What is a capacity unit in Application Gateway v2?

A capacity unit is a composite measure of compute utilization, persistent connections (2,500 per CU), and throughput (2.22 Mbps per CU). Application Gateway autoscales based on whichever dimension hits its per-CU limit first. You pay for the actual number of CUs consumed.

What is the difference between Standard_v2 and WAF_v2?

Both SKUs provide Layer 7 load balancing, SSL termination, and autoscaling. WAF_v2 adds a web application firewall with OWASP Core Rule Set protection against SQL injection, XSS, and other web attacks. WAF_v2 has a higher per-CU cost to cover the additional inspection processing.

Should I use Application Gateway or Azure Front Door?

Application Gateway is a regional Layer 7 load balancer deployed within a VNet. Azure Front Door is a global CDN and load balancer operating at the edge. Use Application Gateway for regional applications with VNet integration needs, and Front Door for global applications requiring edge caching, global load balancing, and DDoS protection.

Azure Application Gateway Sizer

NetworkingAzure

Size and estimate costs for Azure Application Gateway Standard_v2 and WAF_v2 with capacity unit calculation.

Input

SKU Tier

Scaling Mode

Instance Count

Fixed number of instances (each = 10 CUs)

Concurrent Connections

Each CU supports 2,500 persistent connections

Throughput

Mbps

Each CU supports 2.22 Mbps

New Connections/sec

TLS handshakes, URL rewrites; each CU handles ~50/sec

Data Processed

GB/month

$0.008/GB for both SKUs

Configure your Application Gateway settings and click Calculate Cost to see results.

Raw Output

Output will appear here...

Standard_v2 vs WAF_v2

Standard_v2 provides Layer 7 load balancing with SSL termination, URL-based routing, multi-site hosting, and session affinity. Ideal when you manage WAF separately or do not need it.

WAF_v2 includes everything in Standard_v2 plus an integrated Web Application Firewall with OWASP Core Rule Set (CRS) 3.2, bot protection, and custom rules. The higher fixed cost reflects the WAF processing overhead.

Capacity Unit Components

Each Capacity Unit (CU) is the billing measure and includes:

2,500 persistent connections
2.22 Mbps throughput
1 compute unit (~50 new connections/sec with TLS)

The dimension requiring the most CUs determines your actual CU consumption. Each instance provides 10 CUs.

Autoscale Best Practices

Set minimum instances to handle your baseline traffic without scale-up delay. New instances take 6-8 minutes to provision.

Set maximum instances to cap costs while handling traffic spikes. Monitor the CurrentCapacityUnit metric in Azure Monitor to right-size over time.

With autoscale, you are billed for the minimum instances even when idle, plus additional CUs consumed during scale-out events.

Application Gateway vs Azure Load Balancer

Application Gateway operates at Layer 7 (HTTP/HTTPS) and provides URL routing, SSL offloading, cookie-based affinity, and optional WAF.

Azure Load Balancer operates at Layer 4 (TCP/UDP) with ultra-low latency. It is cheaper for simple TCP distribution but lacks HTTP-aware features.

Many architectures use both: Load Balancer for internal microservice traffic and Application Gateway as the public-facing ingress with WAF protection.

About This Tool

The Azure Application Gateway Sizer helps you choose between Standard_v2 and WAF_v2 SKUs and estimate capacity unit requirements based on your traffic patterns. It factors in connections per second, throughput, and compute utilization to calculate the minimum and recommended capacity units. The tool also estimates monthly costs including the fixed gateway fee and variable capacity unit charges.

When to Use This Tool

•Sizing a new Application Gateway deployment based on expected peak connections per second and throughput.
•Estimating costs for WAF_v2 vs. Standard_v2 to determine if the web application firewall premium is justified.
•Calculating minimum autoscale capacity unit settings to handle baseline traffic without cold-start latency.
•Planning capacity for a multi-site Application Gateway serving multiple backend pools.

Frequently Asked Questions

What is a capacity unit in Application Gateway v2?: A capacity unit is a composite measure of compute utilization, persistent connections (2,500 per CU), and throughput (2.22 Mbps per CU). Application Gateway autoscales based on whichever dimension hits its per-CU limit first. You pay for the actual number of CUs consumed.
What is the difference between Standard_v2 and WAF_v2?: Both SKUs provide Layer 7 load balancing, SSL termination, and autoscaling. WAF_v2 adds a web application firewall with OWASP Core Rule Set protection against SQL injection, XSS, and other web attacks. WAF_v2 has a higher per-CU cost to cover the additional inspection processing.
Should I use Application Gateway or Azure Front Door?: Application Gateway is a regional Layer 7 load balancer deployed within a VNet. Azure Front Door is a global CDN and load balancer operating at the edge. Use Application Gateway for regional applications with VNet integration needs, and Front Door for global applications requiring edge caching, global load balancing, and DDoS protection.

Related Learning Guides

Azure Networking Deep Dive30 min read
Front Door & CDN Guide24 min read

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.