Quick Question about Azure AppGateway VM Series Deployment

L0 Member

Quick Question about Azure AppGateway VM Series Deployment

We have an existing environment where Palo Alto VM Series was deployed by somebody who is no longer at the company.

I was told that it has never worked. Primary purpose of the firewall is to secure inbound web traffic.

Current configuration is:


AppGateway->LB->2 VM Series->ILB->Web Servers


VM Series VM's had 3 Network interfaces.

I can log into the management UI and see no configuration was done.

I noticed that AppGateway did not have a HTTPS listener so it only accepts HTTP traffic.

None of the subnets have any UDR's defined. 


Our requirements can be met by the template published here:


This template eliminates Public LB in front of VM Series so traffic flows like this:

internet->AppGateway->2 VM Series->ILB->Web Servers 


What is the benefit of having public LB between AppGateway and the Firewall VM's


Even this template shows Application Gateway without HTTPS listener.

I am wondering why this is the case?




Tags (1)
L5 Sessionator

Re: Quick Question about Azure AppGateway VM Series Deployment

If you are using an App gateway you don't need a public LB because the APP gateway is public facing. Just note that the App Gateway is for HTTP(S) traffic only. That being said it provides additional benefits such as WAF, SSL termination and decryption etc. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!