WAF as a Service

Overview

CloudGuard WAF SaaS provides all of CloudGuard WAF's security capabilities, with the ease of avoiding the need for a complex deployment. In addition, it provides another layer of security with advanced DDoS protection for your protected assets.

DNS configuration of your domain is changed to route your site's traffic through WAF SaaS. WAF SaaS protects the site by inspecting the traffic, and routes it to the internal server. The SaaS service has a Reverse proxy function with CloudGuard WAF's security.

CloudGuard WAF SaaS Points of Presence (PoPs)

When creating an account to manage your security, a data region was selected. Data Residency refers to the physical or geographical location where your data is stored and it also determines the region of Infinity Portal where your configuration and logs can be viewed and edited.

Additional information can be found here:

Prerequisites

• Ownership of the DNS configuration for the protected domain.

• Accessibility - You must be able to configure your internal web server to be accessible from the IP addresses of WAF SaaS (whitelist WAF IPs). If you just added a new internal address it can be exposed publicly for the deployment stage purposes, but you must reduce its accessibility in the appropriate installation step after WAF SaaS has been configured. Following that step it should not be accessible publicly.

There are 2 options to use Certificates with CloudGuard WAF as a Service: