Merge pull request #1 from vhorne/v2-udr

updates to v2 udr content

Author: mscatyao

articles/application-gateway/application-gateway-autoscaling-zone-redundant.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: vhorne
 ms.service: application-gateway
 ms.topic: article
-ms.date: 02/26/2020
+ms.date: 03/24/2020
 ms.author: victorh
 ---
 
@@ -164,7 +164,7 @@ The following table compares the features available with each SKU.
 |--|--|
 |Authentication certificate|Not supported.<br>For more information, see [Overview of end to end SSL with Application Gateway](ssl-overview.md#end-to-end-ssl-with-the-v2-sku).|
 |Mixing Standard_v2 and Standard Application Gateway on the same subnet|Not supported|
-|User-Defined Route (UDR) on Application Gateway subnet|Supported, in preview.<br> For more information on which scenarios are and aren't supported, see [User-defined routes supported on the Application Gateway subnet](https://docs.microsoft.com/azure/application-gateway/configuration-overview#user-defined-routes-supported-on-the-application-gateway-subnet)|
+|User-Defined Route (UDR) on Application Gateway subnet|Supported (specific scenarios). In preview.<br> For more information about supported scenarios, see [Application Gateway configuration overview](configuration-overview.md#user-defined-routes-supported-on-the-application-gateway-subnet).|
 |NSG for Inbound port range| - 65200 to 65535 for Standard_v2 SKU<br>- 65503 to 65534 for Standard SKU.<br>For more information, see the [FAQ](application-gateway-faq.md#are-network-security-groups-supported-on-the-application-gateway-subnet).|
 |Performance logs in Azure diagnostics|Not supported.<br>Azure metrics should be used.|
 |Billing|Billing scheduled to start on July 1, 2019.|

articles/application-gateway/application-gateway-faq.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: vhorne
 ms.service: application-gateway
 ms.topic: article
-ms.date: 03/06/2020
+ms.date: 03/24/2020
 ms.author: victorh
 ---
 
@@ -91,8 +91,9 @@ Yes. In addition to multiple instances of a given Application Gateway deployment
 
 A single subnet can't support both Standard_v2 and Standard Application Gateway together.
 
-### Does Application Gateway v2 support user-defined routes (UDR)? 
-Yes, but only specific scenarios. See [User-defined routes supported on the Application Gateway subnet](https://docs.microsoft.com/azure/application-gateway/configuration-overview#user-defined-routes-supported-on-the-application-gateway-subnet) for more details on which scenarios are and aren't supported. 
+### Does Application Gateway v2 support user-defined routes (UDR)?
+
+Yes, but only specific scenarios. For more information, see [Application Gateway configuration overview](configuration-overview.md#user-defined-routes-supported-on-the-application-gateway-subnet).
 
 ### Does Application Gateway support x-forwarded-for headers?
 
@@ -388,24 +389,24 @@ Yes. If your configuration matches following scenario, you won't see allowed tra
 
 ### How do I use Application Gateway V2 with only private frontend IP address?
 
-Application Gateway V2 currently does not support only private IP mode. It supports the following combinations
+Application Gateway V2 currently doesn't support only private IP mode. It supports the following combinations
 * Private IP and Public IP
 * Public IP only
 
 But if you'd like to use Application Gateway V2 with only private IP, you can follow the process below:
 1. Create an Application Gateway with both public and private frontend IP address
-2. Do not create any listeners for the public frontend IP address. Application Gateway will not listen to any traffic on the public IP address if no listeners are created for it.
+2. Don't create any listeners for the public frontend IP address. Application Gateway will not listen to any traffic on the public IP address if no listeners are created for it.
 3. Create and attach a [Network Security Group](https://docs.microsoft.com/azure/virtual-network/security-overview) for the Application Gateway subnet with the following configuration in the order of priority:
 
     a. Allow traffic from Source as **GatewayManager** service tag and Destination as **Any** and Destination port as **65200-65535**. This port range is required for Azure infrastructure communication. These ports are protected (locked down) by certificate authentication. External entities, including the Gateway user administrators, can't initiate changes on those endpoints without appropriate certificates in place
 
-    b. Allow traffic from Source as **AzureLoadBalancer** service tag and Destination and destination port as **Any**
+    b. Allow traffic from Source as **AzureLoadBalancer** service tag and destination port as **Any**
 
-    c. Deny all inbound traffic from Source as **Internet** service tag and Destination and destination port as **Any**. Give this rule the *least priority* in the inbound rules
+    c. Deny all inbound traffic from Source as **Internet** service tag and destination port as **Any**. Give this rule the *least priority* in the inbound rules
 
-    d. Keep the default rules like allowing VirtualNetwork inbound so that the access on private IP address is not blocked
+    d. Keep the default rules like allowing VirtualNetwork inbound so that the access on private IP address isn't blocked
 
-    e. Outbound internet connectivity can't be blocked. Otherwise, you will face issues with logging, metrics, etc.
+    e. Outbound internet connectivity can't be blocked. Otherwise, you will face issues with logging, metrics, and so on.
 
 Sample NSG configuration for private IP only access:
 ![Application Gateway V2 NSG Configuration for private IP access only](./media/application-gateway-faq/appgw-privip-nsg.png)