Azure Web Application Firewall

Azure App Gateway

WAF Logs

Check for WAF policy breaks with the following Query in Log analytics workspace:

1
2
3
AzureDiagnostics 
| where TimeGenerated > ago(15m)
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "ApplicationGatewayFirewallLog"

Check WAF logs for the connections to the backend pools:

1
2
3
4
AzureDiagnostics
| where ResourceType == "APPLICATIONGATEWAYS" and Category == "ApplicationGatewayAccessLog"
| project TimeGenerated, Resource, backendPoolName_s, requestUri_s, httpStatus_d, clientIP_s, host_s
| summarize connectionCount = count() by backendPoolName_s, host_s

Firewalld FortiGate