Did you sign up for Qualys WAF? This is our web application firewall solution in the cloud. As part of the setup, you'll deploy a WAF virtual appliance to a firewall cluster within in your environment. It just takes a couple minutes.
A few things to consider...
1) The steps below show you how to configure a WAF appliance using VMware vCenter or Microsoft Hyper-V. Alternatively you can use Amazon EC2.
2) A WAF cluster can be assigned as many WAF appliances as your subscription allows.
I'm ready to get started. What are the steps?
1) Download the OVA image (VMware) or the VHD image (Hyper-V). You'll get the image when you add a new WAF appliance (go to WAF > Assets > WAF Clusters, click the New WAF Appliance button to get started).
2) Import the image in your virtualization platform. The OVA image supports VMware for production (and can be used in VirtualBox for test purposes only), while the VHD image supports Microsoft Hyper-V.
3) Set up the virtual appliance using the CLI (Command Line Interface).
4) Verify the registration of the appliance.
5) Test availability of your web application through Qualys WAF. Once confirmed, you'll need to alias DNS entries to direct traffic at your origin infrastructure.
Import and Register your WAF Appliance
1) Start your virtualization manager and select the OVA
2) Step through the wizard
We provide a default name for your WAF instance, and you can change it. Select disk format and mapping settings appropriate for your environment. Do not set any WAF-specific properties in the wizard as they are deprecated and will be removed in a future release. You will set these properties in the following configuration steps.
3) Log in as "waf-user" via SSH or system console
The first login forces you to change your password.
$ ssh firstname.lastname@example.org You are required to change your password immediately (root enforced) WARNING: Your password has expired. You must change your password now and login again! Changing password for user waf-user. New password: C-om34EhbTz.6aiMU4C Retype new password: C-om34EhbTz.6aiMU4C passwd: all authentication tokens updated successfully. Connection to 10.1.1.5 closed.
4) Set properties
You must set the firewall cluster registration token (waf_cluster_id). Other properties are optional.
$ ssh email@example.com qualys waf # help Commands (type help <command>): =============================== deregister help network reboot save show ssh sysinfo viewlog exit ifconfig passwd routes set shutdown status unset waf qualys waf # help set Syntax: set KEY=VALUE Valid keys: waf_service_url proxy_url sem_syslog_addr waf_cluster_id waf_ssl_passphrase qualys waf # set waf_cluster_id=A30BC162-785A-4BAF-A5D5-1A2DE9C6DA3A qualys waf # save Saved Successfully
waf_service_url The URL of the Qualys Cloud Platform hosting your Qualys account. By default, the WAF appliance can connect to all Qualys production platforms. If you have a customized Qualys Private Cloud Platform, you will need to set this URL accordingly (Qualys Support can provide the proper URL).
waf_cluster_id (Required) The firewall cluster registration token. You can find this token by going to the firewall clusters list (Assets > WAF Clusters).
proxy_url If a proxy is required for the firewall cluster to access the Qualys Cloud Platform this must have the URL for the proxy server.
waf_ssl_passphrase If SSL is enabled (primary and/or secondary URL) this is the passphrase for the key uploaded to the WAF application.
sem_syslog_addr The Security Event Manager to send translation logs via syslog to. The syslog message will be formatted in the form PROTOCOL:HOSTNAME:PORT as described in RFC424. If port is omitted the standard syslog port 514 will be used.
For example: TCP:sysloghost.example.com:514
5) Reboot may be required
... if you are changing the token (e.g. re-registration).
qualys waf # reboot Are you sure you want to reboot? <y/N> y Rebooting Broadcast message from waf-user@dhcp-10-1-1-5 (/dev/pts/0) at 18:05 ... The system is going down for reboot NOW! Connection to 10.1.1.5 closed.
6) Verify registration
You can do this using the CLI (as shown below) or the WAF user interface (go to Assets > WAF Clusters).
qualys waf # show Current settings: waf_cluster_id=A30BC162-785A-4BAF-A5D5-1A2DE9C6DA3A qualys waf # status Connectivity to Qualys: OK Registration status: OK Sensor_ID: B02b1088-77ed-4862-a067-dc41bbd97233 WAF_CLUSTER_ID: A30BC162-785A-4BAF-A5D5-1A2DE9C6DA3A qualys waf # quit Connection to 10.1.1.5 closed.
You've configured your WAF virtual appliance. Once you're done we'll start a distributed network of sensors for your firewall cluster. Also your firewall cluster will start making outbound connections to the Qualys Cloud Platform.
Getting started with WAF is easy. Need some help? Just follow the steps in our quick start guide - select WAF from the application picker, go to the username menu (top right) and select Quick Start Guide.