Set up WAF

We will show you how to set up and use a Web Application Firewall (WAF) within the Xelon HQ platform.

Creating a Web Application Firewall (WAF)

The Web Application Firewall (WAF) can be viewed in Xelon HQ under the "Networking" section and with the appropriate user authorizations.

You will find the "WAF" tab under the "Networking" section in the left-hand navigation.

1. Go to Networking > WAF > Create new WAF

WAF-Overview

2. Enter the display name of the WAF and select the corresponding organization. Choose between a Device WAF or a Kubernetes WAF.

3. Customise the network and IP settings to suit your needs. You can either select an existing dedicated WAN network, if you have assigned one, or assign a public IP address from a shared pool. From the internal network menu, select the network you want to connect to on the LAN side and select an IP address for your WAF.

4.  Create at least one forwarding rule.

Set up a forwarding rule

Forwarding rules allow access to your server from the Internet while taking certain security precautions (CRS).

Forwarding Rule-2

Parameter:

OWASP CRS: Select here which core rule sets (CSR) should be excluded. By default, Xelon provides a list of rules to be applied. 

URL: Enter the public endpoint (URL) to be addressed here.

Destination nodes IP and Ports: Enter the internal endpoints (IP and port) to forward to. If HTTPS is used on the backend, check the appropriate box.

Maintenance Mode: When this check box is selected, a temporary placeholder is displayed on the website. This is recommended for maintenance work.

SSL Generate: Here you can either generate an SSL certificate for your website (Let's Encrypt) or create your own by clicking on "Custom".

Managing your WAF

After deployment, you can access your WAF by clicking on it. You can see the configuration of your WAF in the top bar of the dashboard. Use the external IP address to connect to your internal services. For example, if you have configured an inbound rule for port 443 to access your internal web server, open your browser and follow the link https://<EXTERNAL_IP>,  to access your web server.