Results 1 to 3 of 3
  1. #1
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default So what problem is this product trying to solve?

    So I have been running this WAF for a few mins and I already just don't see the point.

    I could just add a Untangle in Bridge mode behind any nginx/apache reverse proxy and get better function than this gives me.


    This product allow you to create one VIP* per deployment.

    ex you have three sites
    siteone.com
    sitetwo.com
    sitethree.com

    You want to protect them all with an WAF solution.
    I see no way in my current setup how I would be able to set up 1 or 2 Untangle WAF's to solve this.
    I would always have 1 site 1 WAF or if i also want HA on the WAF segment I would have 2 WAF's for every site.

    In my current setup we do all our VIP/LB/WAF with a HA cluster of 2 Nodes and a few hundred sites.

    I might just not know how this WAF is supposed to be used but I do not see any way how to create my own rules or SNI routing.

    ex one single Untangle WAF:
    siteone.com (upstrem servers 1.1.1.1, 1.1.1.2 ,1.1.1.3 Cert: 1)
    sitetwo.com (upstrem servers 1.1.1.4, 1.1.1.5 ,1.1.1.6 Cert: 2)
    sitethree.com (upstrem servers 1.1.1.7, 1.1.1.8 ,1.1.1.9 Cert: 3)

    Is this out of scope for the product?
    (I mean the nginx running in the background do have this feature)


    The GUI do look good just functionality i am missing. (And ffs add support for Lets-encrypt)

  2. #2
    tjk
    tjk is offline
    Untangler
    Join Date
    Apr 2021
    Posts
    49

    Default

    Agree with you and asked this and suggested both options. Multi site per WAF and the ability to have your WAFs in HA mode.

  3. #3
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default

    Here is a little follow up on what modifications I would like to see.

    1. Add function to have the WAF in HA mode. (VRRP cluster is fine)

    2. Add Virtual Host routing so we can create multiple instances in one WAF.

    3. Add Health checks to the Upstream servers. (validate string och http 200 etc)
    So traffic only goes to live upstream servers.

    4. I bet there soon will be some license model. (Have the license connected to number of virtual host you want to forward)
    And be generous with 10 sites or something like that in the base license.

    Just my .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2