Contents

........................................................................................ Error! Bookmark not defined.

What is WAF ................................................................................................................... 1

Features of WAF ............................................................................................................. 2

How WAF provides security to customer network traffic? ............................................... 4

General WAF architecture. .............................................................................................. 5

WAF -project specific architecture. (including DR switch over & HA) .............................. 6

Different metholodies of implementation (various architectures) ..................................... 7

How it is implemented. .................................................................................................... 8

Implementation pre requisites of WAF. ........................................................................... 9

SOP for daily monitoring ............................................................................................... 10

Open incidents /Tickets to be resolved by OEM (specific to the current project) ........... 11

OEM Knowledge base links .......................................................................................... 12

Competitive WAF vendors............................................................................................. 13

Certifications available for WAF . .................................................................................. 14

What is WAF

A web application firewall (WAF) is a firewall that monitors, filters and

blocks data packets as they travel to and from a website or web application. A
WAF can be either network-based, host-based or cloud-based and is often
deployed through a reverse proxy and placed in front of one or more websites
or applications. Running as a network appliance, server plugin or cloud
service, the WAF inspects each packet and uses a rule base to analyze Layer
7 web application logic and filter out potentially harmful traffic that can
facilitate web exploits.

Web application firewalls are a common security control used by enterprises

to protect web systems against zero-day exploits, malware infections,
impersonation, and other known and unknown threats and vulnerabilities.
Through customized inspections, a WAF is able to detect and immediately
prevent several of the most dangerous web application security flaws, which
traditional network firewalls and other intrusion detection systems (IDSes)
and intrusion prevention systems (IPSes) may not be capable of doing. WAFs
are especially useful to companies that provide products or services over the
Internet such as e-commerce shopping, online banking and other interactions
between customers or business partners.

Confidential P a g e 1 | 15
Features of WAF

Security: Good. NSS Labs graded F5 top on security effectiveness at 98.11% and in
fourth place on block rate at 94%.
"The product works great for protecting web sites at an application layer," said a
security engineer in the finance industry. "It goes above and beyond what a traditional
firewall can do and protect against common threats and also new threats."
Performance: Very good. NSS Labs scored it above all but one competitor on
performance at 31,000 connections per second (CPS) and 36,540 transactions per
second. According to F5, it can scale from 25 Mbps (Virtual Edition) to an 8-blade
chassis that supports 5M L7 requests per second and 140 Gbps L4/L7 per blade.
Gartner said: "Reference customers scored F5 very highly for performance and for the
quality of the security modules, including protections against injection attacks, DDoS
and API security."
Value: Fair. NSS Labs found F5's 3-year TCO to be $327,176 which translated to $6.60
per CPS, more expensive than some competitors. However, the tests were based on
the previous version of F5 WAF, and cloud versions are available that should bring TCO
down significantly.
Implementation: Good. Deployment options vary from the complex to the simple. F5
Advanced WAF leverages the same inline full proxy architecture as existing F5 BIG-IP
solutions. Its carrier-grade VIPRION chassis is another approach that requires skilled
implementation. Other deployment scenarios such as L2 Transparent (non-proxy) are
supported. Simpler implementation options are in the cloud via F5 Silverline WAF
Express, click to run WAF in Microsoft Azure Security Center, and as part of a larger
solution in BIG-IP Cloud Edition.
Gartner said about the previous version of F5 WAF: "New clients often report that they
get confused with the management interface. They like the flexibility, but the learning
curve is quite extensive in order to leverage all capabilities." However, easier
implementation paths are now available.
Management: Best in class. F5 Advanced WAF management interface is now web-
based and purpose-built for security practitioners so the policy configuration, logging,
alerting, violation severity and analysis are all there as you would expect. The same
functionality is accessible via REST API for those who would rather use their
automation and UIs to manage and consume F5 security solutions.
Gartner added that the large and scalable Big-IP platform portfolio allows F5 customers
to bundle WAF with strong access management or load-balancing features, and to build
an architecture with single-pass decryption, mirroring to other security solutions, unified
learning, policy building and central visibility.
"The solution was quick to deploy and it's easy to manage," said a systems manager in
the telecom industry.

Confidential P a g e 2 | 15
Support: Very good. F5 has support centers for partners and customers in APAC,
Japan, EMEA, and North America that enable in-region support in several languages
through native-speaking support engineers. Additionally, the F5 WebSupport Portal
provides access by allowing customers to quickly create new support cases, receive an
automated case number, read case details and updates, upload troubleshooting
attachments, and more.
Cloud features: Very good. Silverline WAF Express is F5's lower-priced offering, which
comes without managed services. Higher-priced cloud offerings are also available that
provide more services. Gartner said Silverline is starting to be mentioned by clients as a
candidate for cloud-based WAF services. It provides an API for WAF configuration
management that is feature-complete, and integrates with AWS and Microsoft Azure
platforms.

Confidential P a g e 3 | 15
How WAF provides security to customer network traffic?

Web application firewalls are designed to be placed on the application layer, acting as a two-
way gatekeeper, and analyzes the HTTP/HTTPS traffic going in and leaving the application; the
WAF will then take action whenever it detects malicious traffic. A benefit of WAFs is that they
function independently from the application, but can constantly adjust to application behavior
changes. That way introducing a new feature in the application will not result in thousands of
false positive detections that would have been caused by a new application of data flows.

A WAF can be placed on a dedicated physical server and although it is often thought of as a
stand-alone application, it can also be integrated with other networking components. WAF can
be set to different levels of scrutiny, usually on a scale from low to high, and this allows the
WAF to provide better levels of security and mitigation for the web application depending on
your needs. There is also regulatory standards for WAFs, such as the Payment Card Industry
Data Security Standard (PCI DSS) or the Health Insurance Portability and Accountability Act of
1996 (HIPAA).

Confidential P a g e 4 | 15
General WAF architecture.

Confidential P a g e 5 | 15
WAF -project specific architecture. (including DR switch over & HA)

Confidential P a g e 6 | 15
Different metholodies of implementation (various architectures)

Confidential P a g e 7 | 15
How it is implemented.

SBI AWAF HLD SBI AWAF LLD -

v1.pdf Pilot v0.pdf

Confidential P a g e 8 | 15
Implementation pre requisites of WAF.

SBI AWAF LLD - SBI AWAF HLD

Pilot v0.pdf v1.pdf

Confidential P a g e 9 | 15
SOP for daily monitoring

WAF 24.7 checklist

rev 0.1.docx

Confidential P a g e 10 | 15
Open incidents /Tickets to be resolved by OEM (specific to the current
project)

RUN BOOK.xlsx

Confidential P a g e 11 | 15
OEM Knowledge base links

K23254150.pdf K18650749.pdf K15405450.pdf K11438344.pdf K17491.pdf K17333.pdf

K15497.pdf K14784.pdf K14342.pdf K14206.pdf K14199.pdf K14120.pdf

K13426.pdf K13383.pdf K13309.pdf K13121.pdf K13092.pdf K12815.pdf

K12173.pdf K11719.pdf K11072.pdf K9970.pdf K9957.pdf K9908.pdf

K9502.pdf K8811.pdf K6917.pdf K6068.pdf K5380.pdf K4918.pdf

K4602.pdf K4139.pdf K2200.pdf f5_com.pdf K80425458.pdf K53108777.pdf

K41305885.pdf K40243113.pdf K37718515.pdf K32203233.pdf K27404821.pdf K25301105.pdf

Confidential P a g e 12 | 15
Competitive WAF vendors.

Web Application Firewall Market Competitor:

 Akamai Technologies, Inc.

 Barracuda Networks, Inc.
 Cloudflare, Inc.
 Citrix Systems, Inc.
 Qualys, Inc.
 F5 Networks, Inc.
 Imperva, Inc.
 Fortinet, Inc.
 Penta Security Systems Inc.
 Radware Ltd
 Trustwave Holdings, Inc.
 Nsfocus Information Technology Co., Ltd
 Sophos Group PLC

Confidential P a g e 13 | 15
Certifications available for WAF .

Confidential P a g e 14 | 15