Powered by Zoomin Software. For more details please contactZoomin

WAF on Microsoft Azure Installation Guide

Filters

Clear All Filters
Source Type
Application Security
Data Security
Network Security
Application Performance
Product Versions
Hypervisor Installation
Document Type
Public Cloud
    Community Content Type
      Access
      Product Area
      Clear All Filters
      This guide

      Setting up the WAF Gateway VMs on Azure

      Save PDF
      Save selected topicSave selected topic and subtopicsSave all topics
      Share
      Share to emailCopy topic URL
      Feedback
      Print
      Table of Contents

      Setting up the WAF Gateway VMs on Azure

       Setting up the WAF Gateway VMs on Azure

      You must first set up a WAF Gateway virtual machine. The same image will be used for creating both Management Servers and Gateways.

      To set up a WAF Gateway virtual machine:

      1. Navigate to the new Azure portal.
      2. From the tiles, select Marketplace, or select Browse > Marketplace.

        AzureOpeningScreen

      3. In the Search the Marketplace field, type Imperva. The Imperva products appear.
      4. Select Imperva WAF Gateway (On Prem WAF) v15.
      5. Click Create.
      6. Enter the details for your setup as prompted by the Azure workflow and launch a new virtual machine.
      7. You must pay close attention to the following items:
        1. Public IP Address: By default, Azure creates a new Public IP Address for each new machine that is created from the marketplace. For security reasons, it is recommended that you do not create a public IP address for the WAF Gateway machines, but instead use a jump server to access the WAF Gateway machines from the Internet.
        2. Security Groups: By default, the WAF Gateway machines are created with a Security Group that contains the required WAF Gateway inbound ports.

          Azure_v11.5_CreateNetworkSecurityGroup

          • 22 (SSH)
          • 80 (HTTP for Gateway Reverse Proxy)
          • 443 (HTTPS for Gateway Reverse Proxy)
          • 8087 (Gateway management)
          • 8083 (MX management)

          Provided the WAF Gateway machines are accessible through the load balancer only, and not directly from the Internet, there is no need to change the Security Group. However, if the WAF Gateway machine is accessible from the Internet, you should limit the three management ports, 22, 8083, and 8087, to specific IPs or internal subnets.

        3. Outbound Internet Traffic: Outbound internet traffic is required for outbound traffic based services like ThreatRadar, Software Update, etc. to work. These include traffic that goes to the following domains:
          • Imperva.com
          • *.impervacloud.com

            Note: You must ensure that port 8087 is blocked to outside connections.

        4. Machine Size Mapping: The table below lists the recommended mapping of WAF Gateway virtual appliance model numbers and the corresponding Azure machine size.

      WAF Gateway Virtual Appliance Model

      Recommended Azure Machine Size

      Performance

      MV1000

      A2 for HTTP only

      A3 for HTTPS

      100Mbps

      MV2500

      A3 or D3 for HTTP only

      D3v2 or D4  for HTTPS

      500Mbps

      MX

      A3

      NA

      Note: Once you have set up the machine, you will need to configure its IP address as static. For more information, seethe Static Private IP address pages in the Microsoft Azure documentation.

      Was this topic helpful?
      LikeDislike