Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Untangler
    Join Date
    Jun 2018
    Posts
    60

    Default Untangle WAF beta is ready! Let us know what you think

    Following up from my recent announcement about Untangle Web Application Firewall, I am excited to share that the beta release is now available.

    For those of you interested in previewing the product and providing Untangle with feedback, you can find the beta in Command Center under the downloads area.
    Deployment options include a software appliance and a Docker container.

    We've provided documentation to get started here https://support.untangle.com/hc/en-u...-Documentation

    We have also set up a feedback site where you can share your ideas to improve the product. If you have any questions feel free to reply to this post.
    Last edited by bcarmichael; 10-15-2021 at 10:55 AM.
    csherman and feabw like this.

  2. #2
    That Which Lurks Below
    Join Date
    Jul 2018
    Posts
    48

    Default

    We've also got a live demo environment available here: http://waf-demo.untangle.com:8585

    Note that if your browser automatically redirects HTTP to HTTPS, you might have issues reaching the site. We recommend Chrome or Firefox!

  3. #3
    tjk
    tjk is offline
    Untangler
    Join Date
    Apr 2021
    Posts
    49

    Default

    Note: Untangle WAF is designed to protect & load balance a single web application. If your network hosts multiple different websites or web services, each will need its own instance of Untangle WAF.

    Is this limitation going to go away at some point?

    Also, will you guys support HA WAF's in the future?

  4. #4
    Untangler
    Join Date
    Jun 2018
    Posts
    60

    Default

    Quote Originally Posted by tjk View Post
    Is this limitation going to go away at some point?

    Also, will you guys support HA WAF's in the future?
    Good questions. We are looking into the possibility of routing multiple sites through WAF. Regarding HA, we don't have a specific feature for this, but we are evaluating options and will document ways to maximize uptime by leveraging public cloud infrastructure.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Quote Originally Posted by bcarmichael View Post
    Good questions. We are looking into the possibility of routing multiple sites through WAF. Regarding HA, we don't have a specific feature for this, but we are evaluating options and will document ways to maximize uptime by leveraging public cloud infrastructure.
    As it should be, if web apps want uptime their devs need to get them properly containerized. Why manually configure clusters when you can just let the fabric do it for you? Set it up once, and it scales up or down near infinitely automatically.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    tjk
    tjk is offline
    Untangler
    Join Date
    Apr 2021
    Posts
    49

    Default

    How does this work when the waf crashes or has to be rebooted for updates, when all traffic passes through the waf?

  7. #7
    That Which Lurks Below
    Join Date
    Jul 2018
    Posts
    48

    Default

    Quote Originally Posted by tjk View Post
    How does this work when the waf crashes or has to be rebooted for updates, when all traffic passes through the waf?
    WAF shouldn't need to be rebooted to apply updates: they should generally apply in-place without a restart. NGFW only requires a reboot when there's a kernel upgrade; WAF will follow the same principle.

    Since your DNS entry points to the WAF itself, rather than directly to the web server, the traffic wouldn't have anywhere to be routed to if the WAF were unavailable. (The same would be true if it's installed via ISO to a standalone hardware platform.) In short, the site would appear to be down. I suppose it might be possible to have some kind of failover/backup address in your DNS resolver that could point traffic directly to the server IP in case the WAF were unresponsive?

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Which would be a rather silly thing to do. There's no purpose in a WAF if you're just going to expose the app directly.

    But that's also why products in this space not only support proxing multiple apps, but also themselves support clustering.
    jcoffin likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untangler
    Join Date
    May 2016
    Posts
    51

    Default

    I'm intrigued as I run modsecurity now. It would be a win to have it be more managed without me updating rulesets and such. Why it one WAF per webserver though? If I have 6 sites across three servers, yikes, six WAFs? That doesn't seem right, my one modsecurity handles them all right now. Also, what will the licensing look like?
    Last edited by sspeed; 12-13-2021 at 12:55 PM.

  10. #10
    Untangler csherman's Avatar
    Join Date
    Mar 2020
    Posts
    84

    Default

    Currently the product is set up for one WAF per web server, but your feedback (or upvote in this case) is much appreciated in feedback.untangle.com. If you haven't installed the beta already, we'd love it if you tried it out. All feedback is welcomed.
    dashpuppy likes this.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2