. If it doesn't exist, select Create new to create it.

    • Application gateway name: Enter myAppGateway for the name of the application gateway.

    • Use the default selections for other settings.

      Quickstart: Direct web traffic using the portal - Azure Application Gateway (2)

  2. For Azure to communicate between the resources that you create, a virtual network is needed. You can either create a new virtual network or use an existing one. In this example, you'll create a new virtual network at the same time that you create the application gateway. Application Gateway instances are created in separate subnets. You create two subnets in this example: One for the application gateway, and another for the backend servers.


    Virtual network service endpoint policies are currently not supported in an Application Gateway subnet.

    Under Configure virtual network, create a new virtual network by selecting Create new. In the Create virtual network window that opens, enter the following values to create the virtual network and two subnets:

    • Name: Enter myVNet for the name of the virtual network.

    • Subnet name (Application Gateway subnet): The Subnets list shows a subnet named default. Change the name of this subnet to myAGSubnet.
      The application gateway subnet can contain only application gateways. No other resources are allowed. The default IP address range provided is

      Quickstart: Direct web traffic using the portal - Azure Application Gateway (3)

    Select OK to close the Create virtual network window and save the virtual network settings.

  3. Select Next: Frontends.

Frontends tab

  1. On the Frontends tab, verify Frontend IP address type is set to Public.
    You can configure the Frontend IP to be Public or Private as per your use case. In this example, you'll choose a Public Frontend IP.


    For the Application Gateway v2 SKU, there must be a Public frontend IP configuration. You can still have both a Public and a Private frontend IP configuration, but Private only frontend IP configuration (Only ILB mode) is currently not enabled for the v2 SKU.

  2. Select Add new for the Public IP address and enter myAGPublicIPAddress for the public IP address name, and then select OK.

    Quickstart: Direct web traffic using the portal - Azure Application Gateway (4)


Application Gateway frontend now supports dual-stack IP addresses (Public Preview). You can now create up to four frontend IP addresses: Two IPv4 addresses (public and private) and two IPv6 addresses (public and private).

  1. Select Next: Backends.

Backends tab

The backend pool is used to route requests to the backend servers that serve the request. Backend pools can be composed of NICs, Virtual Machine Scale Sets, public IP addresses, internal IP addresses, fully qualified domain names (FQDN), and multitenant backends like Azure App Service. In this example, you'll create an empty backend pool with your application gateway and then add backend targets to the backend pool.

  1. On the Backends tab, select Add a backend pool.

  2. In the Add a backend pool window that opens, enter the following values to create an empty backend pool:

    • Name: Enter myBackendPool for the name of the backend pool.
    • Add backend pool without targets: Select Yes to create a backend pool with no targets. You'll add backend targets after creating the application gateway.
  3. In the Add a backend pool window, select Add to save the backend pool configuration and return to the Backends tab.

    Quickstart: Direct web traffic using the portal - Azure Application Gateway (5)

  4. On the Backends tab, select Next: Configuration.

Configuration tab

On the Configuration tab, you'll connect the frontend and backend pool you created using a routing rule.

  1. Select Add a routing rule in the Routing rules column.

  2. In the Add a routing rule window that opens, enter the following values for Rule name and Priority:

    • Rule name: Enter myRoutingRule for the name of the rule.
    • Priority: The priority value should be between 1 and 20000 (where 1 represents highest priority and 20000 represents lowest) - for the purposes of this quickstart, enter 100 for the priority.
  3. A routing rule requires a listener. On the Listener tab within the Add a routing rule window, enter the following values for the listener:

    • Listener name: Enter myListener for the name of the listener.

    • Frontend IP: Select Public to choose the public IP you created for the frontend.

      Accept the default values for the other settings on the Listener tab, then select the Backend targets tab to configure the rest of the routing rule.

    Quickstart: Direct web traffic using the portal - Azure Application Gateway (6)

  4. On the Backend targets tab, select myBackendPool for the Backend target.

  5. For the Backend setting, select Add new to add a new Backend setting. The Backend setting determines the behavior of the routing rule. In the Add Backend setting window that opens, enter myBackendSetting for the Backend settings name and 80 for the Backend port. Accept the default values for the other settings in the Add Backend setting window, then select Add to return to the Add a routing rule window.

    Quickstart: Direct web traffic using the portal - Azure Application Gateway (7)

  6. On the Add a routing rule window, select Add to save the routing rule and return to the Configuration tab.

    Quickstart: Direct web traffic using the portal - Azure Application Gateway (8)

  7. Select Next: Tags and then Next: Review + create.

Review + create tab

Review the settings on the Review + create tab, and then select Create to create the virtual network, the public IP address, and the application gateway. It can take several minutes for Azure to create the application gateway. Wait until the deployment finishes successfully before moving on to the next section.

Quickstart: Direct web traffic using the portal - Azure Application Gateway (9)

Add backend targets

In this example, you'll use virtual machines as the target backend. You can either use existing virtual machines or create new ones. You'll create two virtual machines as backend servers for the application gateway.

To do this, you'll:

  1. Add a backend subnet.
  2. Create two new VMs, myVM and myVM2, to be used as backend servers.
  3. Install IIS on the virtual machines to verify that the application gateway was created successfully.
  4. Add the backend servers to the backend pool.

Add a backend subnet

The subnet myAGSubnet can only contain the application gateway, so we need another subnet to add backend targets.

To create a backend subnet:

  1. Select the myVNet resource. You can select it under Deployment details after deployment of the application gateway is complete, or you can search for Virtual networks and select it from the list.

  2. Under Settings, select Subnets and then select + Subnet to begin adding a new subnet.

    • Name: Enter myBackendSubnet.
    • Subnet address range: Enter an address range that doesn't overlap with the address range of myAGSubnet. For example, if the address range of myAGSubnet is, enter for the address range of myBackendSubnet. This address range might be already entered by default.
  3. Use the default settings for other items and then select Save.

Quickstart: Direct web traffic using the portal - Azure Application Gateway (10)

Create a virtual machine

  1. On the Azure portal menu or from the Home page, select Create a resource. The New window appears.

  2. Select Windows Server 2016 Datacenter in the Popular list. The Create a virtual machine page appears.
    Application Gateway can route traffic to any type of virtual machine used in its backend pool. In this example, you use a Windows Server 2016 Datacenter virtual machine.

  3. Enter these values in the Basics tab for the following virtual machine settings:

    • Resource group: Select myResourceGroupAG for the resource group name.
    • Virtual machine name: Enter myVM for the name of the virtual machine.
    • Region: Select the same region where you created the application gateway.
    • Username: Type a name for the administrator user name.
    • Password: Type a password.
    • Public inbound ports: None.
  4. Accept the other defaults and then select Next: Disks.

  5. Accept the Disks tab defaults and then select Next: Networking.

  6. On the Networking tab, verify that myVNet is selected for the Virtual network and the Subnet is set to myBackendSubnet. Accept the other defaults and then select Next: Management.
    Application Gateway can communicate with instances outside of the virtual network that it is in, but you need to ensure there's IP connectivity.

  7. Select Next: Monitoring and set Boot diagnostics to Disable. Accept the other defaults and then select Review + create.

  8. On the Review + create tab, review the settings, correct any validation errors, and then select Create.

  9. Wait for the virtual machine creation to complete before continuing.

Install IIS for testing

In this example, you install IIS on the virtual machines to verify Azure created the application gateway successfully.

  1. Open Azure PowerShell.

    Select Cloud Shell from the top navigation bar of the Azure portal and then select PowerShell from the drop-down list.

    Quickstart: Direct web traffic using the portal - Azure Application Gateway (11)

  2. Run the following command to install IIS on the virtual machine. Change the Location parameter if necessary:

    Set-AzVMExtension ` -ResourceGroupName myResourceGroupAG ` -ExtensionName IIS ` -VMName myVM ` -Publisher Microsoft.Compute ` -ExtensionType CustomScriptExtension ` -TypeHandlerVersion 1.4 ` -SettingString '{"commandToExecute":"powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"}' ` -Location EastUS
  3. Create a second virtual machine and install IIS by using the steps that you previously completed. Use myVM2 for the virtual machine name and for the VMName setting of the Set-AzVMExtension cmdlet.

Add backend servers to backend pool

  1. On the Azure portal menu, select All resources or search for and select All resources. Then select myAppGateway.

  2. Select Backend pools from the left menu.

  3. Select myBackendPool.

  4. Under Backend targets, Target type, select Virtual machine from the drop-down list.

  5. Under Target, select the myVM and myVM2 virtual machines and their associated network interfaces from the drop-down lists.

    Quickstart: Direct web traffic using the portal - Azure Application Gateway (12)

  6. Select Save.

  7. Wait for the deployment to complete before proceeding to the next step.

Test the application gateway

Although IIS isn't required to create the application gateway, you installed it in this quickstart to verify if Azure successfully created the application gateway.

Use IIS to test the application gateway:

  1. Find the public IP address for the application gateway on its Overview page.Quickstart: Direct web traffic using the portal - Azure Application Gateway (13) Or, you can select All resources, enter myAGPublicIPAddress in the search box, and then select it in the search results. Azure displays the public IP address on the Overview page.

  2. Copy the public IP address, and then paste it into the address bar of your browser to browse that IP address.

  3. Check the response. A valid response verifies that the application gateway was successfully created and can successfully connect with the backend.

    Quickstart: Direct web traffic using the portal - Azure Application Gateway (14)

    Refresh the browser multiple times and you should see connections to both myVM and myVM2.

Clean up resources

When you no longer need the resources that you created with the application gateway, delete the resource group. When you delete the resource group, you also remove the application gateway and all the related resources.

To delete the resource group:

  1. On the Azure portal menu, select Resource groups or search for and select Resource groups.
  2. On the Resource groups page, search for myResourceGroupAG in the list, then select it.
  3. On the Resource group page, select Delete resource group.
  4. Enter myResourceGroupAG under TYPE THE RESOURCE GROUP NAME and then select Delete.

Next steps

Tutorial: Configure an application gateway with TLS termination using the Azure portal

Quickstart: Direct web traffic using the portal - Azure Application Gateway (2024)


What criteria does Azure Application Gateway use to route requests to a web server? ›

The users authentication information.
  • Which criteria does Application Gateway use to route requests to a web server?
  • The region in which the servers hosting the web application are located.
  • The hostname, port, and path in the URL of the request.
  • The IP address of the web server that is the target of the request.
Feb 23, 2024

Which gateway provides for the management of traffic to web applications? ›

Azure Application Gateway is a web traffic (OSI layer 7) load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

Can you simultaneously use an Application Gateway for both external and internal traffic? ›

Can I simultaneously use Application Gateway for both external and internal traffic? Yes. Application Gateway supports one internal IP and one external IP per application gateway.

What are the benefits of Azure Application Gateway? ›

Azure Application Gateway helps in SSL termination at the gateway level itself, allowing communication between backend instances. This feature removes the encryption and decryption overhead from the backend server, and that makes the entire process a little faster and also decreases the response time.

Which two are characteristics of an Azure Application Gateway? ›

Application Gateway includes the following features:
  • Secure Sockets Layer (SSL/TLS) termination. ...
  • Autoscaling. ...
  • Zone redundancy. ...
  • Static VIP. ...
  • Web Application Firewall. ...
  • Ingress Controller for AKS. ...
  • URL-based routing. ...
  • Multiple-site hosting.
Mar 24, 2023

What is the difference between Application Gateway and traffic manager in Azure? ›

The Application Gateway includes configurable horizontal autoscaling so that it can react automatically to application demand changes. Azure Traffic Manager is a DNS-based global traffic load balancer that distributes traffic to services across global Azure regions while providing high availability and responsiveness.

What is the Application Gateway responsible for? ›

The application gateway accepts incoming traffic on one or more listeners. A listener is a logical entity that checks for connection requests. It's configured with a frontend IP address, protocol, and port number for connections from clients to the application gateway.

What is gateway traffic? ›

Gateways serve as an entry and exit point for a network as all data must pass through or communicate with the gateway prior to being routed. In most IP-based networks, the only traffic that does not go through at least one gateway is traffic flowing among nodes on the same local area network (LAN) segment.

Which of the following are the types of application gateways? ›

Application Gateway
  • Hypertext.
  • Authentication.
  • Internet of Things.
  • Virtual Private Networks.
  • Proxy Server.
  • Application Proxy.
  • Packet Filtering.
  • Service Discovery.

Can you have two gateways on the same network? ›

> Can a subnet have multiple gateways? Yes, and it's normal for routed networks. However you can can only have one ACTIVE “default gateway” on most machines even though they can set a list. The first one will be used as long as it responds at ALL (to ARP requests) even if it is unable to route the packets correctly.

What are the disadvantages of Application Gateway? ›

Another disadvantage of application gateways is that each protocol, like SMTP or HTTP, requires its own proxy application to function. Most firewall vendors offer companies generic proxy agents to support these undefined assets, but they typically allow traffic to tunnel through the firewall.

Can two devices have the same gateway address? ›

Depending on the subnet mask both ip addresses could use the same gateway in the example you gave (e.g. a /22 or /21 subnet). Also, a PC can also have two gateways but only one should be default.

What is the main advantage of the Azure portal? ›

One of the best advantages of Microsoft Azure Cloud Services comes from the scalability that the platform provides businesses. Traditionally, as companies grew, provisioning new infrastructure would be both a lengthy and a costly process for the organization.

What is the difference between Azure firewall and Application Gateway? ›

Firewall and Application Gateway in parallel

Azure WAF in Azure Application Gateway protects inbound traffic to the web workloads, and the Azure Firewall inspects inbound traffic for the other applications. The Azure Firewall will cover outbound flows from both workload types.

What types of logs does Application Gateway provide? ›

For Application Gateway, three logs are available:
  • Access log.
  • Performance log.
  • Firewall log.
Apr 25, 2024

How does the Azure Application Gateway work? ›

Application Gateway distributes incoming traffic among the servers in the backend pool based on the configured load-balancing rules. These are the actual backend servers or virtual machines where your web applications are hosted. Application Gateway forwards incoming requests to these servers after processing.

Is an Application Gateway a routing technique? ›

Based on the request routing rule, the application gateway determines whether to route all requests on the listener to a specific backend pool, route requests to different backend pools based on the URL path, or redirect requests to another port or external site.

Which protocol works with Azure VPN gateway to propagate route to Azure Virtual networks? ›

An on-premises network gateway can exchange routes with an Azure virtual network gateway using the border gateway protocol (BGP).

What is the Azure Application Gateway Firewall rule? ›

You can configure a WAF policy and associate that policy to one or more application gateways for protection. A WAF policy consists of two types of security rules: Custom rules that you create. Managed rule sets that are a collection of Azure-managed preconfigured set of rules.

Top Articles
One in 200 people in the UK are homeless — Here's how this fund leverages real estate investing to reduce homelessness and provide solid 7.5% yearly returns
12 Monthly Financial Goals to Save Money in 2023
Friskies Tender And Crunchy Recall
Craigslist Cars And Trucks For Sale By Owner Indianapolis
Chelsea player who left on a free is now worth more than Palmer & Caicedo
Dee Dee Blanchard Crime Scene Photos
Klustron 9
Beds From Rent-A-Center
Derpixon Kemono
Clairememory Scam
Hartford Healthcare Employee Tools
Turning the System On or Off
Lesson 8 Skills Practice Solve Two-Step Inequalities Answer Key
Unit 33 Quiz Listening Comprehension
Dallas Cowboys On Sirius Xm Radio
Chastity Brainwash
Persona 4 Golden Taotie Fusion Calculator
Full Standard Operating Guideline Manual | Springfield, MO
Rubber Ducks Akron Score
A Man Called Otto Showtimes Near Cinemark University Mall
Mals Crazy Crab
Craigslist Pasco Kennewick Richland Washington
1636 Pokemon Fire Red U Squirrels Download
Log in to your MyChart account
Select The Best Reagents For The Reaction Below.
Neteller Kasiinod
Sinfuldeed Leaked
Guide to Cost-Benefit Analysis of Investment Projects Economic appraisal tool for Cohesion Policy 2014-2020
Autopsy, Grave Rating, and Corpse Guide in Graveyard Keeper
Baldur's Gate 3 Dislocated Shoulder
Hell's Kitchen Valley Center Photos Menu
Is Arnold Swansinger Married
Tiny Pains When Giving Blood Nyt Crossword
Devotion Showtimes Near The Grand 16 - Pier Park
Letter of Credit: What It Is, Examples, and How One Is Used
Clima De 10 Días Para 60120
Pekin Soccer Tournament
Deezy Jamaican Food
Petfinder Quiz
Espn Top 300 Non Ppr
Oefenpakket & Hoorcolleges Diagnostiek | WorldSupporter
Myapps Tesla Ultipro Sign In
Steam Input Per Game Setting
Santa Ana Immigration Court Webex
Game Akin To Bingo Nyt
Asisn Massage Near Me
Invitation Quinceanera Espanol
Latest Posts
Article information

Author: Jerrold Considine

Last Updated:

Views: 5953

Rating: 4.8 / 5 (58 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Jerrold Considine

Birthday: 1993-11-03

Address: Suite 447 3463 Marybelle Circles, New Marlin, AL 20765

Phone: +5816749283868

Job: Sales Executive

Hobby: Air sports, Sand art, Electronics, LARPing, Baseball, Book restoration, Puzzles

Introduction: My name is Jerrold Considine, I am a combative, cheerful, encouraging, happy, enthusiastic, funny, kind person who loves writing and wants to share my knowledge and understanding with you.