WAF Getting Started Guide for AWS MarketplaceTrustwave WAF for AWS supports Inline-Proxy mode...

07

Web Application Firewall

Getting Started Guide for

AWS Marketplace

WAF Getting Started Guide for AWS Marketplace

Copyright © 2016 Trustwave Holdings, Inc. All rights reserved. 2

Legal Notice

Copyright © 2018 Trustwave Holdings, Inc.

All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or

decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document

may be reproduced in any form or by any means without the prior written authorization of Trustwave.

While every precaution has been taken in the preparation of this document, Trustwave assumes no

responsibility for errors or omissions. This publication and features described herein are subject to

change without notice.

While the authors have used their best efforts in preparing this document, they make no representation or

warranties with respect to the accuracy or completeness of the contents of this document and specifically

disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be

created or extended by sales representatives or written sales materials. The advice and strategies

contained herein may not be suitable for your situation. You should consult with a professional where

appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial

damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.

The most current version of this document may be obtained by contacting:

Trustwave Technical Support:

Phone: +1.800.363.1621

Email: [email protected]

Trademarks

Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used,

copied, or disseminated in any manner without the prior written permission of Trustwave.

mailto:[email protected]



Revision History

VERSION DATE CHANGES

1.0 June 2018 First Release

Formatting Conventions

This manual uses the following formatting conventions to denote specific information.

FORMATS AND SYMBOLS

MEANING

Blue Underline A blue underline indicates a Web site or e-mail address.

Bold Bold text denotes UI control and names such as commands, menu items, tab and field names, button and checkbox names, window and dialog box names, and areas of windows or dialog boxes.

Code Text in Courier New in blue indicates computer code or information at a command line.

Italics Italics denotes the name of a published work, the current document, name of another document, text emphasis, or to introduce a new term.

[Square brackets] Square brackets indicate a placeholder for values and expressions.

Notes, Tips, and Cautions

Note: This symbol indicates information that applies to the task at hand.

Tip: This symbol denotes a suggestion for a better or more productive way to use the product.

Caution: This symbol highlights a warning against using the software in an unintended manner.

Question: This symbol indicates a question that the reader should consider.



Table of Contents

Legal Notice ................................................................................................................................................. 2

Trademarks ......................................................................................................................................... 2

Revision History .................................................................................................................................. 3

Formatting Conventions ............................................................................................................................. 3

Notes, Tips, and Cautions ................................................................................................................... 3

1 Introduction .............................................................................................................................................. 5

2 Requirements Prior to Trustwave WAF Launch ................................................................................... 5

3 Trustwave WAF Instance Launch .......................................................................................................... 6

4 Trustwave WAF Management Access ................................................................................................. 11

5 Trustwave WAF Sensor ......................................................................................................................... 12

6 Load Balancer Support ......................................................................................................................... 12

WAF located before the load balancer .................................................................................... 12

WAF located after the load balancer ....................................................................................... 12



1 Introduction

Trustwave WAF for AWS supports Inline-Proxy mode running Stand Alone, Manager or Sensor. Three

different AMIs are provided, one for each of these WAF Roles.

Trustwave WAF for AWS can be combined with other Trustwave WAF devices running on other

platforms.

2 Requirements Prior to Trustwave WAF Launch

This section provides a list of required components that must be available before proceeding with the Trustwave WAF Instance launch.

Note: Names and values in this document are merely for ease of explanation. Use your preferred

names and required values where appropriate.

1. AWS Trustwave WAF license (BYOL).

2. VPC and Internet Gateway:

• WAF DMZ: 192.168.0.0/16

3. VPC subnets and Route Table, including:

• WAF Management: 192.168.1.0/24

• WAF Traffic: 192.168.0.0/24

4. Security Groups:

a. WAF Management: inbound ports 22 (SSH) and 443 (HTTPS)

b. WAF Traffic: Inbound ports should match protected web site ports, that is, 80 (HTTP) and 443 (HTTPS)

5. SSH Key:

• WAF Management

6. Choose an instance type. Trustwave WAF currently recommends the following instance types:

Trustwave WAF Model

AWS Instance Type

vCores RAM (GB) Network Interfaces

Disk size

AWS15 c3.xlarge 4 7.5 4 (2*) (1*)

AWS30 c3.2xlarge 8 15 4 (2*) (1*)

AWS110 c3.4xlarge 16 30 8 (2*) (1*)



Notes:

• (1*) Disk size is provided on instance configuration with a minimum requirement of 50GB.

(No RAID protection is available.)

• (2*) Trustwave WAF requires at least two network interfaces, one for Management and one for

traffic protection. AWS allows only one network interface per subnet per instance.

Warning: Not providing the minimum requirements listed in this section may result in unexpected

Trustwave WAF behavior.

3 Trustwave WAF Instance Launch

1. In the Choose an Amazon Machine Image screen, choose the Trustwave WAF AMI (Stand Alone, Manager or Sensor).

Your selection must depend on the Role that you are assigning to the instance. The Role cannot be modified after the instance launch.



2. Click Select

3. Select the required AWS instance type.

4. Click Next: Configure Instance Details.

5. In the Network field, enter the VPC ("WAF DMZ" in this example).

6. If the AMI type is StandAlone or Sensor, then enter the WAF Traffic subnet in the Subnet field.

7. If the AMI type is Manager, enter "WAF Management" in the Subnet field.



8. If the AMI type is StandAlone or Sensor, click the Network Interfaces area at the bottom of the screen.

9. In the eth0 Subnet dropdown, select the WAF traffic subnet "WAF Traffic".

10. If eth1 is not displayed, click the Add Device button and in the eth1 Subnet dropdown, select the WAF management subnet "WAF Management".

Note: WAF is configured to work by default with eth1 as the management NIC and eth0 as the web traffic NIC.

You can also define a different management NIC: In the Advanced Details area at the bottom of the screen, enter the User data field using the following format:

nic=X (Where X is the required interface name, such as "eth2")

11. Click Next: Add Storage.

The size of the Root device must be at least 50GB. This is the disk storage used by Trustwave WAF to store its database and security events.

You can increase this value if required.



12. Click Next: Add Tags.

13. Provide a descriptive value in the Name tag to help you identify the instance in the future. You can add additional tags to help organize instances on your account.

14. Click Next: Configure Security Group.

15. Select both Security Groups, WAF Management and WAF Traffic.

Click Review and Launch.



16. Expand all sections and review that all parameters are valid.

17. Click Launch.



18. Provide the SSH key pair that you previously created. If not yet created, create one now. Make sure you download the key and keep it in a safe place.

19. Click Launch Instances.

The creation of the Trustwave WAF instance may take a couple of minutes. You will see the “Get instance screenshot” screen until the login prompt appears.

4 Trustwave WAF Management Access

Trustwave WAF provides many management tools that complement each other.

The first and most commonly used is the Web Console, where users can configure protected sites, define

policies and view security events. It can be accessed from any browser using HTTPS and the IP address

of the eth1, WAF Management interface.

Username: bgadmin

Default password: The AWS Trustwave WAF instance ID.

The second tool comprises three sub-tools and is used for advanced operations. It is accessed using an

SSH client and the IP address of the eth1, WAF Management interface.

SSH must be invoked with the SSH key used at WAF launch time.

Users are:

bgoperator: for “Maintenance tool”

bus: for “Software Update System”

ha: for “High Availability” CLI.



5 Trustwave WAF Sensor

Users are required to set an access password for each Trustwave WAF Sensor before attaching them to

a WAF Manager in the Web Console.

To set the access password, connect the “Maintenance Tool” (SSH as bgoperator)

and select "2 – Offline Menu | 1 -- Configuration Menu | 12 -- Change sensor password".

6 Load Balancer Support

The WAF can be located either before the load balancer or after it. The following issues arise from such

deployment.

WAF located before the load balancer

When WAF is located before the load balancer, and the Web Server IP is not a static IP, the IP might be

changed by the load balancer. For this reason, WAF allows the configuring of a Web Server hostname

instead of an IP. This configuration is available from Site Network Settings in the WAF UI. When the Web

Server is configured as a hostname, WAF resolves the Web Server IP from the DNS server.

WAF located after the load balancer

When WAF is located after the load balancer, AWS infrastructure demands that traffic goes through the

eth0 NIC. (Another NIC, such as eth1 is used as the Management NIC).

About Trustwave®

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and

managed security services, integrated technologies and a team of security experts, ethical hackers and

researchers, Trustwave enables businesses to transform the way they manage their information security

and compliance programs. More than three million businesses are enrolled in the Trustwave

TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective

threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with

customers in 96 countries.

For more information about Trustwave, visit https://www.trustwave.com.

https://www.trustwave.com/

WAF Getting Started Guide for AWS MarketplaceLegal NoticeTrademarksRevision History

Formatting ConventionsNotes, Tips, and Cautions

1 Introduction2 Requirements Prior to Trustwave WAF Launch3 Trustwave WAF Instance Launch4 Trustwave WAF Management Access5 Trustwave WAF Sensor6 Load Balancer SupportWAF located before the load balancerWAF located after the load balancer

WAF Getting Started Guide for AWS MarketplaceTrustwave WAF for AWS supports Inline-Proxy mode...

Documents

Transcript of WAF Getting Started Guide for AWS MarketplaceTrustwave WAF for AWS supports Inline-Proxy mode...