Configuring a Remote WAF

To setup a Remote WAF simply follow the steps below:

Step 1) Log into the AED GUI

Step 2) Click the WAF tab

Step 3) Select WAF Config

This will pull up the WAF Config window, which will show the existing WAFs.

Step 4) Click “Enable T-WAF”. If you see “Disable T-WAF” this option has already been enabled.

Step 5) Click “Add”

This will will pull up the “Add WAF Config” window.

Step 6) Click on the “Add protection for” drop down. Select “remote”

This will present you with a dropdown options to setup the WAF as either domain based or IP based.

Step 7) If you select name based you will be presented with these options:

  • Domain Name: Enter the domain name or full qualified domain you wish to use. For example, if you want the WAF to handle traffic for intranet.example.com enter that FQDN in this box.

  • Local Url: Enter the local URL, if any, that the WAF should expect from the client to direct this connection to the remote host. The default of / is usually correct if you are forwarding all traffic for an FQDN or domain. If you only want the WAF to pass on specific requests for specific URLs, enter them here.

  • Destination: Enter the full URL you want the WAF to use as the destination server. Make sure you have DNS or /etc/hosts entries for this, otherwise the WAF will not be able to find the destination. This should also not be the same thing as “Domain Name:”. You can also use https:// URLs here.

  • Remote Port: Type in the remote port for the backend server the WAF will be sending requests to.

  • SSL: Select SSL if you wish to accept SSL connections to the WAF. If you select this you will be presented with these additional options:

    • Path to SSL Certificate: Provide the filesystem path to the SSL certificate for this service.

    • Path to SSL Key file: Provide the filesystem path to the SSL key file for this service.

Note

If you selected name based, please skip to step 8

Step 7) If you select IP based you will be presented with these options:

  • IP Address: Enter the IP address you want the WAF to listen on (you can set multiple IPs by adding additional remote WAFs). For example, if you want the WAF to redirect all traffic on IP address 1.2.3.4 to internal.example.com, type in 1.2.3.4.

  • Local Url: Enter the local URL, if any, that the WAF should expect from the client to direct this connection to the remote host. The default of / is usually correct if you are forwarding all traffic for an FQDN or domain. If you only want the WAF to pass on specific requests for specific URLs, enter them here.

  • Destination: Enter the full URL you want the WAF to use as the destination server. Make sure you have DNS or /etc/hosts entries for this, otherwise the WAF will not be able to find the destination. This should also not be the same thing as “Domain Name:”. You can also use https:// here.

  • Remote Port: Type in the remote port for the backend server the WAF will be sending requests to.

  • SSL: Select SSL if you wish to accept SSL connections to the WAF. If you select this you will be presented with these additional options:

    • Path to SSL Certificate: Provide the filesystem path to the SSL certificate for this service.

    • Path to SSL Key file: Provide the filesystem path to the SSL key file for this service.

Step 8) Then click Save