F5 Distributed Cloud Web Application Firewall Managed Service
5
Customers may schedule an optional conference call with the F5 services team as part of
initial onboarding to review configuration and commit routing changes to the Distributed
Cloud platform.
WAF Policy Learning and Building
WAF security policies will be created by the F5 services team as follows:
• using a baseline security template that is pre-configured for known vulnerabilities
related to the particular application framework to be protected
• and/or output related to a third-party WAF vulnerability assessment or scan output
• and/or an existing policy from other vendors.
Policy deployment and tuning tasks may include some or all the following vulnerability
mitigations and may be implemented upon an agreed order by the F5 services team
and customer.
Configure Allowed HTTP methods
Configure Allowed HTTP Response Codes
Configure Disallow File Types
Configure Attack Signatures
Configure relevant attack signature based on customer's requirement
Tailor architecture-based attack signatures to match customer's environment
Configure Explicit Entities
URLs
Parameters
Configure Session and Logins
(Verify with the customer if they want the module on and inform the customer
before enabling)
Configure Logon pages
Enable Login Page based Session Awareness
Configure Headers
Cookie enforcement
Redirection Domains
Enable additional WAF policy features as agreed upon during the Onboarding Call
Configure Block Response Page
The F5 services team will attach the policy to the load balancer and initiate the learning
phase. F5 engineers will work collaboratively with the customer to tune the policy. Once
a policy is deployed, the customer and the operations team may collaborate to perform
violation reviews and on-going tuning. F5 security experts will advise on best practices for
unique customer scenarios.
KEY FEATURES
Robust attack-signature engine
The Distributed Cloud WAF
signature engine contains more
than 7,000 signatures for CVEs,
plus known vulnerabilities and
techniques identified by F5 Labs.
Threat Campaigns
Delivers protection against
sophisticated, multi-vector attack
campaigns via fully vetted attack
campaign signatures developed by
F5 threat researchers.
Advanced Behavior Engine
Client interactions are analyzed
on how a client compares to
others—the number of WAF rules
hit, forbidden access attempts, login
failures, error rates, and more.
Powerful Service Policy Engine
Enables micro segmentation and
support for advanced security at the
application layer with development
of allow/deny lists and customer
rule creation based on a variety
of parameters to act on incoming
requests.
IP Reputation Service
Easily allow or deny IP addresses
based on threat categories or threat
score backed by F5's database of
known malicious IP addresses.
Reporting and Analytics
With a 360-degree view of
performance and security posture
for all apps including granular status
of application deployments, health,
performance and detailed real-time
information on violations, attack
activity, sources, paths and more.