A200161411/web-application-firewall-dedicated
1
0
Fork 0
forked from docs/web-application-firewall-dedicated
Code Pull Requests Activity
web-application-firewall-de.../umn/source/applying_for_a_dedicated_waf_instance.rst
proposalbot 27a573e5f5 Changes to wafd_umn from docs/doc-exports#472 (WAF Dedicated UMN 01 
WAF Dedicat

Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com>
Co-authored-by: proposalbot <proposalbot@otc-service.com>
Co-committed-by: proposalbot <proposalbot@otc-service.com>
2022-12-08 10:49:40 +00:00

16 KiB
Raw Permalink Blame History

original_name

waf_01_1072.html

Applying for a Dedicated WAF Instance

If your service servers are deployed on the cloud, you can buy dedicated WAF instances (or dedicated WAF engines) to protect important websites through domain names or to protect web applications with only IP addresses.

Prerequisites

  • You have obtained management console login credentials for an account with the WAF Administrator and WAF FullAccess permissions.
  • A VPC is available.
  • Resource sets have been created.

Before You Start

After your application for a dedicated WAF instance succeeds, its specifications cannot be modified.

Important

It takes about 10 minutes to create a dedicated WAF instance. If the instance is in the Running status, the instance has been created successfully.

Procedure

  1. Log in to the management console.

  2. Click image1 in the upper left corner of the management console and select a region or project.

  3. Click image2 in the upper left corner and choose Web Application Firewall (Dedicated) under Security.

  4. In the upper right corner of the page, click Apply for Dedicated Engine.

  5. (Optional): Select an enterprise project from the Enterprise Project drop-down list.

    This option is only available if you are logged in using an enterprise account, or if you have enabled enterprise projects. You can use enterprise projects to more efficiently manage cloud resources and project members.

    Note

    default: indicates the default enterprise project. Resources that are not allocated to any enterprise projects under your account are listed in the default enterprise project.

  6. Configure instance parameters by referring to Table 1 <waf_01_1072__en-us_topic_0000001337142545_en-us_topic_0161005736_table4295843716304>. Figure 1 <waf_01_1072__en-us_topic_0000001337142545_en-us_topic_0110861189_fig5029231715163> shows an example.

    Figure 1 Configuring a dedicated WAF instance
    Table 1 Parameters of a dedicated WAF instance
    Parameter Description
    WAF Mode Dedicated Mode
    Region Generally, a WAF instance you apply for in any region can protect web services in all regions. To make a WAF instance forward your website traffic faster, select the region nearest to your services.
    AZ Select an AZ in the selected region.
    Instance Name Prefix Set a prefix of the dedicated WAF instance name. If you apply for multiple instances at a time, the prefix to each instance name is the same.
    Quantity Set the number of WAF instances you want to apply for.
    Specifications Select specifications for your instance. WAF offers two types of specifications, 500 Mbit/s and 100 Mbit/s.
    WAF Instance Type Your WAF instance will be connected to your network through a VPC network interface. (If ELB is used, only dedicated load balancers can be used.)
    CPU Architecture Select CPU architecture for your instance.
    ECS Specifications Select ECS specifications for your instance.
    VPC Select the VPC to which the origin server belongs.
    Subnet Select a subnet configured in the VPC.
    Security Group

    Select a security group in the region or click Manage Security Group to go to the VPC console and create a security group. After you select a security group, the WAF instance will be protected by the access rules of the security group.

    Important

    NOTICE:

    • You can configure your security group as follows:

      • Inbound rules

        Add an inbound rule to allow incoming network traffic to pass through over a specified port based on your service requirements. For example, if you want to allow access from port 80, you can add a rule that allows TCP and port 80.

      • Outbound rules

        The value is Default. All outgoing network traffic is allowed by default.

    • If your dedicated WAF instance and origin server are not in the same VPC, enable communications between the instance and the subnet of the origin server in the security group.
    Tag It is recommended that you use TMS's predefined tag function to add the same tag to different cloud resources.

  7. In the lower right corner of the page, click Create Now.

  8. Confirm the configuration and click Create Now.

  9. Click Back to Dedicated Engine List. On the Dedicated Engine page, view the instance status.

    It takes about 10 minutes to create a dedicated WAF instance. If the instance is in the Running status, the instance has been created.