Configure Advanced Web Application Firewall \(Advanced WAF\)\(On-Box\)
Either from a topology workflow or directly under the Services tab in the SSL Orchestrator user interface, you can create a new F5 Advanced WAF (On-Box) service.
| AWAF Service | User Input |
|---|---|
| Application Security Policy | Lists the Application Security Manager (ASM) application security policies already created on the BIG-IP system corresponding to the Location Tag selected system. An Application Security policy protects a web application server from malicious traffic, using positive and negative security features. Use an existing policy or select Create New to create a new policy. Clicking Create New redirects you to a new tab outside of the Guided Configuration. On creating the new policy, return and refresh the dropdown to select it. |
| Bot Defense Profile | Lists the Bot Defense profiles already created on the BIG-IP system corresponding to the Location Tag selected system. A Bot Defense profile proactively helps identify and mitigate automated attacks on your applications by web robots before they cause damage to the site. This defense method, called bot defense, can prevent starting of layer 7 DoS attacks, web scraping, and brute force attacks. Use an existing profile or select Create New to create a new profile. Clicking Create New redirects you to a new tab outside of Guided Configuration. On creating the new profile, return and refresh the dropdown to select it. |
| DoS Protection Profile | Lists the DoS profiles already created on the BIG-IP system corresponding to the Location Tag selected system. A DoS Protection profile defines the strategies used to detect and mitigate Denial of Service (DoS) attacks on protected objects. It is designed to protect your data center from attacks by detecting and mitigating many malicious traffic patterns, and packet types, also referred to as attack vectors or attack signatures. Depending on your license, you can reuse the DoS profile across services and virtuals only a specific number of times. This means that you may not be able to reuse the DoS profile multiple times as your license configuration may restrict it. Use an existing profile or select Create New to create a new profile. Clicking Create New redirects you to a new tab outside of Guided Configuration. On creating the new profile, return and refresh the dropdown to select it. |
| Log Profiles | Lists the Logging profiles already created on the BIG-IP system corresponding to the Location Tag selected system. A Logging profile determines which events the system logs, where it logs, and the format of these events. Select an Available log profile and move it to the list of Selected log profiles. |
| Description | Optionally enter a description here. |
| Location Tag | Location Tag corresponds to a location name within the BIG-IQ interface where the BIG-IP SSL Orchestrator (SSLO) module will be managed and configured. Select a location to deploy this service. Any refers to a location that is Global or Shared. |
| Name | Provide a name for this service. |
| iRules | Specify the iRules you want to run. iRules help automate the intercepting, processing, and routing of application traffic. Use the move buttons to add, remove, or reorder the iRules list.
|