How to Configure Web Application Firewall (WAF) on the SMA 100 Series?

Web Application Firewall is subscription-based software that runs on the SMA appliance and protects Web applications running on servers behind the SMA. A Web Application Firewall also provides real-time protection for resources such as HTTP(S) bookmarks, Citrix bookmarks, offloaded Web applications, and the Secure Mobile Access management interface and user portal that run on the SMA appliance itself. 

The Web Application Firewall |Status page provides status information about the Web Application Firewall service and signature database and displays the license status and expiration date. Synchronize allows you to download the latest signatures from the SonicWall Inc. online database. You can use Download to generate and download a PCI compliance report file.  

Enabling Web Application Firewall and Configuring General Settings

To enable and activate Web Application Firewall, you must select the check box to globally enable it and select at least one of the check boxes in the Signature Groups table. The settings in the General Settings section on this page allow you to globally manage your network protection against attacks by selecting the level of protection for high, medium, or low priority attacks. You can also clear Global Enable Web Application Firewall to temporarily disable Web Application Firewall without losing any of your custom configuration settings. 

You can enable automatic signature updates in the General Settings section, so that new signatures are automatically downloaded and applied when available. A log entry is generated for each automatic signature update. If a signature is deleted during automatic updating, its associated Exclusion List is also removed. A log entry is generated to record the removal. You can view the log entries on the Web Application Firewall | Log page.  

To configure global settings for Web Application Firewall:

1. On the Web Application Firewall | Settings page, expand the General Settings section.
2. Select Enable Web Application Firewall.
3. A warning dialog box is displayed if none of the signature groups have Prevent All already selected. Click OK in the dialog box to set all signature groups to Prevent All, or click Cancel to leave the settings as they are or to manually continue the configuration.
   
   
   
   
   
   
   
4.  Select Apply Signature Updates Automatically to enable new signatures to be automatically downloaded and applied when available. You do not have to click Apply on the Web Application Firewall | Status page to apply the new signatures.
5. Select the desired level of protection for High Priority Attacks in the Signature Groups table. Select one of the following options:
   • Select Prevent All to block access to a resource when an attack is detected. Selecting Prevent All automatically selects Detect All, turning on logging.
   • Clear Prevent All and select Detect All to log attacks while allowing access to the resource.
   • To globally disable all logging and prevention for this attack priority level, clear both check boxes.
6. Select the desired level of protection for Medium Priority Attacks in the Signature Groups table.
7. Select the desired level of protection for Low Priority Attacks in the Signature Groups table.
8. When finished, click Accept.

TIP: Refer to Section 10, starting on page 203, of the SonicWall Secure Mobile Access 10.2 Administration Guide for a complete description of Web Application Firewall configuration and options.