Overview:
The SonicWall Web Application Firewall (WAF) solutions enables the defensein-depth strategy to protect your web applications running in a private, public or hybrid cloud environment. It offers organizations a complete, out-of-box compliance solution for applicationcentric security that is easy to manage and deploy.
The SonicWall WAF Series is full-featured web application firewall that arms organizations with advanced web security tools and services to protect their data and web properties against modern, web-based threats. It applies deep packet inspection of Layer 7 web traffic against a regularly updated database of known signatures, denies access upon detecting web application threats and redirects users to an explanatory error page. In addition, the SonicWall WAF also baselines regular web application usage / behavior and identifies anomalies that may be indicative of attempts to compromise the application, steal data and/or cause a denial-of-service.
WAF employs a combination of signaturebased and application profiling deeppacket inspection, and high performance real-time intrusion scanning engine using event-driven architecture to dynamically defend against evolving threats as outlined by the Open Web Application Security Project (OWASP), as well as more advanced web application threats like Denial of Service (DoS) attacks and context-aware exploits. Moreover, it learns, interrogates and baselines regular web application usage behaviors and identifies anomalies that may be indicative of attempts to compromise the application, steal data and/or cause a denial-of-service.
WAF provides economy of scale benefits of virtualization and can be deployed as a virtual appliance in private clouds based on VMWare or Microsoft Hyper-V; or in AWS or Microsoft Azure public cloud environments. This gives organizations all the security advantages of a physical WAF with the operational and economic benefits of virtualization, including system scalability and agility, speed of system provisioning, simple management and cost reduction.
Acceleration features include load balancing, content caching, compression and connection multiplexing improve performance of protected websites and significantly reduce transactional costs. A robust dashboard provides an easy-touse, web-based management interface featuring status page overview of all monitoring and blocking activities, such as signature database status information and threats detected and prevented since boot-up.
The Series is available in four models that represent their inspection capacities and can be deployed on a broad range of public/private cloud/virtualized deployment use cases.
What's New:
The next evolution of the product, SonicWall WAF 2.2 gains five significant new features and enhancements, including a new licensing model.
Real-Time Website Malware Prevention with Capture ATP Integration
With the increasing threat of malware, many websites are also at risk of advanced malware attacks like cryptojacking and the famous CTB-locker malware that targeted WordPress websites.
Malware is injected into websites through the use of vulnerable plugins or by using file-upload facilities available with many websites. SonicWall WAF now integrates with the Capture Advanced Threat Protection (ATP) sandbox service. It detects malware embedded in traffic streams by leveraging the industry-leading, multi-engine malware analysis platform, including Real-Time Deep Memory Inspection (RTDMI). Any attempts to inject or upload malicious files to a website would be inspected in-line (as opposed to after the fact) while maintaining an optimal user experience.
Simplifying Transport Layer Security, SSL Certificate Management with ‘Let’s Encrypt’
The biggest challenge for securing website communication is the need for legitimate SSL/TLS certificates for encryption and decryption. Legitimate certificates are expensive to purchase, manager, monitor and renew.
But with SonicWall WAF 2.2, organizations can take advantage of the Let’s Encrypt service through a built-in integration that not only offers free certificates, but will also automatically monitor and renew digital certificates.
This eliminates the administrative effort to enable SSL/TLS required on the website to turn on support for SSL/TLS.
By combining Let’s Encrypt integration, Perfect Forward Secrecy (PFS) and HTTP Strict Transport Security (HSTS), the SonicWall WAF ensures that websites are only accessible via a secured and encrypted channel, which also improves search engine visibility and ranking.
Seamless Multifactor Authentication Controls Access to Sensitive Content, Workflows
The most common cause of information leakage from websites stems from improper access control on websites, sometimes via unauthenticated pages and others because of the lack of strong authentication controls (remember the Equifax attack?).
With SonicWall WAF 2.2, administrators can redirect users to an authentication page for any part of the web application by leveraging an existing authentication page or with a WAF-delivered login page.
Administrators can also enforce second-factor authentication using client certificates or one-time passwords (OTPs) to validate users trying to log in to the web application are, indeed, genuine users.
API Support for Managed Cloud Service Providers
Cloud service providers often manage and host websites for their customers. In many cases, they leverage DevOps and programmable infrastructure using APIs to launch hosting environments, web application platforms and ready-to-use infrastructure. But if security is not embedded into these DevOps workflows, they leave gaping holes and become liable for website security.
With SonicWall WAF 2.2, administrators can automatically launch WAF virtual appliances and programmatically provision security for websites using scripts in DevOps workflows. This includes creating a web application to be protected, enabling exploit prevention, enabling Let’s Encrypt Integration for free SSL/TLS support and enabling Capture ATP integration for malware prevention.
New Utility-based Licensing Model, An innovation for WAF Virtual Appliances
With SonicWall WAF 2.2, organizations may purchase protection on a per-website basis. This helps reduce the total cost of ownership (TCO) by purchasing only what they need. Four types of websites are currently supported based on the amount of data that is transferred to/from the website per month.
| Size |
Data Volume |
| Pro Website |
10 GB per Month |
| Small Website |
50 GB per Month |
| Medium Website |
200 GB per Month |
| Large Website |
500 GB per Month |
A sizing calculator will recommend the compute requirements for the WAF virtual appliance and will provide guidance to website administrators on what type of license they need to buy based on a variety of metrics like sustained/peak throughput, average visits per day etc.
SonicWall WAF helps administrators secure their websites and their digital environment, thereby establishing trust in their digital brand.
Flexible, Customizable Deployment Options:
SonicWall WAF can be deployed on a wide variety of virtualized and cloud platforms for various private/public cloud security use cases. The WAF Series is available for deployment on the following platforms:
- Private Cloud:
- VMware ESXi
- Microsoft Hyper-V
- Public Cloud:
- Amazon Web Services (AWS)
- Microsoft Azure
| MODEL |
COMPUTE CAPACITY |
RECOMMENDED AWS INSTANCE |
RECOMMENDED MS AZURE INSTANCE |
| WAF 200 |
2 vCPU |
C5.large |
Standard_F2s_v2 |
| WAF 400 |
4 vCPU |
C5.xlarge |
Standard_F4s_v2 |
| WAF 800 |
8 vCPU |
C5.2xlarge |
Standard_F8s_v2 |
| WAF 1600 |
16 vCPU |
C5.4xlarge |
Standard_F16s_v2 |
