The SonicWall Web Application Firewall (WAF) solutions enables the defensein-depth strategy to protect your web applications running in a private, public or hybrid cloud environment. It offers organizations a complete, out-of-box compliance solution for applicationcentric security that is easy to manage and deploy.
The SonicWall WAF Series is full-featured web application firewall that arms organizations with advanced web security tools and services to protect their data and web properties against modern, web-based threats. It applies deep packet inspection of Layer 7 web traffic against a regularly updated database of known signatures, denies access upon detecting web application threats and redirects users to an explanatory error page. In addition, the SonicWall WAF also baselines regular web application usage / behavior and identifies anomalies that may be indicative of attempts to compromise the application, steal data and/or cause a denial-of-service.
WAF employs a combination of signaturebased and application profiling deeppacket inspection, and high performance real-time intrusion scanning engine using event-driven architecture to dynamically defend against evolving threats as outlined by the Open Web Application Security Project (OWASP), as well as more advanced web application threats like Denial of Service (DoS) attacks and context-aware exploits. Moreover, it learns, interrogates and baselines regular web application usage behaviors and identifies anomalies that may be indicative of attempts to compromise the application, steal data and/or cause a denial-of-service.
WAF provides economy of scale benefits of virtualization and can be deployed as a virtual appliance in private clouds based on VMWare or Microsoft Hyper-V; or in AWS or Microsoft Azure public cloud environments. This gives organizations all the security advantages of a physical WAF with the operational and economic benefits of virtualization, including system scalability and agility, speed of system provisioning, simple management and cost reduction.
Acceleration features include load balancing, content caching, compression and connection multiplexing improve performance of protected websites and significantly reduce transactional costs. A robust dashboard provides an easy-touse, web-based management interface featuring status page overview of all monitoring and blocking activities, such as signature database status information and threats detected and prevented since boot-up.
The Series is available in four models that represent their inspection capacities and can be deployed on a broad range of public/private cloud/virtualized deployment use cases.
The next evolution of the product, SonicWall WAF 2.2 gains five significant new features and enhancements, including a new licensing model.
Real-Time Website Malware Prevention with Capture ATP Integration
With the increasing threat of malware, many websites are also at risk of advanced malware attacks like cryptojacking and the famous CTB-locker malware that targeted WordPress websites.
Malware is injected into websites through the use of vulnerable plugins or by using file-upload facilities available with many websites. SonicWall WAF now integrates with the Capture Advanced Threat Protection (ATP) sandbox service. It detects malware embedded in traffic streams by leveraging the industry-leading, multi-engine malware analysis platform, including Real-Time Deep Memory Inspection (RTDMI). Any attempts to inject or upload malicious files to a website would be inspected in-line (as opposed to after the fact) while maintaining an optimal user experience.
Simplifying Transport Layer Security, SSL Certificate Management with 'Let's Encrypt'
The biggest challenge for securing website communication is the need for legitimate SSL/TLS certificates for encryption and decryption. Legitimate certificates are expensive to purchase, manager, monitor and renew.
But with SonicWall WAF 2.2, organizations can take advantage of the Let's Encrypt service through a built-in integration that not only offers free certificates, but will also automatically monitor and renew digital certificates.
This eliminates the administrative effort to enable SSL/TLS required on the website to turn on support for SSL/TLS.
By combining Let's Encrypt integration, Perfect Forward Secrecy (PFS) and HTTP Strict Transport Security (HSTS), the SonicWall WAF ensures that websites are only accessible via a secured and encrypted channel, which also improves search engine visibility and ranking.
Seamless Multifactor Authentication Controls Access to Sensitive Content, Workflows
The most common cause of information leakage from websites stems from improper access control on websites, sometimes via unauthenticated pages and others because of the lack of strong authentication controls (remember the Equifax attack?).
With SonicWall WAF 2.2, administrators can redirect users to an authentication page for any part of the web application by leveraging an existing authentication page or with a WAF-delivered login page.
Administrators can also enforce second-factor authentication using client certificates or one-time passwords (OTPs) to validate users trying to log in to the web application are, indeed, genuine users.
API Support for Managed Cloud Service Providers
Cloud service providers often manage and host websites for their customers. In many cases, they leverage DevOps and programmable infrastructure using APIs to launch hosting environments, web application platforms and ready-to-use infrastructure. But if security is not embedded into these DevOps workflows, they leave gaping holes and become liable for website security.
With SonicWall WAF 2.2, administrators can automatically launch WAF virtual appliances and programmatically provision security for websites using scripts in DevOps workflows. This includes creating a web application to be protected, enabling exploit prevention, enabling Let's Encrypt Integration for free SSL/TLS support and enabling Capture ATP integration for malware prevention.
New Utility-based Licensing Model, An innovation for WAF Virtual Appliances
With SonicWall WAF 2.2, organizations may purchase protection on a per-website basis. This helps reduce the total cost of ownership (TCO) by purchasing only what they need. Four types of websites are currently supported based on the amount of data that is transferred to/from the website per month.
||10 GB per Month
||50 GB per Month
||200 GB per Month
||500 GB per Month
A sizing calculator will recommend the compute requirements for the WAF virtual appliance and will provide guidance to website administrators on what type of license they need to buy based on a variety of metrics like sustained/peak throughput, average visits per day etc.
SonicWall WAF helps administrators secure their websites and their digital environment, thereby establishing trust in their digital brand.
Features & Benefits:
Web Application Threat Management
- Shrink attack surface with full management and control of web application traffic
- Interrogate the behavior and logic of web communication beyond protocol activities
- Detect and alert on anomalies in web application behavior
Web Application Protection
- Protect against known and zero-day vulnerabilities with virtual patching and custom rules
- Defend against latest vulnerabilities and threats outlined by OWASP Top Ten
- Preserve web servers integrity and performance against application DoS/DDoS attacks
Data Leak Prevention (DLP)
- Prevent data theft via data masking and page-blocking techniques
- Bar attackers from gaining access to users' accounts and all accounts on web servers with precise access security controls
Accelerate Application Delivery
- Enable caching, compression and other HTTP/TCP optimizations to accelerate application delivery
- Reduce workload and boost performance by offloading SSL transactions
- Perform Layer-7 load balancing to distribute the load across clustered web servers
Web Application Security
- OWASP Top 10 Protection
- CSRF Protection
- Cookie Tampering Protection
- Website Fingerprint Detection
- Sensitive Data Protection - Masking and Blocking
- Rate Limiting and DoS Protection
- Anti-evasive inspection
- Automatic Signature updates
- Web Application Profiling & Auto-Rule Generation
- Access Policies (using Geo, IP, URL or User)
- Custom Rules & Rule-chaining
- Custom Error response
- Geo-IP- and Threat Intel-based protection filtering
- Blacklisting and Whitelisting
- Blocking and Captcha-based Remediation Support
Secure Web Application Delivery
- Secure Web App. Offloading
- SSL Inspection & PFS
- Stacked Authentication (2FA, OTP, client-cert, etc.)
- Session Logout Timer
- Layer-7 Load Balancing
- Web App. Health Monitoring
- Web App. Acceleration -content caching, compression and TCP opt
- Customizable Web Portal with CLI Support
- Admin Authentication via AD/LDAP, RADIUS and Certificate
- Automatic Software Updates
Monitoring & Reporting
- SNMP Support
- Event / Audit Logging & Syslog
- Email alerts
- System monitoring & Diagnostics
- Threats Dashboard
- Health Dashboard
- PDF Report Exports
Platforms & Licensing
- VMWare & MS Hyper-V and AWS & MS Azure (BYOL)
- Subscription License based on capacity
Flexible, Customizable Deployment Options:
SonicWall WAF can be deployed on a wide variety of virtualized and cloud platforms for various private/public cloud security use cases. The WAF Series is available for deployment on the following platforms:
- Private Cloud:
- VMware ESXi
- Microsoft Hyper-V
- Amazon Web Services (AWS)
- Microsoft Azure
||RECOMMENDED AWS INSTANCE
||RECOMMENDED MS AZURE INSTANCE
*This is based on typical enterprise-grade server systems. For more information, please see the Deployment Guides.
||VMware ESXi v6.5
Microsoft Hyper-V Manager 6.2 / 6.3
|Recommended AWS Instance
|Recommended Azure Instance