You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/application-gateway/application-gateway-covid-guidelines.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,10 +16,10 @@ This article describes a few suggested guidelines for organizations in setting u
16
16
The following suggestions are to help organizations to have the best set up possible for their Application Gateways with WAF.
17
17
18
18
## Use the v2 SKUs over v1 for their autoscaling capabilities and performance benefits
19
-
The v2 SKUs offer autoscaling to ensure that your Application Gateway can scale up as traffic increases and offers other significant performance benefits such as 5x better SSL offload performance, quicker deployment and update times, zone redundancy, and more when compared to v1. Please see our [v2 documentation](https://docs.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for more information.
19
+
The v2 SKUs offer autoscaling to ensure that your Application Gateway can scale up as traffic increases and offers other significant performance benefits such as 5x better SSL offload performance, quicker deployment and update times, zone redundancy, and more when compared to v1. For more information, see our [v2 documentation](https://docs.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant).
20
20
21
21
## Set maximum instance count to the maximum possible (125)
22
-
Assuming you have a v2 SKU Application Gateway, setting the maximum instance count to the maximum possible count of 125 allows the Application Gateway to scale out as needed and will allow it handle the possible increase in traffic to your applications. You will only be charged for the Capacity Units (CUs) you use.
22
+
Assuming you have a v2 SKU Application Gateway, setting the maximum instance count to the maximum possible count of 125 allows the Application Gateway to scale out as needed and will allow it to handle the possible increase in traffic to your applications. You will only be charged for the Capacity Units (CUs) you use.
23
23
24
24
## Set your minimum instance count based on your average CU usage
25
25
Assuming you have a v2 SKU Application Gateway, autoscaling will take 6-7 minutes to scale out, and by having a higher minimum instance count, the Application Gateway will be better able to handle your traffic when load is increased, as every spike in traffic won't require an autoscaling operation.
@@ -33,19 +33,19 @@ This example shows setting up an alert when 75% of minimum CU usage is reached v
33
33
2. On the left panel, select **Metrics** under the **Monitoring** tab.
34
34
3. Add a metric for **Average Current Compute Units**.
35
35
**PLACEHOLDER - ADD A SCREENSHOT PICTURE HERE**
36
-
4. If you've set your minimum CU count to be your average usage, go ahead and set an alert for if 75% of your minimum instances are in use. If your minimum/average usage is 10 CUs,, set an alert on 7.5 CUs. This will alert you if usage is increasing and give you time to respond and raise the minimum if you think this traffic will be sustained and will give you an alert that traffic may be increasing.
36
+
4. If you've set your minimum CU count to be your average usage, go ahead and set an alert for if 75% of your minimum instances are in use. If your minimum/average usage is 10 CUs, set an alert on 7.5 CUs. This will alert you if usage is increasing and give you time to respond and raise the minimum if you think this traffic will be sustained and will give you an alert that traffic may be increasing.
37
37
**PLACEHOLDER - ADD A SCREENSHOT PICTURE HERE**
38
38
39
39
> [!NOTE]
40
40
> You can set the alert to occur at a lower or higher CU utilization percentage depending on how sensitive you want to be to potential traffic spikes.
41
41
42
42
## Set up WAF with geofiltering and bot protection to stop attacks
43
-
If you want an extra layer of security in front of your application, use the Application Gateway WAF_v2 SKU for WAF capabilities. Assuming you are using an Application Gateway WAF_v2 SKU, if you only want your applications to be accessed from a given country or countries, you can set up a WAF custom rule to explicitly allow or block traffic based on their geolocation. For more information, see [geofiltering custom rules](https://docs.microsoft.com/azure/web-application-firewall/ag/geomatch-custom-rules) and [how to configure custom rules on Application Gateway WAF_v2 SKU through Powershell](https://docs.microsoft.com/azure/web-application-firewall/ag/configure-waf-custom-rules).
43
+
If you want an extra layer of security in front of your application, use the Application Gateway WAF_v2 SKU for WAF capabilities. Assuming you are using an Application Gateway WAF_v2 SKU, if you only want your applications to be accessed from a given country or countries, you can set up a WAF custom rule to explicitly allow or block traffic based on their geolocation. For more information, see [geofiltering custom rules](https://docs.microsoft.com/azure/web-application-firewall/ag/geomatch-custom-rules) and [how to configure custom rules on Application Gateway WAF_v2 SKU through PowerShell](https://docs.microsoft.com/azure/web-application-firewall/ag/configure-waf-custom-rules).
44
44
45
45
Enabling bot protection will block known bad bots, and should reduce the amount of traffic getting to your application. For more information, see [bot protection with set up instructions](https://docs.microsoft.com/azure/web-application-firewall/ag/configure-waf-custom-rules).
46
46
47
47
## Turn on diagnostics on Application Gateway and WAF
48
48
Diagnostic logs allow you to view firewall logs, performance logs, and access logs. You can use these logs in Azure to manage and troubleshoot Application Gateways. For instructions on how to set up these logs, see our [diagnostics documentation](https://docs.microsoft.com/azure/application-gateway/application-gateway-diagnostics#diagnostic-logging).
49
49
50
50
## Set up an SSL policy for extra security
51
-
Please ensure you're using the latest version of SSL policy ([AppGwSslPolicy20170401S](https://docs.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview#appgwsslpolicy20170401s)) which enforces TLS 1.2 and stronger ciphers. See [configuring SSL policy versions and cipher suites via Powershell](https://docs.microsoft.com/azure/application-gateway/application-gateway-configure-ssl-policy-powershell).
51
+
Ensure you're using the latest version of SSL policy ([AppGwSslPolicy20170401S](https://docs.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview#appgwsslpolicy20170401s)) which enforces TLS 1.2 and stronger ciphers. See [configuring SSL policy versions and cipher suites via PowerShell](https://docs.microsoft.com/azure/application-gateway/application-gateway-configure-ssl-policy-powershell).
0 commit comments