topic how to configure WAF in on premise PA in General Topics

how to configure WAF in on premise PA

pjsunil — Wed, 18 Dec 2024 06:25:34 GMT

how to configure PA Model Type 3410 for Web Application Firewall (WAF)

Re: how to configure WAF in on premise PA

JayGolf — Thu, 19 Dec 2024 02:48:14 GMT

Could you describe what you are looking to accomplish (what type of servers/workloads are you looking to secure, have any particular threats/vulnerabilities you're trying to prevent?) Do you already have a WAF solution in place?

The PAN firewalls don’t have a built-in WAF, but depending on your requirements, we might be able to recommend leveraging specific NGFW features or community readers might suggest dedicated WAFs solutions to meet your needs.

You mentioned you have a 3410... what subscriptions do you have?

Re: how to configure WAF in on premise PA

pjsunil — Thu, 19 Dec 2024 03:36:29 GMT

Hi Jay, Thanks on the response

Based on the internet search feedback, mention as PA on-premise NGFW was cable to support WAF, that was the reason checking for this possibility. .

We have installed Web Proxy server behind this PA and is protected by firewall rules, but needed WAF capability to enhance the web level security.

our subscriptions includes the below following

Application Version 8926-9129 (12/18/24)
Threat Version 8926-9129 (12/18/24)
Antivirus Version 5036-5554 (12/18/24)
Device Dictionary Version 155-563 (12/17/24)
WildFire Version 936045-939981 (12/19/24)
URL Filtering Version 20241219.20048

Re: how to configure WAF in on premise PA

OtakarKlier — Thu, 19 Dec 2024 19:01:21 GMT

Hello,

The best way to do this with the Palo Alto is inbound SSL decryption. This way the Palo Alto will see the traffic and act accordingly. However it is not a 'true' WAF. Also on the inbound policies only allow https application traffic, this will help deny traffic you do not with to see.

Hope that helps.