Manual Chapter :
Configure Advanced Web Application Firewall (Advanced
WAF)(On-Box)
Applies To:
Show Versions
BIG-IQ Centralized Management
- 8.4.0
Configure Advanced Web Application Firewall (Advanced
WAF)(On-Box)
Either from a topology workflow or directly under the Services tab in the SSL
Orchestrator user interface, you can create a new F5 Advanced WAF (On-Box)
service.
AWAF Service | User Input |
|---|---|
Application Security Policy | Lists the Application Security Manager (ASM) application
security policies already created on the BIG-IP system
corresponding to the Location Tag
selected system. An Application Security policy protects a
web application server from malicious traffic, using
positive and negative security features. Use an existing policy or select Create New to create a new
policy. Clicking Create New redirects you to a new tab
outside of the Guided Configuration. On creating the new
policy, return and refresh the dropdown to select it. |
Bot Defense Profile | Lists the Bot Defense profiles already created on the BIG-IP
system corresponding to the Location
Tag selected system. A Bot Defense profile
proactively helps identify and mitigate automated attacks on
your applications by web robots before they cause damage to
the site. This defense method, called bot defense, can
prevent starting of layer 7 DoS attacks, web scraping, and
brute force attacks.Use an existing profile or select Create New to create a new
profile. Clicking Create New redirects you to a new tab
outside of Guided Configuration. On creating the new
profile, return and refresh the dropdown to select it. |
DoS Protection Profile | Lists the DoS profiles already created on the BIG-IP system
corresponding to the Location Tag
selected system. A DoS Protection profile defines the
strategies used to detect and mitigate Denial of Service
(DoS) attacks on protected objects. It is designed to
protect your data center from attacks by detecting and
mitigating many malicious traffic patterns, and packet
types, also referred to as attack vectors or attack
signatures. Depending on your license, you can reuse the DoS profile
across services and virtuals only a specific number of
times. This means that you may not be able to reuse the DoS
profile multiple times as your license configuration may
restrict it. Use an existing profile or select Create New to create a new
profile. Clicking Create New redirects you to a new tab
outside of Guided Configuration. On creating the new
profile, return and refresh the dropdown to select it. |
Log Profiles | Lists the Logging profiles already created on the BIG-IP
system corresponding to the Location Tag
selected system. A Logging profile determines which events the
system logs, where it logs, and the format of these events.
Select an Available log profile and move it to the list of
Selected log profiles. |
Description | Optionally enter a description here. |
Location Tag | Location Tag corresponds to a location name within the BIG-IQ
interface where the BIG-IP SSL Orchestrator (SSLO) module
will be managed and configured. Select a location to deploy this service.
Any refers to a location that is
Global or Shared. |
Name | Provide a name for this service. |
iRules | Specify the iRules you want to run. iRules help automate the
intercepting, processing, and routing of application traffic.
Use the move buttons to add, remove, or reorder the iRules list.
|
Click
Save & Next
to proceed. The workflow will proceed to
the Service Chains page to allow adding of this new service to a service chain.
