SlideShare a Scribd company logo

WAF deployment

Download as PPTX, PDF
Aravindan A
Aravindan A

This document discusses different deployment options for a web application firewall (WAF). It covers physical appliance deployment, reverse proxy mode, bridge-path mode, virtual deployment, and public cloud hosting. It also provides information on initial WAF configuration steps like network settings, firmware updates, and activating subscriptions. Additionally, it outlines various service types that can be configured on the WAF like HTTP, HTTPS, FTP, and instant SSL services. Specific configuration examples are provided for SSL services and setting up HTTP and HTTPS services on the WAF.

1 of 27
Deployment Options Topics Covered: • PhysicalAppliance Overview • Reverse ProxyMode • Bridge-PathMode • VirtualDeployment • Public Cloud Hosting
Reverse Proxy Mode • Requestsand responsesare terminated attheWAF • Configure whatshould be allowed/inspected Backend Servers Tommy WAF Request Response
Two-Arm Proxy Deployment WAF Switch Internet Firewall 192.168.0.1 WAN LAN 10.0.0.13 10.0.0.11 10.0.0.12 VIP1: 192.168.0.110 VIP2: 192.168.0.120 VIP3: 192.168.0.130
Two-Arm Proxy Deployment • Advantages • Most secure deploymentbecauseback-endservers arecompletely isolated • FastHighAvailabilityfailover • Considerations • Mayrequirenetworkchangestoserver IPaddressesandDNSmappings • Deploymentrequirescut-overoflive services • Networkreconfigurationmayrequire youtorestore networktooriginal state
One-Arm Proxy Deployment WAF Internet Firewall 192.168.0.1 WAN LAN Switch 192.168.0.13 192.168.0.11 192.168.0.12 VIP1: 192.168.0.110 VIP2: 192.168.0.120 VIP3: 192.168.0.130
One-Arm Proxy Deployment • Advantages • Networkinfrastructure andpartitioningunchanged • Allowsmultiple accesspathstoservers fortesting • Integrateseasilywithexisting enterpriseloadbalancers • Considerations • Mayrequire DNS,IPaddresschangesornatting • Potentiallycompromises serversecurity byprovidingdirectserveraccess
WAF Bridge-Path Mode • ActsasanL2transparentbridge • Inspectsonlythetrafficthatisconfiguredforinspection • Allothertrafficisbridged • WANandLANinterfacesmustbeonphysically separatenetworks Backend Servers Tommy Other Traffic Request HTTP Response HTTP
Bridge-Path Deployment WAF Switch Internet Firewall 192.168.0.1 WAN LAN 192.168.0.13 192.168.0.11 192.168.0.12 VIP1: 192.168.0.11 VIP2: 192.168.0.12 VIP3: 192.168.0.13 Switch
Bridge-Path Deployment • Advantages • Minimalnetworkchanges • Existing IPaddressinfrastructure isreused • RealServers keepexisting IPaddresses • Considerations • Sensitive tobroadcaststorms andaddressresolution loopingerrors • Lessresilient tonetworkmisconfiguration • ApplicationDeliveryfeaturesarenotavailable
Virtual Deployment • Only Reverse Proxymode deploymentsare supported • Requiresa64-bit capable host Image Type Supported Hypervisors OVF • VMware ESX and ESXi (vSphere Hypervisor) versions 4.x • VMware ESX and ESXi (vSphere Hypervisor) versions 5.x • Sun/Oracle VirtualBox and VirtualBox OSE version 3.2 VMX • VMware Server 2.x • VMware Workstation 6.x, Player 3.x, and Fusion 3.x XVA • Citrix XenServer 5.5+ VHD • Microsoft Hyper-V for Windows 8, 2008, 2012, and 2012 R2
Virtual Deployment - VM Configuration Model Cores - Maximum RAM - Recommended Minimum Hard Disk - Recommended Minimum 360 2 2 GB 50 GB 460 3 3 GB 50 GB 660 4 or more 4 GB 50 GB
Public Cloud Hosting
Initial Configuration Topics Covered: • Web Interface Access • Local Console Access • Networkand Administration Settings • Activate theSubscriptionStatus • UpdateFirmware andEnergize Updates Module 3–Chapter 3
Web Interface Access • WAFConfiguration settings canbechanged using: • TheWebInterface • TheRESTAPI • Defaultcredentials • Username:admin • Password:admin • 3.3 – Initial Configuration 192.168.200.100 WAF 192.168.200.200 http://192.168.200.200:8000 https://192.168.200.200 Or
Local Console Access • ConnectVGA Screen+ USBKeyboard • OpentheVMConsole forVirtualMachines • Default credentials • Username: admin • Password: admin • 3.3 – Initial Configuration
Web Interface Access • 3.3 – Initial Configuration SECTIONS PAGES (relative to the sections) Instant Search Help
Network and Administration Settings • BASIC >IP Configuration • WAN/LAN/ ManagementportsIPsettings • OperationMode • DNSConfiguration • BASIC > Administration • ChangeAdmin Password • SettheTimeZone • ADVANCED>SystemConfiguration • Configure NTPServers • 3.3 – Initial Configuration Live Demo
Activate the Subscription Status • PhysicalAppliances • Clickthelinkinthismessage warningyouthatyoumust activatetheWAF • Fill in the required fields in the pop-up window and click Activate • If the WAF cannot communicate directly to Barracuda Central servers, note the Activation Code displayed • IntheSubscription StatusoftheBASIC>Status page • Verify that your subscriptions are Current • If required, enter the Activation Code and then click Activate • 3.3 – Initial Configuration
Activate the Subscription Status • VirtualInstances • Configure theTCP/IPSettings inthe LocalConsole Interface • Make sure that the VM can reach the Internet • EnterthelicensetokenandtheDefaultDomainintheLicensing section • 3.3 – Initial Configuration
Update Firmware and Energize Updates • ADVANCED>FirmwareUpdate • Updatethe firmware tothe latestgeneralrelease • ADVANCED>Energize Update • SetAutomatic UpdatedtoON • Performmanualupdates(first time only) • ADVANCED>SystemConfiguration • Enable ShowAdvancedsettings • Configure theDefaultPatternmode • 3.3 – Initial Configuration Live Demo
Services Topics Covered: • Overview • Services Types • SSLServices • InstantSSL • HTTP andHTTPS Service configuration Module 3–Chapter 4
Services Overview • Service:a logical projection of aReal Server application • RealServer:the physical/virtual entitythat hostsacertain application • VIP:theVirtualIP Addressassociated to aService • 3.4 – Services WAF End Users Real Server HTTP Service HTTP VIP
Services Types • Services dependon thetypeof application hostedontheReal Servers • Services available inReverse ProxyMode: • HTTPandHTTPSServices • FTPandFTPSServices • InstantSSLandRedirectServices • CustomandCustom SSLServices (noUDPtraffic) • Services available inBridge Mode: • HTTPandHTTPSServices • 3.4 – Services
SSL Services • SSLSessions will be terminated attheWAF • Certificates are stored on theWAF • 3.4 – Services WAF HTTPSVIP Tommy Web Application HTTPS HTTPS HTTPS
Instant SSL • Securesan HTTP webapplicationwith HTTPS • Creates twoservices withsame VIP (HTTP[80] / HTTPS[443]) • RedirectsHTTP requeststo theHTTPS Service • RewritesHTTP to HTTPS in response body • 3.4 – Services WAF HTTP HTTPS VIP Web Application HTTP Redirect to HTTPS 1st HTTP Request HTTPWT Response Rewrite Tommy
WAF Perfect Forward Secrecy (PFS) • Generatesrandompublic keyspersession forthekeyagreement • The connection must be established witha DHE handshake • When enabled, non-ECDSACiphersarenot used • 3.4 – Services HTTPS HTTPS Backend Servers John Tommy session1 session2
HTTP and HTTPS Service Configuration • BASIC >Services • AddnewHTTPservice • BASIC >Certificates • Createanewself-signed certificate • BASIC >Services • AddnewHTTPSservice • Edit SSLsettings • Configure SSLonthe back-end • 3.4 – Services Live Demo

Recommended

AWS inspector_이해
AWS inspector_이해AWS inspector_이해
AWS inspector_이해
ASome Cloud
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & Logging
Jason Poley
 
Deep-Dive to Application Insights
Deep-Dive to Application Insights Deep-Dive to Application Insights
Deep-Dive to Application Insights
Gunnar Peipman
 
Aws VPC
Aws VPCAws VPC
Aws VPC
Abhishek Amralkar
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
Amazon Web Services
 
AWS WAF
AWS WAFAWS WAF
AWS WAF
Amazon Web Services
 

Recommended

AWS inspector_이해
AWS inspector_이해AWS inspector_이해
AWS inspector_이해
ASome Cloud
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & Logging
Jason Poley
 
Deep-Dive to Application Insights
Deep-Dive to Application Insights Deep-Dive to Application Insights
Deep-Dive to Application Insights
Gunnar Peipman
 
Aws VPC
Aws VPCAws VPC
Aws VPC
Abhishek Amralkar
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
Amazon Web Services
 
AWS WAF
AWS WAFAWS WAF
AWS WAF
Amazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
Gary Silverman
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon Web Services
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
Shiva Narayanaswamy
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
Secure Coding for Java
Secure Coding for JavaSecure Coding for Java
Secure Coding for JavaSébastien GIORIA
 
Penetration Testing Azure for Ethical Hackers
Penetration Testing Azure for Ethical HackersPenetration Testing Azure for Ethical Hackers
Penetration Testing Azure for Ethical Hackers
Cheah Eng Soon
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
Amazon Web Services
 
Iam presentation
Iam presentationIam presentation
Iam presentation
AWS UG PK
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Mark Bate
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
Amazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Web Services
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App Firewall
Amazon Web Services
 
Aws IAM
Aws IAMAws IAM
Aws IAM
Chamali Liyanage
 
Microservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudMicroservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring Cloud
Eberhard Wolff
 
GuardDuty Hands-on Lab
GuardDuty Hands-on LabGuardDuty Hands-on Lab
GuardDuty Hands-on Lab
Amazon Web Services
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and Serverless
Amazon Web Services
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
Amazon Web Services
 
AWS - Lambda Fundamentals
AWS - Lambda FundamentalsAWS - Lambda Fundamentals
AWS - Lambda Fundamentals
Piyush Agrawal
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
Aravindan A
 
Webinar NETGEAR - Insight, le funzionalita' per il Networking Management
Webinar NETGEAR - Insight, le funzionalita' per il Networking ManagementWebinar NETGEAR - Insight, le funzionalita' per il Networking Management
Webinar NETGEAR - Insight, le funzionalita' per il Networking Management
Netgear Italia
 

More Related Content

What's hot

Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
Gary Silverman
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon Web Services
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
Shiva Narayanaswamy
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
Penetration Testing Azure for Ethical Hackers
Penetration Testing Azure for Ethical HackersPenetration Testing Azure for Ethical Hackers
Penetration Testing Azure for Ethical Hackers
Cheah Eng Soon
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
Amazon Web Services
 
Iam presentation
Iam presentationIam presentation
Iam presentation
AWS UG PK
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Mark Bate
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
Amazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Web Services
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App Firewall
Amazon Web Services
 
Aws IAM
Aws IAMAws IAM
Aws IAM
Chamali Liyanage
 
Microservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudMicroservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring Cloud
Eberhard Wolff
 
GuardDuty Hands-on Lab
GuardDuty Hands-on LabGuardDuty Hands-on Lab
GuardDuty Hands-on Lab
Amazon Web Services
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and Serverless
Amazon Web Services
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
Cisco Security
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
Amazon Web Services
 
AWS - Lambda Fundamentals
AWS - Lambda FundamentalsAWS - Lambda Fundamentals
AWS - Lambda Fundamentals
Piyush Agrawal
 

What's hot (20)

Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
 
Secure Coding for Java
Secure Coding for JavaSecure Coding for Java
Secure Coding for Java
 
Penetration Testing Azure for Ethical Hackers
Penetration Testing Azure for Ethical HackersPenetration Testing Azure for Ethical Hackers
Penetration Testing Azure for Ethical Hackers
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
 
Iam presentation
Iam presentationIam presentation
Iam presentation
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App Firewall
 
Aws IAM
Aws IAMAws IAM
Aws IAM
 
Microservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring CloudMicroservice With Spring Boot and Spring Cloud
Microservice With Spring Boot and Spring Cloud
 
GuardDuty Hands-on Lab
GuardDuty Hands-on LabGuardDuty Hands-on Lab
GuardDuty Hands-on Lab
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and Serverless
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
 
AWS - Lambda Fundamentals
AWS - Lambda FundamentalsAWS - Lambda Fundamentals
AWS - Lambda Fundamentals
 

Similar to WAF deployment

Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
Aravindan A
 
Webinar NETGEAR - Insight, le funzionalita' per il Networking Management
Webinar NETGEAR - Insight, le funzionalita' per il Networking ManagementWebinar NETGEAR - Insight, le funzionalita' per il Networking Management
Webinar NETGEAR - Insight, le funzionalita' per il Networking Management
Netgear Italia
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure Services
BizTalk360
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamer
Sharon James
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamer
Wannes Rams
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
Chiradeep Vittal
 
Microsoft Server Virtualization and Private Cloud
Microsoft Server Virtualization and Private CloudMicrosoft Server Virtualization and Private Cloud
Microsoft Server Virtualization and Private Cloud
Md Yousup Faruqu
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
MarketingArrowECS_CZ
 
What's Coming In CloudStack 4.18
What's Coming In CloudStack 4.18What's Coming In CloudStack 4.18
What's Coming In CloudStack 4.18
ShapeBlue
 
JUDCon 2013- JBoss Data Grid and WebSockets: Delivering Real Time Push at Scale
JUDCon 2013- JBoss Data Grid and WebSockets: Delivering Real Time Push at ScaleJUDCon 2013- JBoss Data Grid and WebSockets: Delivering Real Time Push at Scale
JUDCon 2013- JBoss Data Grid and WebSockets: Delivering Real Time Push at Scale
C2B2 Consulting
 
Server Virtualization using Hyper-V
Server Virtualization using Hyper-VServer Virtualization using Hyper-V
Server Virtualization using Hyper-V
Md Yousup Faruqu
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
Nazmul Hossain Rakib
 
Sutol How To Be A Lion Tamer
Sutol How To Be A Lion TamerSutol How To Be A Lion Tamer
Sutol How To Be A Lion Tamer
Sharon James
 
eMagic- Complete Data Center Management
eMagic- Complete Data Center ManagementeMagic- Complete Data Center Management
eMagic- Complete Data Center Management
Manisha Daulatani
 
.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7
Karel Zikmund
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewhowie YU
 
WildFly v9 - State of the Union Session at Voxxed, Istanbul, May/9th 2015.
WildFly v9 - State of the Union Session at Voxxed, Istanbul, May/9th 2015.WildFly v9 - State of the Union Session at Voxxed, Istanbul, May/9th 2015.
WildFly v9 - State of the Union Session at Voxxed, Istanbul, May/9th 2015.
Dimitris Andreadis
 
What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17
ShapeBlue
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: Networking
VMware
 

Similar to WAF deployment (20)

Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
 
Webinar NETGEAR - Insight, le funzionalita' per il Networking Management
Webinar NETGEAR - Insight, le funzionalita' per il Networking ManagementWebinar NETGEAR - Insight, le funzionalita' per il Networking Management
Webinar NETGEAR - Insight, le funzionalita' per il Networking Management
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure Services
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamer
 
How to be a lion tamer
How to be a lion tamerHow to be a lion tamer
How to be a lion tamer
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
 
Microsoft Server Virtualization and Private Cloud
Microsoft Server Virtualization and Private CloudMicrosoft Server Virtualization and Private Cloud
Microsoft Server Virtualization and Private Cloud
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
What's Coming In CloudStack 4.18
What's Coming In CloudStack 4.18What's Coming In CloudStack 4.18
What's Coming In CloudStack 4.18
 
JUDCon 2013- JBoss Data Grid and WebSockets: Delivering Real Time Push at Scale
JUDCon 2013- JBoss Data Grid and WebSockets: Delivering Real Time Push at ScaleJUDCon 2013- JBoss Data Grid and WebSockets: Delivering Real Time Push at Scale
JUDCon 2013- JBoss Data Grid and WebSockets: Delivering Real Time Push at Scale
 
Server Virtualization using Hyper-V
Server Virtualization using Hyper-VServer Virtualization using Hyper-V
Server Virtualization using Hyper-V
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
 
Sutol How To Be A Lion Tamer
Sutol How To Be A Lion TamerSutol How To Be A Lion Tamer
Sutol How To Be A Lion Tamer
 
eMagic- Complete Data Center Management
eMagic- Complete Data Center ManagementeMagic- Complete Data Center Management
eMagic- Complete Data Center Management
 
.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
 
WildFly v9 - State of the Union Session at Voxxed, Istanbul, May/9th 2015.
WildFly v9 - State of the Union Session at Voxxed, Istanbul, May/9th 2015.WildFly v9 - State of the Union Session at Voxxed, Istanbul, May/9th 2015.
WildFly v9 - State of the Union Session at Voxxed, Istanbul, May/9th 2015.
 
What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: Networking
 

More from Aravindan A

Application delivery
Application deliveryApplication delivery
Application delivery
Aravindan A
 
Barracuda WAF deployment in AWS
Barracuda WAF deployment in AWSBarracuda WAF deployment in AWS
Barracuda WAF deployment in AWS
Aravindan A
 
Barracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft AzureBarracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft Azure
Aravindan A
 
Api sec demo_updated_v2
Api sec demo_updated_v2Api sec demo_updated_v2
Api sec demo_updated_v2
Aravindan A
 
WAF CC Introduction
WAF CC IntroductionWAF CC Introduction
WAF CC Introduction
Aravindan A
 
System administration
System administrationSystem administration
System administration
Aravindan A
 
Devops
DevopsDevops
Devops
Aravindan A
 
Advanced networking
Advanced networkingAdvanced networking
Advanced networking
Aravindan A
 
Reporting
ReportingReporting
Reporting
Aravindan A
 
Logging intro
Logging introLogging intro
Logging intro
Aravindan A
 
Application delivery
Application deliveryApplication delivery
Application delivery
Aravindan A
 
Access control
Access controlAccess control
Access control
Aravindan A
 
Advanced security in Barracuda WAF
Advanced security in Barracuda WAFAdvanced security in Barracuda WAF
Advanced security in Barracuda WAF
Aravindan A
 
application security basics
application security basicsapplication security basics
application security basics
Aravindan A
 
general protocol basics
general protocol basicsgeneral protocol basics
general protocol basics
Aravindan A
 

More from Aravindan A (15)

Application delivery
Application deliveryApplication delivery
Application delivery
 
Barracuda WAF deployment in AWS
Barracuda WAF deployment in AWSBarracuda WAF deployment in AWS
Barracuda WAF deployment in AWS
 
Barracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft AzureBarracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft Azure
 
Api sec demo_updated_v2
Api sec demo_updated_v2Api sec demo_updated_v2
Api sec demo_updated_v2
 
WAF CC Introduction
WAF CC IntroductionWAF CC Introduction
WAF CC Introduction
 
System administration
System administrationSystem administration
System administration
 
Devops
DevopsDevops
Devops
 
Advanced networking
Advanced networkingAdvanced networking
Advanced networking
 
Reporting
ReportingReporting
Reporting
 
Logging intro
Logging introLogging intro
Logging intro
 
Application delivery
Application deliveryApplication delivery
Application delivery
 
Access control
Access controlAccess control
Access control
 
Advanced security in Barracuda WAF
Advanced security in Barracuda WAFAdvanced security in Barracuda WAF
Advanced security in Barracuda WAF
 
application security basics
application security basicsapplication security basics
application security basics
 
general protocol basics
general protocol basicsgeneral protocol basics
general protocol basics
 

Recently uploaded

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 

Recently uploaded (20)

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 

WAF deployment

  • 1. Deployment Options Topics Covered: • PhysicalAppliance Overview • Reverse ProxyMode • Bridge-PathMode • VirtualDeployment • Public Cloud Hosting
  • 2. Reverse Proxy Mode • Requestsand responsesare terminated attheWAF • Configure whatshould be allowed/inspected Backend Servers Tommy WAF Request Response
  • 3. Two-Arm Proxy Deployment WAF Switch Internet Firewall 192.168.0.1 WAN LAN 10.0.0.13 10.0.0.11 10.0.0.12 VIP1: 192.168.0.110 VIP2: 192.168.0.120 VIP3: 192.168.0.130
  • 4. Two-Arm Proxy Deployment • Advantages • Most secure deploymentbecauseback-endservers arecompletely isolated • FastHighAvailabilityfailover • Considerations • Mayrequirenetworkchangestoserver IPaddressesandDNSmappings • Deploymentrequirescut-overoflive services • Networkreconfigurationmayrequire youtorestore networktooriginal state
  • 5. One-Arm Proxy Deployment WAF Internet Firewall 192.168.0.1 WAN LAN Switch 192.168.0.13 192.168.0.11 192.168.0.12 VIP1: 192.168.0.110 VIP2: 192.168.0.120 VIP3: 192.168.0.130
  • 6. One-Arm Proxy Deployment • Advantages • Networkinfrastructure andpartitioningunchanged • Allowsmultiple accesspathstoservers fortesting • Integrateseasilywithexisting enterpriseloadbalancers • Considerations • Mayrequire DNS,IPaddresschangesornatting • Potentiallycompromises serversecurity byprovidingdirectserveraccess
  • 7. WAF Bridge-Path Mode • ActsasanL2transparentbridge • Inspectsonlythetrafficthatisconfiguredforinspection • Allothertrafficisbridged • WANandLANinterfacesmustbeonphysically separatenetworks Backend Servers Tommy Other Traffic Request HTTP Response HTTP
  • 9. Bridge-Path Deployment • Advantages • Minimalnetworkchanges • Existing IPaddressinfrastructure isreused • RealServers keepexisting IPaddresses • Considerations • Sensitive tobroadcaststorms andaddressresolution loopingerrors • Lessresilient tonetworkmisconfiguration • ApplicationDeliveryfeaturesarenotavailable
  • 10. Virtual Deployment • Only Reverse Proxymode deploymentsare supported • Requiresa64-bit capable host Image Type Supported Hypervisors OVF • VMware ESX and ESXi (vSphere Hypervisor) versions 4.x • VMware ESX and ESXi (vSphere Hypervisor) versions 5.x • Sun/Oracle VirtualBox and VirtualBox OSE version 3.2 VMX • VMware Server 2.x • VMware Workstation 6.x, Player 3.x, and Fusion 3.x XVA • Citrix XenServer 5.5+ VHD • Microsoft Hyper-V for Windows 8, 2008, 2012, and 2012 R2
  • 11. Virtual Deployment - VM Configuration Model Cores - Maximum RAM - Recommended Minimum Hard Disk - Recommended Minimum 360 2 2 GB 50 GB 460 3 3 GB 50 GB 660 4 or more 4 GB 50 GB
  • 13. Initial Configuration Topics Covered: • Web Interface Access • Local Console Access • Networkand Administration Settings • Activate theSubscriptionStatus • UpdateFirmware andEnergize Updates Module 3–Chapter 3
  • 14. Web Interface Access • WAFConfiguration settings canbechanged using: • TheWebInterface • TheRESTAPI • Defaultcredentials • Username:admin • Password:admin • 3.3 – Initial Configuration 192.168.200.100 WAF 192.168.200.200 http://192.168.200.200:8000 https://192.168.200.200 Or
  • 15. Local Console Access • ConnectVGA Screen+ USBKeyboard • OpentheVMConsole forVirtualMachines • Default credentials • Username: admin • Password: admin • 3.3 – Initial Configuration
  • 16. Web Interface Access • 3.3 – Initial Configuration SECTIONS PAGES (relative to the sections) Instant Search Help
  • 17. Network and Administration Settings • BASIC >IP Configuration • WAN/LAN/ ManagementportsIPsettings • OperationMode • DNSConfiguration • BASIC > Administration • ChangeAdmin Password • SettheTimeZone • ADVANCED>SystemConfiguration • Configure NTPServers • 3.3 – Initial Configuration Live Demo
  • 18. Activate the Subscription Status • PhysicalAppliances • Clickthelinkinthismessage warningyouthatyoumust activatetheWAF • Fill in the required fields in the pop-up window and click Activate • If the WAF cannot communicate directly to Barracuda Central servers, note the Activation Code displayed • IntheSubscription StatusoftheBASIC>Status page • Verify that your subscriptions are Current • If required, enter the Activation Code and then click Activate • 3.3 – Initial Configuration
  • 19. Activate the Subscription Status • VirtualInstances • Configure theTCP/IPSettings inthe LocalConsole Interface • Make sure that the VM can reach the Internet • EnterthelicensetokenandtheDefaultDomainintheLicensing section • 3.3 – Initial Configuration
  • 20. Update Firmware and Energize Updates • ADVANCED>FirmwareUpdate • Updatethe firmware tothe latestgeneralrelease • ADVANCED>Energize Update • SetAutomatic UpdatedtoON • Performmanualupdates(first time only) • ADVANCED>SystemConfiguration • Enable ShowAdvancedsettings • Configure theDefaultPatternmode • 3.3 – Initial Configuration Live Demo
  • 21. Services Topics Covered: • Overview • Services Types • SSLServices • InstantSSL • HTTP andHTTPS Service configuration Module 3–Chapter 4
  • 22. Services Overview • Service:a logical projection of aReal Server application • RealServer:the physical/virtual entitythat hostsacertain application • VIP:theVirtualIP Addressassociated to aService • 3.4 – Services WAF End Users Real Server HTTP Service HTTP VIP
  • 23. Services Types • Services dependon thetypeof application hostedontheReal Servers • Services available inReverse ProxyMode: • HTTPandHTTPSServices • FTPandFTPSServices • InstantSSLandRedirectServices • CustomandCustom SSLServices (noUDPtraffic) • Services available inBridge Mode: • HTTPandHTTPSServices • 3.4 – Services
  • 24. SSL Services • SSLSessions will be terminated attheWAF • Certificates are stored on theWAF • 3.4 – Services WAF HTTPSVIP Tommy Web Application HTTPS HTTPS HTTPS
  • 25. Instant SSL • Securesan HTTP webapplicationwith HTTPS • Creates twoservices withsame VIP (HTTP[80] / HTTPS[443]) • RedirectsHTTP requeststo theHTTPS Service • RewritesHTTP to HTTPS in response body • 3.4 – Services WAF HTTP HTTPS VIP Web Application HTTP Redirect to HTTPS 1st HTTP Request HTTPWT Response Rewrite Tommy
  • 26. WAF Perfect Forward Secrecy (PFS) • Generatesrandompublic keyspersession forthekeyagreement • The connection must be established witha DHE handshake • When enabled, non-ECDSACiphersarenot used • 3.4 – Services HTTPS HTTPS Backend Servers John Tommy session1 session2
  • 27. HTTP and HTTPS Service Configuration • BASIC >Services • AddnewHTTPservice • BASIC >Certificates • Createanewself-signed certificate • BASIC >Services • AddnewHTTPSservice • Edit SSLsettings • Configure SSLonthe back-end • 3.4 – Services Live Demo