MicrosoftDocs
diff --git a/‎articles/app-service/environment/integrate-with-application-gateway.md
Lines changed: 40 additions & 50 deletions b/‎articles/app-service/environment/integrate-with-application-gateway.md
Lines changed: 40 additions & 50 deletions
@@ -5,63 +5,63 @@ author: madsd
 
 ms.assetid: a6a74f17-bb57-40dd-8113-a20b50ba3050
 ms.topic: article
-ms.date: 10/12/2021
+ms.date: 01/07/2025
 ms.author: madsd
 ---
 # Integrate your ILB App Service Environment with the Azure Application Gateway
 
-The [App Service Environment][AppServiceEnvironmentoverview] is a deployment of Azure App Service in the subnet of a customer's Azure virtual network. It can be deployed with an external or internal endpoint for app access. The deployment of the App Service environment with an internal endpoint is called an internal load balancer (ILB) App Service environment (ASE).
+The [App Service Environment](./overview.md) is a deployment of Azure App Service in the subnet of a customer's Azure virtual network. It can be deployed with an external or internal endpoint for app access. The deployment of the App Service Environment with an internal endpoint is called an internal load balancer (ILB) App Service Environment.
 
-Web application firewalls help secure your web applications by inspecting inbound web traffic to block SQL injections, Cross-Site Scripting, malware uploads & application DDoS and other attacks. You can get a WAF device from the Azure Marketplace or you can use the [Azure Application Gateway][appgw].
+Web application firewalls help secure your web applications by inspecting inbound web traffic to block SQL injections, Cross-Site Scripting, malware uploads & application DDoS and other attacks. You can get a WAF device from Azure Marketplace or you can use the [Azure Application Gateway](../../application-gateway/overview.md).
 
-The Azure Application Gateway is a virtual appliance that provides layer 7 load balancing, TLS/SSL offloading, and web application firewall (WAF) protection. It can listen on a public IP address and route traffic to your application endpoint. The following information describes how to integrate a WAF-configured application gateway with an app in an ILB App Service environment.  
+The Azure Application Gateway is a virtual appliance that provides layer 7 load balancing, TLS offloading, and web application firewall (WAF) protection. It can listen on a public IP address and route traffic to your application endpoint. The following information describes how to integrate a WAF-configured application gateway with an app in an ILB App Service Environment.
 
-The integration of the application gateway with the ILB App Service environment is at an app level. When you configure the application gateway with your ILB App Service environment, you're doing it for specific apps in your ILB App Service environment. This technique enables hosting secure multitenant applications in a single ILB App Service environment.  
+The integration of the application gateway with the ILB App Service Environment is at an app level. When you configure the application gateway with your ILB App Service Environment, you're doing it for specific apps in your ILB App Service Environment.
 
 :::image type="content" source="./media/integrate-with-application-gateway/appgw-highlevel.png" alt-text="Screenshot of High level integration diagram":::
 
 In this walkthrough, you will:
 
 * Create an Azure Application Gateway.
-* Configure the application gateway to point to an app in your ILB App Service environment.
+* Configure the application gateway to point to an app in your ILB App Service Environment.
 * Edit the public DNS host name that points to your application gateway.
 
 ## Prerequisites
 
-To integrate your application gateway with your ILB App Service environment, you need:
+To integrate your application gateway with your ILB App Service Environment, you need:
 
-* An ILB App Service environment.
-* A private DNS zone for ILB App Service environment.
-* An app running in the ILB App Service environment.
-* A public DNS name that's used later to point to your application gateway.
-* If you need to use TLS/SSL encryption to the application gateway, a valid public certificate that's used to bind to your application gateway is required.
+* An ILB App Service Environment.
+* A private DNS zone for ILB App Service Environment.
+* An app running in the ILB App Service Environment.
+* A public DNS name for your application gateway.
+* If you need to use TLS encryption to the application gateway, a valid public certificate that's used to bind to your application gateway is required.
 
-### ILB App Service environment
+### ILB App Service Environment
 
-For details on how to create an ILB App Service environment, see [Create an ASE in the Azure portal][creation] and [Create an ASE with ARM template][createfromtemplate].
+For details on how to create an ILB App Service Environment, see [Create an App Service Environment in the Azure portal](./creation.md) and [Create an App Service Environment with Azure Resource Manager template](./create-from-template.md).
 
-* After ILB ASE is created, the default domain is `<YourAseName>.appserviceenvironment.net`.
+* After ILB App Service Environment is created, the default domain is `<YourAseName>.appserviceenvironment.net`.
 
-    :::image type="content" source="./media/integrate-with-application-gateway/ilb-ase.png" alt-text="Screenshot of ILB ASE Overview":::
+    :::image type="content" source="./media/integrate-with-application-gateway/ilb-ase.png" alt-text="Screenshot of ILB App Service Environment Overview.":::
 
-* An internal load balancer is provisioned for inbound access. You can check the Inbound address in the IP addresses under ASE Settings. You can create a private DNS zone mapped to this IP address later.
+* An internal load balancer is provisioned for inbound access. You can check the Inbound address in the IP addresses under App Service Environment Settings. You can create a private DNS zone mapped to this IP address later.
 
-    :::image type="content" source="./media/integrate-with-application-gateway/ip-addresses.png" alt-text="Screenshot of getting the inbound address from ILB ASE IP addresses settings.":::
+    :::image type="content" source="./media/integrate-with-application-gateway/ip-addresses.png" alt-text="Screenshot of getting the inbound address from ILB App Service Environment IP addresses settings.":::
 
 ### A private DNS zone
 
-You need a [private DNS zone][privatednszone] for internal name resolution. Create it using the ASE name using the record sets shown in the following table (for instructions, see [Quickstart - Create an Azure private DNS zone using the Azure portal][createprivatednszone]).
+You need a [private DNS zone](../../dns/private-dns-overview.md) for internal name resolution. Create it using the App Service Environment name using the record sets shown in the following table (for instructions, see [Quickstart - Create an Azure private DNS zone using the Azure portal](../../dns/private-dns-getstarted-portal.md)).
 
 | Name  | Type | Value               |
 | ----- | ---- | ------------------- |
-| *     | A    | ASE inbound address |
-| @     | A    | ASE inbound address |
-| @     | SOA  | ASE DNS name        |
-| *.scm | A    | ASE inbound address |
+| *     | A    | App Service Environment inbound address |
+| @     | A    | App Service Environment inbound address |
+| @     | SOA  | App Service Environment DNS name        |
+| *.scm | A    | App Service Environment inbound address |
 
-### App Service on ILB ASE
+### App Service on ILB App Service Environment
 
-You need to create an App Service plan and an app in your ILB ASE. When creating the app in the portal, select your ILB ASE as the **Region**.
+You need to create an App Service plan and an app in your ILB App Service Environment. When creating the app in the portal, select your ILB App Service Environment as the **Region**.
 
 ### A public DNS name to the application gateway
 
@@ -70,20 +70,20 @@ With a public domain mapped to the application gateway, you don't need to config
 
 ### A valid public certificate
 
-For security enhancement, it's recommended to bind TLS/SSL certificate for session encryption. To bind TLS/SSL certificate to the application gateway, a valid public certificate with following information is required. With [App Service certificates](../configure-ssl-app-service-certificate.md), you can buy a TLS/SSL certificate and export it in .pfx format.
+For security enhancement, bind a TLS certificate for session encryption. To bind TLS certificate to the application gateway, a valid public certificate with following information is required. With [App Service certificates](../configure-ssl-app-service-certificate.md), you can buy a TLS certificate and export it in `.pfx` format.
 
 | Name  | Value               | Description|
 | ----- | ------------------- |------------|
 | **Common Name** |`<yourappname>.<yourdomainname>`, for example: `app.asabuludemo.com`  <br/> or `*.<yourdomainname>`, for example: `*.asabuludemo.com` | A standard certificate or a [wildcard certificate](https://wikipedia.org/wiki/Wildcard_certificate) for the application gateway|
 | **Subject Alternative Name** | `<yourappname>.scm.<yourdomainname>`, for example: `app.scm.asabuludemo.com`  <br/>or `*.scm.<yourdomainname>`, for example: `*.scm.asabuludemo.com` |The SAN that allowing to connect to App Service kudu service. It's an optional setting, if you don't want to publish the App Service kudu service to the internet.|
 
-The certificate file should have a private key and save in .pfx format, it will be imported to the application gateway later.
+The certificate file should have a private key and save in `.pfx` format. The certificate is imported to the application gateway later.
 
 ## Create an application gateway
 
-For the basic application gateway creation, refer to [Tutorial: Create an application gateway with a Web Application Firewall using the Azure portal][Tutorial: Create an application gateway with a Web Application Firewall using the Azure portal].
+For the basic application gateway creation, refer to [Tutorial: Create an application gateway with a Web Application Firewall using the Azure portal](../../web-application-firewall/ag/application-gateway-web-application-firewall-portal.md).
 
-In this tutorial, we'll use Azure portal to create an application gateway with ILB App Service environment.
+In this tutorial, we use Azure portal to create an application gateway with ILB App Service Environment.
 
 In the Azure portal, select **New** > **Network** > **Application Gateway** to create an application gateway.
 
@@ -120,25 +120,25 @@ In the Azure portal, select **New** > **Network** > **Application Gateway** to c
         | Rule name      | For example: `http-routingrule`    | Routing name                                                 |
         | Listener name  | For example: `http-listener`       | Listener name                                                |
         | Frontend IP    | Public                            | For internet access, set to Public                           |
-        | Protocol       | HTTP                             | Don't use TLS/SSL encryption                                       |
+        | Protocol       | HTTP                             | Don't use TLS encryption                                       |
         | Port           | 80                               | Default HTTP Port                                           |
-        | Listener type  | Multi site                        | Allow to listen multi-sites on the application gateway           |
+        | Listener type  | Multisite                        | Allow to listen multi-sites on the application gateway           |
         | Host type      | Multiple/Wildcard                 | Set to multiple or wildcard website name if listener type is set to multi-sites. |
         | Host name      | For example:  `app.asabuludemo.com` | Set to a routable domain name for App Service              |
         
         :::image type="content" source="./media/integrate-with-application-gateway/http-routing-rule.png" alt-text="Screenshot of HTTP Listener of the application gateway Routing Rule.":::
 
-    * To connect to the application gateway with TLS/SSL encryption, you can create a listener with following settings,
+    * To connect to the application gateway with TLS encryption, you can create a listener with following settings:
 
         | Parameter      | Value                             | Description                                                  |
         | -------------- | --------------------------------- | ------------------------------------------------------------ |
         | Rule name      | For example: `https-routingrule`    | Routing name                                                 |
         | Listener name  | For example: `https-listener`       | Listener name                                                |
         | Frontend IP    | Public                            | For internet access, set to Public                           |
-        | Protocol       | HTTPS                             | Use TLS/SSL encryption                                       |
+        | Protocol       | HTTPS                             | Use TLS encryption                                       |
         | Port           | 443                               | Default HTTPS Port                                           |
         | Https Settings | Upload a certificate              | Upload a certificate contains the CN and the private key with .pfx format. |
-        | Listener type  | Multi site                        | Allow to listen multi-sites on the application gateway           |
+        | Listener type  | Multisite                        | Allow to listen multi-sites on the application gateway           |
         | Host type      | Multiple/Wildcard                 | Set to multiple or wildcard website name if listener type is set to multi-sites. |
         | Host name      | For example:  `app.asabuludemo.com` | Set to a routable domain name for App Service              |
         
@@ -148,24 +148,24 @@ In the Azure portal, select **New** > **Network** > **Application Gateway** to c
 
         :::image type="content" source="./media/integrate-with-application-gateway/add-new-http-setting.png" alt-text="Screenshot of adding new link to add an H T T P setting.":::
 
-    * HTTP settings listed as below:
+    * HTTP settings listed in the following table:
 
         | Parameter                     | Value                                                        | Description                                                  |
         | ----------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
         | HTTP setting name             | For example: `https-setting`                                   | HTTP setting name                                            |
-        | Backend protocol              | HTTPS                                                        | Use TLS/SSL encryption                                       |
+        | Backend protocol              | HTTPS                                                        | Use TLS encryption                                       |
         | Backend port                  | 443                                                          | Default HTTPS Port                                           |
-        | Use well known CA certificate | Yes                                                          | The default domain name of ILB ASE is `.appserviceenvironment.net`, the certificate of this domain is issued by a public trusted root authority. In the Trusted root certificate setting, you can set to use **well known CA trusted root certificate**. |
-        | Override with new host name   | Yes                                                          | The host name header will be overwrote on connecting to the app on ILB ASE |
+        | Use well known CA certificate | Yes                                                          | The default domain name of ILB App Service Environment is `.appserviceenvironment.net`. The certificate of this domain is issued by a public trusted root authority. In the Trusted root certificate setting, you can set to use **well known CA trusted root certificate**. |
+        | Override with new host name   | Yes                                                          | The host name header is overwritten on connecting to the app on ILB App Service Environment |
         | Host name override            | Pick host name from backend target | When setting backend pool to App Service, you can pick host from backend target |
         | Create custom probes | No | Use default health probe|
         
         :::image type="content" source="./media/integrate-with-application-gateway/https-setting.png" alt-text="Screenshot of **Add an H T T P setting** dialog.":::
 
 
-## Configure an application gateway integration with ILB ASE
+## Configure an application gateway integration with ILB App Service Environment
 
-To access ILB ASE from the application gateway, you need to check if a virtual network link to private DNS zone. If there's no virtual network linked to your application gateway's VNet, add a virtual network link with following steps.
+To access ILB App Service Environment from the application gateway, you need to check if a virtual network link to private DNS zone. If there's no virtual network linked to your application gateway's virtual network, add a virtual network link with following steps.
 
 ### Configure virtual network links with a private DNS zone
 
@@ -202,13 +202,3 @@ You need to configure a proper DNS mapping when access to the application gatewa
 * On a machine access from internet, test the web access from a browser.
 
 :::image type="content" source="./media/integrate-with-application-gateway/access-web.png" alt-text="Screenshot of opening a browser, access to the web.":::
-
-<!--LINKS-->
-[appgw]: ../../application-gateway/overview.md
-[custom-domain]: ../app-service-web-tutorial-custom-domain.md
-[creation]: ./creation.md
-[createfromtemplate]: ./create-from-template.md
-[createprivatednszone]: ../../dns/private-dns-getstarted-portal.md
-[AppServiceEnvironmentoverview]: ./overview.md
-[privatednszone]: ../../dns/private-dns-overview.md
-[Tutorial: Create an application gateway with a Web Application Firewall using the Azure portal]: ../../web-application-firewall/ag/application-gateway-web-application-firewall-portal.md