So what problem is this product trying to solve?

[WebFooL]

So I have been running this WAF for a few mins and I already just don't see the point.

I could just add a Untangle in Bridge mode behind any nginx/apache reverse proxy and get better function than this gives me.


This product allow you to create one VIP* per deployment.

ex you have three sites
siteone.com
sitetwo.com
sitethree.com

You want to protect them all with an WAF solution.
I see no way in my current setup how I would be able to set up 1 or 2 Untangle WAF's to solve this.
I would always have 1 site 1 WAF or if i also want HA on the WAF segment I would have 2 WAF's for every site.

In my current setup we do all our VIP/LB/WAF with a HA cluster of 2 Nodes and a few hundred sites.

I might just not know how this WAF is supposed to be used but I do not see any way how to create my own rules or SNI routing.

ex one single Untangle WAF:
siteone.com (upstrem servers 1.1.1.1, 1.1.1.2 ,1.1.1.3 Cert: 1)
sitetwo.com (upstrem servers 1.1.1.4, 1.1.1.5 ,1.1.1.6 Cert: 2)
sitethree.com (upstrem servers 1.1.1.7, 1.1.1.8 ,1.1.1.9 Cert: 3)

Is this out of scope for the product?
(I mean the nginx running in the background do have this feature)


The GUI do look good just functionality i am missing. (And ffs add support for Lets-encrypt)

[tjk]

Agree with you and asked this and suggested both options. Multi site per WAF and the ability to have your WAFs in HA mode.

[WebFooL]

Here is a little follow up on what modifications I would like to see.

1. Add function to have the WAF in HA mode. (VRRP cluster is fine)

2. Add Virtual Host routing so we can create multiple instances in one WAF.

3. Add Health checks to the Upstream servers. (validate string och http 200 etc)
So traffic only goes to live upstream servers.

4. I bet there soon will be some license model. (Have the license connected to number of virtual host you want to forward)
And be generous with 10 sites or something like that in the base license.

Just my .