Azure WAF: Using FrontDoors or AplicationGateway?

We need a WAF for our Webservice which we are developing at the moment and I'm not sure if we should use FrontDoors or an ApplicationGateway. For the start, we plan to offer our service just for Europe, so in this case FrontDoors is not necessary right? But in the future (maybe 1 year after release) we also want to offer the service e.g. in the US, so in this case we could need FrontDoors.

So my question is: Should we use FrontDoors now in mind we need it later, even if we don't use all of the functionality and I think FrontDoors is quite expensive or is it worth to use ApplicationGateway for the start? Is it possible to migrate WAF from Gateway to FrontDoors?

Its not possible to use WAF standalone or is it?

Solution 1:

You can still do global services with Application Gateway, you would have two instances, one in each region, and use traffic manager to load balance between them.

Front Door vs Application Gateway is really going to depend on your requirements, bearing in mind the following:

• Front Door is a shared PaaS service, it is less complex to implement, does not require a virtual network, but because it is a shared service performance can be more variable
• Front door offers local point of presence and cache, getting your users onto the Azure backbone quicker
• Front door does global load balancing as part of the service, where as app gateway would require implementing traffic manger
• Being a PaaS service, FD is generally cheaper to implement and managed compared to App GW
• Application gateway is much easier to integrate with a virtual network, and apply NSG's etc.