'Do I need a separate WAF if I want to use Azure Deployment Slot on production instance?

I'm looking to leverage Azure deployment slots for a production Web App (with Azure SQL DB).

I also use a Fortiweb WAF-as-a-Service for production app.

If I use deployment slots, will I need a separate Fortiweb WAF-as-a-Service instance to point to new name of "ProductionApp/Staging"?

I suspect I would need DNS entries as well for new Staging name, along with a separate WAF to have the client successfully connect to staging deployment slot.

Any comments, pointers or other would be most welcomed.

Regards, Paul

databaseazuredeploymentdnsweb-application-firewall


Solution 1:[1]

Thank you to @PDorenberg for your question, and the subsequent solution that you provided in your comment.

For the sake of the community, I'm posting your comment as an answer, as it will benefit many others who are facing the same issue and are searching for a solution. Also, I've adding some points that I feel should be included and considered in the answer.

Deployment slots can’t swap custom client domain, associated private TLS/SSL certificates and scale settings as these settings are directly related to virtual network and private endpoints and these are ultimately related to the IP address space and DNS records created for them which are unique for every instance of resource that is routable, mappable and can be found over the internet through public IP addresses

Also, do keep in mind that only app settings, connection strings, language framework versions, web sockets, HTTP version, and platform bitness can be swapped between a deployment slot and a production slot. Please see the documentation for all the information regarding the deployment slot configuration and swapping.

Please also take note that you won’t need the Fortiweb WAF-as-a-service instance when pointing to the production slot of the app for a deployment that is already deployed in the staging slot of the App Service. But if the App Service instances are different for different apps in production, then you surely would need the Fortiweb WAF-as-a-service to route the traffic accordingly to each App Service instance separately.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Jeremy Caney

Related Questions

How do I return a list of all column titles in a table in SQLite? [duplicate]

How do I return a list of all column titles in a table in SQLite? [duplicate]

How do I return a list of all column titles in a table in SQLite? [duplicate]

What's the difference between " = null" and " IS NULL"?

SQLite extension in VSCode not showing tables

SQLite extension in VSCode not showing tables

What's the difference between " = null" and " IS NULL"?

SQLite extension in VSCode not showing tables

Get specific row col values from mysql using vb 2012

How to connect SQL Server with Rstudio?

MySQL Query error using UNION/UNION ALL and Group By

django.core.exceptions.ValidationError: ['“” value must be a decimal number.']

recursive tree as a list (array items) in a new attribute value child

Warning: sqlite_query() expects parameter 1 to be resource, string given

How to convert XML columns to rows in SQL database?