Introducing Azure Gateway Load Balancer: Deploy and scale network virtual appliances with ease

When we announced High Availability (HA) Ports for Azure Load Balancer, we enabled you to leverage network virtual appliances with more flexibility in Azure. HA ports is a unique capability that makes network virtual appliance (NVA) flexible as you deploy them in Azure – a first in the industry, it changed how you deploy NVAs at scale.

Today, we are pleased to announce the preview of Gateway Load Balancer, a fully managed service enabling you to deploy, scale, and enhance the availability of third party NVAs in Azure, that builds on that capability. You can add your favorite third party appliance whether it is a firewall, inline DDoS appliance, deep packet inspection system, or even your own custom appliance into the network path transparently – all with a single click.

With Gateway Load Balancer, you can easily add or remove advanced network functionality without additional management overhead. You can think of Gateway LB, as providing the bump-in-the-wire technology you need to ensure all traffic to a public endpoint is first sent to the appliance before your application. What makes Gateway LB even more powerful is ensuring symmetrical flows or ensuring a consistent route to your network virtual appliance – without having to update routes manually. As a result, packets traverse the same network path in both directions to function are able to do so.

Inserting network virtual appliances in the path transparently is also known as service chaining. With Gateway LB, you can enable service chaining in Azure. Once chained to a Standard Public Load Balancer frontend or IP configuration on a virtual machine, no additional configuration is needed to ensure traffic to and from the application endpoint is sent to the Gateway LB. Traffic flows from the consumer virtual network to the provider virtual network and then returns to the consumer virtual network. Gateway Load Balancer exchanges application traffic with the appliance in it's backend pool using VXLAN encapsulation. This allows preservation of the content of the traffic. The consumer virtual network and provider virtual network can be in different subscriptions, tenants, or regions enabling greater flexibility and ease of management.

Gateway Load Balancer brings together a pass through load balancer to distribute your traffic at scale and a single entry and exit point for your traffic - with a single click. All you need to do is chain your application to a Gateway Load Balancer. You can scale up or scale down as needed. You can also leverage auto scale with virtual machine scale sets.

To get started with Gateway Load Balancer:

1. Find your favorite virtual appliance in the Azure Marketplace
2. Deploy the NVA instances
3. Create a Gateway LB and place them in the backend pool
4. Chain the Gateway LB to your Public IP or Standard Load Balancer frontend

Gateway Load Balancer Launch partners

Azure's Network Virtual Appliance partners are able to offer their managed solutions via SaaS - Software as a Service with Gateway Load Balancer. Appliance providers do not need to worry about scale, load balancing, or even availability, they can rely on Gateway LB to take care of that. Gateway Load Balancer has a rich ecosystem of partners within the Azure Marketplace available, so you can start leveraging the solution today. You can choose from a plethora of industry leading appliances in the Azure Marketplace. Here are links to their blogs to learn more.

• Check Point - CloudGuard is a launch partner for Azure Gateway Load Balancer
• Palo Alto Networks - VM series Virtual Firewalls Integrate with Azure Gateway Load Balancer
• Trend Micro - Broad Security Instantly with Azure Gateway Load Balancer 
• Valtix - Valtix Integrates with Gateway Load Balancer
• Fortinet - Deploy FortiGate with Azure Gateway Load Balancer
• F5 - BIG-IP integration with Azure Gateway Load Balancer
• Glasnostic - Announcing Glasnostic for Azure Gateway Load Balancer
• cPacket - cPacket Networks Extends Cloud Visibility with Azure Gateway Load Balancer
• Cisco - Secure Firewall Integration with Azure Gateway Load Balancer
• Citrix  - Citrix ADC integration with Azure Gateway Load Balancer
• A10 - Introducing L3-7 DDoS Protection for Microsoft Azure Tenants | A10 Networks

Customers are already using Gateway LB for many scenarios - firewalls, advanced network security functions, deep packet inspection, analytics, IoT and so many more. Gateway LB integration with Standard DDoS has also enabled inline DDoS, you can ready more about it here.

Gateway Load Balancer is available across all Azure public regions, Government cloud regions, and China cloud regions. You can get started via the Azure Portal, CLI, PowerShell, templates, or Terraform. Learn more and deploy yours today.