Size and estimate costs for Azure Application Gateway Standard_v2 and WAF_v2 with capacity unit calculation.
Last verified: May 2026
Fixed number of instances (each = 10 CUs)
Each CU supports 2,500 persistent connections
Each CU supports 2.22 Mbps
TLS handshakes, URL rewrites; each CU handles ~50/sec
$0.008/GB for both SKUs
Output will appear here...Standard_v2 provides Layer 7 load balancing with SSL termination, URL-based routing, multi-site hosting, and session affinity. Ideal when you manage WAF separately or do not need it.
WAF_v2 includes everything in Standard_v2 plus an integrated Web Application Firewall with OWASP Core Rule Set (CRS) 3.2, bot protection, and custom rules. The higher fixed cost reflects the WAF processing overhead.
Each Capacity Unit (CU) is the billing measure and includes:
The dimension requiring the most CUs determines your actual CU consumption. Each instance provides 10 CUs.
Set minimum instances to handle your baseline traffic without scale-up delay. New instances take 6-8 minutes to provision.
Set maximum instances to cap costs while handling traffic spikes. Monitor the CurrentCapacityUnit metric in Azure Monitor to right-size over time.
With autoscale, you are billed for the minimum instances even when idle, plus additional CUs consumed during scale-out events.
Application Gateway operates at Layer 7 (HTTP/HTTPS) and provides URL routing, SSL offloading, cookie-based affinity, and optional WAF.
Azure Load Balancer operates at Layer 4 (TCP/UDP) with ultra-low latency. It is cheaper for simple TCP distribution but lacks HTTP-aware features.
Many architectures use both: Load Balancer for internal microservice traffic and Application Gateway as the public-facing ingress with WAF protection.
Your platform team is moving from a single Standard_v2 Application Gateway to WAF_v2 for compliance. The current gateway runs at 6 CU consistently with no autoscale headroom. You run the sizer with the same connection/throughput numbers and the +30% WAF overhead — it recommends minimum 8 CU, max 20 CU. You provision the new WAF_v2 with that sizing, run a load test to verify there are no inspection bottlenecks at peak, and cut over without latency regressions.
The Azure Application Gateway Sizer helps you choose between Standard_v2 and WAF_v2 SKUs and estimate capacity unit requirements based on your traffic patterns. It factors in connections per second, throughput, and compute utilization to calculate the minimum and recommended capacity units. The tool also estimates monthly costs including the fixed gateway fee and variable capacity unit charges.
The sizer takes peak connections per second and throughput requirements, then computes minimum CU count using AWS Application Gateway's per-CU thresholds (2,500 persistent connections per CU, 2.22 Mbps per CU, plus a compute factor). It applies a 30% overhead multiplier when WAF_v2 is selected. Cost output combines the fixed gateway hourly fee with the variable per-CU hourly rate, scaled to monthly totals.
Application Gateway v2 takes 6-7 minutes to scale up under burst traffic. Always set the minimum capacity to handle your normal peak — don't rely on autoscale to absorb traffic spikes. The minimum CU setting costs you a baseline ~$60/month per CU but eliminates cold-start latency during spikes.
WAF_v2 inspection adds about 30% CPU overhead per CU compared to Standard_v2. If you're sized correctly for Standard_v2 and need to enable WAF, plan to bump minimum capacity by 30% — a Standard_v2 running at 8 CU minimum should be sized for 11 CU on WAF_v2.
Application Gateway is regional. If you need global anycast and edge POPs, you want Front Door, not Application Gateway. Many teams reach for Application Gateway because it lives in their VNet, then later realize they need Front Door's global behavior — and end up with both, which is fine but doubles operational complexity.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.