You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
title: 'Quickstart: Create an Azure WAF v2 by using an Azure Resource Manager template'
3
3
titleSuffix: Azure Application Gateway
4
-
description: Learn how to use an Azure Resource Manager quickstart template (ARM template) to create a Web Application Firewall v2 on Azure Application Gateway.
4
+
description: Use an Azure Resource Manager template (ARM template) to create a Web Application Firewall v2 on Azure Application Gateway.
# Customer intent: As a cloud administrator, I want to quickly deploy a Web Application Firewall v2 on Azure Application Gateway for production environments or to evaluate WAF v2 functionality.
13
13
---
14
14
15
-
# Quickstart: Create an Azure WAF v2 on Application Gateway using an ARM template
15
+
# Quickstart: Create an Azure Web Application Firewall v2 by using an ARM template
16
16
17
-
In this quickstart, you use an Azure Resource Manager template (ARM template) to create an Azure Web Application Firewall v2 on Application Gateway.
17
+
In this quickstart, you use an Azure Resource Manager template (ARM template) to create an Azure Web Application Firewall (WAF) v2 on Azure Application Gateway.
If your environment meets the prerequisites and you're familiar with using ARM templates, select the **Deploy to Azure** button. The template will open in the Azure portal.
23
+
If your environment meets the prerequisites and you're familiar with using ARM templates, you can select the **Deploy to Azure** button to open the template in the Azure portal.
24
24
25
-
[](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fag-docs-wafv2%2Fazuredeploy.json)
25
+
[](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fag-docs-wafv2%2Fazuredeploy.json)
26
26
27
27
## Prerequisites
28
28
29
-
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
29
+
- An Azure account with an active subscription. If you don't have one, you can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
30
30
31
31
## Review the template
32
32
33
-
This template creates a simple Web Application Firewall v2 on Azure Application Gateway. This includes a public IP frontend IP address, HTTP settings, a rule with a basic listener on port 80, and a backend pool. A WAF policy with a custom rule is created to block traffic to the backend pool based on an IP address match type.
33
+
This template creates a simple Web Application Firewall v2 on Azure Application Gateway. The template creates a public IP frontend IP address, HTTP settings, a rule with a basic listener on port 80, and a backend pool. A WAF policy with a custom rule blocks traffic to the backend pool based on an IP address match type.
34
34
35
-
The template used in this quickstart is from [Azure Quickstart Templates](https://azure.microsoft.com/resources/templates/ag-docs-wafv2/).
35
+
The template defines the following Azure resources:
-[Microsoft.Network/publicIPAddresses](/azure/templates/microsoft.network/publicipaddresses), one for the application gateway and two for the virtual machines (VMs)
-[**Microsoft.Network/publicIPAddresses**](/azure/templates/microsoft.network/publicipaddresses) : one for the application gateway, and two for the virtual machines.
1. Select **Deploy to Azure** to sign in to Azure and open the template. The template creates an application gateway, the network infrastructure, and two virtual machines in the backend pool running IIS.
54
+
1. Select **Deploy to Azure** to sign in to Azure and open the template. The template creates an application gateway, the network infrastructure, and two VMs in the backend pool running IIS.
55
55
56
-
[](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fag-docs-wafv2%2Fazuredeploy.json)
56
+
[](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Fdemos%2Fag-docs-wafv2%2Fazuredeploy.json)
57
57
58
-
2. Select or create your resource group.
59
-
3. Select **I agree to the terms and conditions stated above** and then select **Purchase**. The deployment can take 10 minutes or longer to complete.
58
+
1. Select or create a resource group.
59
+
1. Select **Review + create**, and when validation passes, select **Create**. The deployment can take 10 minutes or longer to complete.
60
60
61
61
## Validate the deployment
62
62
63
-
Although IIS isn't required to create the application gateway, it's installed on the backend servers to verify if Azure successfully created a WAF v2 on the application gateway.
63
+
Although IIS isn't required, the template installs IIS on the backend servers so you can verify that Azure successfully created a WAF v2 on the application gateway.
64
64
65
65
Use IIS to test the application gateway:
66
66
67
-
1. Find the public IP address for the application gateway on its **Overview** page. Or, you can select **All resources**, enter *myAGPublicIPAddress* in the search box, and then select it in the search results. Azure displays the public IP address on the **Overview** page.
68
-
2. Copy the public IP address, and then paste it into the address bar of your browser to browse that IP address.
69
-
3. Check the response. A **403 Forbidden** response verifies that the WAF was successfully created and is blocking connections to the backend pool.
70
-
4. Change the custom rule to **Allow traffic**.
71
-
Run the following Azure PowerShell script, replacing your resource group name:
67
+
1. Copy the public IP address for the application gateway from its **Overview** page.
68
+
69
+
70
+
71
+
You can also search for *application gateways* in the Azure search box. The list of application gateways shows the public IP addresses in the **Public IP address** column.
72
+
73
+
1. Paste the IP address into the address bar of your browser to browse that address.
74
+
1. Check the response. A **403 Forbidden** response verifies that the WAF is successfully blocking connections to the backend pool.
75
+
1. To change the custom rule to allow traffic, run the following Azure PowerShell script, replacing your resource group name:
Refresh your browser multiple times and you should see connections to both myVM1 and myVM2.
88
+
As you refresh your browser, you should see connections to both myVM1 and myVM2.
84
89
85
90
## Clean up resources
86
91
87
-
When you no longer need the resources that you created with the application gateway, delete the resource group. This removes the application gateway and all the related resources.
92
+
When you no longer need the resources you created in this quickstart, delete the resource group to remove the application gateway and all its related resources.
88
93
89
94
To delete the resource group, call the `Remove-AzResourceGroup` cmdlet:
90
95
@@ -95,4 +100,4 @@ Remove-AzResourceGroup -Name "<your resource group name>"
95
100
## Next steps
96
101
97
102
> [!div class="nextstepaction"]
98
-
> [Tutorial: Create an application gateway with a Web Application Firewall using the Azure portal](application-gateway-web-application-firewall-portal.md)
103
+
> [Tutorial: Create an application gateway with a Web Application Firewall by using the Azure portal](application-gateway-web-application-firewall-portal.md)
0 commit comments