Hi Rakesh Singh,
Good day!
Welcome to the Q&A Platform for Microsoft! We appreciate you posing your query here.
- Azure Web Application Firewall (WAF) on the Application Gateway does not perform TLS inspection.
The following use cases are supported with Azure Firewall:
- Outbound TLS Inspection
To protect against malicious traffic that is sent from an internal client hosted in Azure to the Internet.
- East-West TLS Inspection (includes traffic that goes from/to an on-premises network)
To protect your Azure workloads from potential malicious traffic sent from within Azure.
The following use case is supported by Azure Web Application Firewall on Azure Application Gateway:
- Inbound TLS Inspection
To protect internal servers or applications hosted in Azure from malicious requests that arrive from the Internet or an external network. Application Gateway provides end-to-end encryption.
Refer: https://video2.skills-academy.com/en-us/azure/firewall/premium-features#tls-inspectionHi Rakesh Singh,
Good day!
Welcome to the Q&A Platform for Microsoft! We appreciate you posing your query here.
- Azure Web Application Firewall (WAF) on the Application Gateway does not perform TLS inspection.
The following use cases are supported with Azure Firewall:
- Outbound TLS Inspection
To protect against malicious traffic that is sent from an internal client hosted in Azure to the Internet.
- East-West TLS Inspection (includes traffic that goes from/to an on-premises network)
To protect your Azure workloads from potential malicious traffic sent from within Azure.
The following use case is supported by Azure Web Application Firewall on Azure Application Gateway:
- Inbound TLS Inspection
To protect internal servers or applications hosted in Azure from malicious requests that arrive from the Internet or an external network. Application Gateway provides end-to-end encryption.
Refer: https://video2.skills-academy.com/en-us/azure/firewall/premium-features#tls-inspection
Azure Firewall with TLS Inspection shows in the below Diagram:
__NOTE: __TLS 1.0 and 1.1 are being deprecated and won’t be supported. TLS 1.0 and 1.1 versions of TLS/Secure Sockets Layer (SSL) have been found to be vulnerable, and while they still currently work to allow backwards compatibility, they aren't recommended. Migrate to TLS 1.2 as soon as possible.
Refer:
https://video2.skills-academy.com/en-us/azure/firewall/premium-features#tls-inspection
Application Gateway Before Firewall Please refer the below document:
- With Azure Firewall Premium, this design can support end-to-end scenarios, where the Azure Firewall applies TLS inspection to perform IDPS on the encrypted traffic between the Application Gateway and the web backend.
Please review the provided documentation to better understand how the complete setup works and let us know if it works or not.
If you feel that your quires have been resolved, please accept the answer by clicking the "Upvote" and "Accept Answer" on the post.
We are pleased to help you.
I look forward to your response and appreciate your time on this.
Regards,
Ganesh