9

I'm trying to setup Azure WAF (v2) on my App Gateway (currently in detection mode first to handle false positive cases), however, I'm seeing this warning:

To view your detection logs, you must have diagnostics enabled.

So, I went to Diagnostic settings and created it there with following options:

Log:

ApplicationGatewayAccessLog - (checked)

ApplicationGatewayPerformanceLog - (checked)

ApplicationGatewayFirewallLog - (checked)

Metric:

AllMetrics - (checked)

I have Send to Log Analytics checked as well. Also Archive to a storage account enabled.

But I'm still seeing the same warning mentioned above. Any idea what I might be missing here?

UPDATE, I do see records within log with following query, but warning is still there:

AzureDiagnostics | where OperationName == "ApplicationGatewayFirewall"
Improve this question
7
  • Just to make sure, if you refresh the diagnostic settings blade, you do see your configuration. Right? Maybe logging on and off? We do use App Gateway w/WAF enabled and did not face this behaviour.
    – LMG
    Apr 22, 2020 at 2:31
  • I do see it under App Gateway \ Diagnostic Settings, and I tried to log out and log in again, but still same warning. I even tried to run some malicious scan to make sure that I will have some logs, but still no luck.
    – ShP
    Apr 22, 2020 at 2:36
  • 1
    Go to your log analytics / logs and look for ApplicationGatewayFirewall. Is there any data?
    – LMG
    Apr 22, 2020 at 2:37
  • @LMG I have updated my question, I did run a query as you suggested, and I see my requests when I go trough log analytics workspace, however, warning is still there.
    – ShP
    Apr 22, 2020 at 3:09
  • 1
    @Matrix if you are asking about logs, it takes a min to show logs under AzureDiagnostics. If you were referring to the warning, it's been a while since I did this, but I think it was related to what I had selected for diagnostic, check this article: learn.microsoft.com/en-us/azure/firewall/firewall-diagnostics Also one additional note if you are just starting with WAF, might be a better option to use WAF for Azure FrontDoor instead of WAF for AppGateway. It gives a bit more options (e.g. geofence etc.).
    – ShP
    Aug 16, 2021 at 16:40
Related questions
2
WADDiagnosticInfrastructureLogsTable failed ERROR_WINHTTP_AUTODETECTION_FAILED (12180)
0
Azure WADLogsTable is getting flooded with information traces
4
Azure App Service with WAF
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.