Introduction
A gateway is a networking resource which handles network traffic while traversing different segments of the same ISO OSI network layer, for example a default gateway is a layer 3 domain (broadcast) gateway for routing purposes. The term gateway can also signify an application layer appliance which handles traffic for specialized application traffic scenarios, such as Voice Over IP. One such example is the Session Border Controller (SBC) in VoIP and SIP protocol technology. With the advent of WebRTC some SBCs have assumed the role of SIP to WebRTC Gateway. There also numerous examples of application layer (OSI layer 7) devices or appliances, which route and manage traffic at various levels and protocols of the application layer (such as packet header rewrites). In other cases moreover, one could face the term gateway to designate a perimeter security appliance or application server, acting as the authentication, authorization and accounting (AAA) security component of a larger application architecture. One such example is the Citrix Gateway appliance for Citrix ICA/HDX traffic and Microsoft Remote Desktop Services (RDS) Gateway server role service sitting in a DMZ network zone in an RDS infrastructure.
This article provides an overview of Azure gateway resources. Each Azure gateway resource has different functions and use cases.
Azure gateway resources
Virtual network gateway
An Azure virtual network gateway can be either a VPN gateway or an Express Route gateway. A virtual network gateway serves two purposes: exchange IP routes between the networks and route network traffic.
Azure VPN Gateway connects your on-premises networks to Azure through Site-to-Site VPNs in a similar way that you set up and connect to a remote branch office. The connectivity is secure and uses the industry-standard protocols Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). Alternatively, you can make use of an Express Route circuit (via Express Route network provider) or an Express Route Direct connection via an Express Route virtual network gateway.
The following screenshot depicts the available parameters when provisioning an Azure virtual network gateway resource.
Microsoft provides a design guide when planning for the appropriate virtual network gateway type: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways.
Local network gateway
Create a local network gateway to represent the on-premises site that you want to connect to a virtual network. The local network gateway specifies the public IP address of the VPN device and IP address ranges located on the on-premises site. Later, create a VPN gateway connection between the virtual network gateway for the virtual network, and the local network gateway for the on-premises site.
The following screenshot depicts the available parameters when provisioning an Azure local network gateway resource.
NAT gateway
NAT gateway provides outbound internet connectivity for one or more subnets of a virtual network. Once NAT gateway is associated to a subnet, NAT provides source network address translation (SNAT) for that subnet. NAT gateway specifies which static IP addresses virtual machines use when creating outbound flows.
The following screenshots depict the available parameters when provisioning an Azure NAT gateway resource.
On-premises data gateway
The on-premises data gateway acts as a bridge, providing quick and secure data transfer between on-premises data and Power BI, Microsoft Flow, Logic Apps and PowerApps. In Azure Logic Apps, you can use some connectors to access on-premises data sources from your logic app workflows. However, before you can do so, you need to install the on-premises data gateway on a local computer. You also need to create a gateway resource in Azure for your gateway installation. You can then select this gateway resource when you use triggers and actions from connectors that can access on-premises data sources.
The following screenshots depict the available parameters when provisioning an Azure on-premises data gateway resource. You need to choose an existing installation name. If none exists, you first need to create one before creating an on-premises data gateway.
Application Gateway
Azure Application Gateway gives you application-level routing and load balancing services that let you build a scalable and highly-available web front end in Azure. An Application Gateway can be classified as an Application Delivery Controller (ADC) device operating at OSI layer 7. Details about Application Gateway can be found in my following article: How to configure Application Gateway for HTTPS workloads.
The above article explains the concepts and components involved in Azure Application Gateway configuration.
The following screenshots depict the available parameters when provisioning an Azure application gateway resource.
Communication gateway
Use an Azure communication gateway to connect Microsoft Teams to your phone network. The following screenshots depict the available parameters when provisioning an Azure communication gateway resource.
Data Box Gateway
Azure Data Box Gateway is a storage solution that enables you to seamlessly send data to Azure. This article provides you an overview of the Azure Data Box Gateway solution, benefits, key capabilities, and the scenarios where you can deploy this device. Data Box Gateway is a virtual device based on a virtual machine provisioned in your virtualized environment or hypervisor. The virtual device resides in your premises and you write data to it using the NFS and SMB protocols. The device then transfers your data to Azure block blob, page blob, or Azure Files.
The following screenshot depicts the available parameters when provisioning an Azure data box gateway resource.
Azure Stack Edge / Data Box Gateway
The following screenshot depicts the available parameters when provisioning an Azure Stack Edge / Data Box gateway resource.
