This section explains Web Application Firewall (WAF) Signatures Service offered as part of Live Security Threat Intelligence.

NSX Advanced Load Balancer WAF protects web applications from common vulnerabilities as identified by Open Web Application Security Project (OWASP), such as SQL Injection (SQLi) and Cross-site Scripting (XSS), while providing the ability to customize the rule set for each application.

Feature Highlights

  • Notify when new WAF CRS rules are available.

  • Automatically download new WAF CRS rules when available.

Data Collection and Retention Policy

Data Collection:

No data is collected by and for this service. WAF CRS Rules are pushed only to the NSX Advanced Load Balancer Controllers where this service is opted-in (enabled).

Data Retention:

Does not apply to this service.

Note:

  • This service does not store or exchange any customer data.

  • This service has no access to customer infrastructure including NSX, vCenter, and others.

  • This service does not read or write any configurations on the registered NSX Advanced Load Balancer Controllers.

How to enable this service

This is an 'opt-in' service and is disabled by default.

The steps to opt-in to this service and enable automatic support case creation are as follows

  1. Navigate to Administration > Cloud Services.

  2. Click EDIT.

  3. Under Live Security Threat Intelligence select Enable Cloud Services WAF Management.

  4. Select Receive notifications when new CRS data is available to receive notifications when new updates are available.

  5. Select Enable auto download WAF Signatures to automatically download new WAF CRS rules when available.

  6. Click SAVE.

Note:

You can opt-out of this service at any time and the WAF CRS Rule notifications and updates will stop.

Service Details

NSX Advanced Load Balancer threat research team releases new WAF signatures (Core Rule Set) every quarter. These signatures can be consumed in one of the following two ways:

  1. Manual deployment: User manual downloads WAF signatures from NSX Advanced Load Balancer Cloud Console Portal and then uploads them on required VNSX Advanced Load Balancer Controller clusters, or

  2. Automated deployment: Web Application Firewall (WAF) Signatures Service automatically pushes new rules to registered NSX Advanced Load Balancer Controller clusters where this service is enabled. Steps are described in the 'How to enable this service' section.

For manual deployment, only enable the 'Receive notifications when new CRS data is available' Opt-In as described in the 'How to enable this service' section. When new WAF CRS Rules are available, the 'CRS_UPDATE' event will be generated on the NSX Advanced Load Balancer Controller and will have a signed download link. You can click on this link to download the WAF CRS Rules and then upload the same to the NSX Advanced Load Balancer Controller as follows:

  1. Navigate to Templates WAF > CRS.

  2. Click on Upload File, select the downloaded WAF CRS Rules.

  3. Click Open.

Events of Interest

The following events are generated on the Controller when WAF Signatures service is enabled:

CRS_UPDATE:

New WAF CRS Rules are available.

CRS_DEPLOYMENT_SUCCESS:

WAF CRS Rules deployment succeeded on the Controller.

CRS_DEPLOYMENT_FAILURE:

WAF CRS Rules deployment failed on the Controller.

Impact of Unavailability

During the period that this service is down, new WAF CRS Signatures will not be available. Load Balanced applications will continue to utilize WAF CRS Rules available on the Controllers.