There is often a requirement that workload be distributed across multiple Azure regions. If these are services that are publicly accessible from the Internet, the use of a firewall is recommended.

The standard setup was usually the combination of a Traffic Manager and an Application Gateway with Web Application Firewall. The Traffic Manager is a load balancer that works globally and thus routes between the two regions according to different methods (weighted, prioritized, geographical, …). Within each region there is an Azure Firewall or an application gateway with firewall, if a load balancing should also take place within a region.

The Azure Front Door service has been around for some time. It combines the Traffic Manager and a Web Application Firewall. In addition, Front Door offers features that were otherwise only available in the Application Gateway, such as URL-based routing, SSL offloading, etc.

This makes Front Door a better alternative than the combination of Traffic Manager and Firewall. In addition, less services are not only reducing administrative effort and complexity, but often even costs.