WAF on AWS Deployment Kit. On Demand. Configuration Guide

Similar documents
on Amazon AWS On-Demand Configuration Guide

WAF on Amazon AWS. On-Demand. Configuration Guide

AWS Remote Access VPC Bundle

CPM. Quick Start Guide V2.4.0

Training on Amazon AWS Cloud Computing. Course Content

NGF0502 AWS Student Slides

SecureSphere Web Application Firewall Test Drive

Veritas Desktop and Laptop Option 9.1 Qualification Details with Cloud Service Providers (Microsoft Azure and Amazon Web Services)

SymantecTM Desktop and Laptop Option. Symantec DLO s Storage in Cloud (Amazon Web Services)

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

Netflix OSS Spinnaker on the AWS Cloud

SymantecTM Desktop and Laptop Option. Symantec DLO s Storage in Cloud (Amazon Web Services)

SIOS DataKeeper Cluster Edition on the AWS Cloud

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

EdgeConnect for Amazon Web Services (AWS)

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster

Pexip Infinity and Amazon Web Services Deployment Guide

Load Balancing Web Servers with OWASP Top 10 WAF in AWS

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Introduction to Cloud Computing

Deploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services

Remote Desktop Gateway on the AWS Cloud

Puppet on the AWS Cloud

Swift Web Applications on the AWS Cloud

Confluence Data Center on the AWS Cloud

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

NetApp Cloud Volumes Service for AWS

AWS Service Catalog. User Guide

Cloud Computing /AWS Course Content

Introduction to Amazon EC2 Container Service (Amazon ECS) Hands On Lab

Tetration Cluster Cloud Deployment Guide

Amazon Web Services Training. Training Topics:

FusionHub. SpeedFusion Virtual Appliance. Installation Guide Version Peplink

Virtual Private Cloud. User Guide. Issue 21 Date HUAWEI TECHNOLOGIES CO., LTD.

Securely Access Services Over AWS PrivateLink. January 2019

FortiMail AWS Deployment Guide

F5 BIG-IQ Centralized Management and Amazon Web Services: Setup. Version 5.4

Installing and Configuring vcloud Connector

DenyAll WAF User guide for AWS

Amazon Web Services (AWS) Training Course Content

Amazon Virtual Private Cloud. Getting Started Guide

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

Amazon Elasticsearch Service

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

How to Deploy an AMI Test Agent in Amazon Web Services

USER GUIDE. Veritas NetBackup CloudFormation Template

Deploying Transit VPC for Amazon Web Services

Silver Peak. AWS EC-V for Multi- Instance Inbound Load Balancing

unisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 2.0 May

WAF on Amazon AWS. On-Demand. Configuration Guide

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Mediant Cloud Edition (CE)

Introduction to cloud computing

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

CPM Quick Start Guide V2.2.0

VMware Cloud on AWS Operations Guide. 18 July 2018 VMware Cloud on AWS

Pexip Infinity and Google Cloud Platform Deployment Guide

Silver Peak EC-V and Microsoft Azure Deployment Guide

Hosting DesktopNow in Amazon Web Services. Ivanti DesktopNow powered by AppSense

Deploying the Cisco CSR 1000v on Amazon Web Services

Pexip Infinity and Amazon Web Services Deployment Guide

Standardized Architecture for PCI DSS on the AWS Cloud

Pulse Connect Secure Virtual Appliance on Amazon Web Services

JIRA Software and JIRA Service Desk Data Center on the AWS Cloud

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

HashiCorp Vault on the AWS Cloud

TIBCO Cloud Integration Security Overview

Dell SonicWALL SonicOS 5.9 Upgrade Guide

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

Pass4test Certification IT garanti, The Easy Way!

Firebox Cloud. Deployment Guide. Firebox Cloud for AWS and Microsoft Azure

Transit Network VPC. AWS Reference Deployment Guide. Last updated: May 10, Aviatrix Systems, Inc. 411 High Street Palo Alto, CA USA

AWS Course Syllabus. Linux Fundamentals. Installation and Initialization:

Moxa Remote Connect Server Software User s Manual

LINUX, WINDOWS(MCSE),

FusionHub. Evaluation Guide. SpeedFusion Virtual Appliance. Version Peplink

ForeScout Amazon Web Services (AWS) Plugin

Creating Your Virtual Data Center

Installing and Configuring vcloud Connector

CloudEdge Deployment Guide

Oracle CIoud Infrastructure Load Balancing Connectivity with Ravello O R A C L E W H I T E P A P E R M A R C H

Configuring AWS for Zerto Virtual Replication

Configuring VPC Peering For AWS

AWS Solution Architect Associate

Getting Started with AWS Security

IoT Device Simulator

Migrating VMs from VMware vsphere to Oracle Private Cloud Appliance O R A C L E W H I T E P A P E R O C T O B E R

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

Course Outline. Module 1: Microsoft Azure for AWS Experts Course Overview

Overlay Engine. VNS3 Plugins Guide 2018

CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

Achieving High Availability with Oracle Cloud Infrastructure Ravello Service O R A C L E W H I T E P A P E R J U N E

(Document Insight Evaluation Title) Quick Start Guide (Product Version 10.0

Oracle Information Rights Management Oracle IRM Windows Authentication Extension Guide 10gR3 August 2008

Transcription:

WAF on AWS Deployment Kit On Demand Configuration Guide 13.0 March 2018

Copyright Notice 2002-2018 Imperva, Inc. All Rights Reserved. Follow this link to see the SecureSphere copyright notices and certain open source license terms: https://www.imperva.com/sign_in.asp?returl=/articles/reference/securesphere-license-and-copyright-information This document is for informational purposes only. Imperva, Inc. makes no warranties, expressed or implied. No part of this document may be used, disclosed, reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Imperva, Inc. To obtain this permission, write to the attention of the Imperva Legal Department at: 3400 Bridge Parkway, Suite 200, Redwood Shores, CA 94065. Information in this document is subject to change without notice and does not represent a commitment on the part of Imperva, Inc. The software described in this document is furnished under a license agreement. The software may be used only in accordance with the terms of this agreement. This document contains proprietary and confidential information of Imperva, Inc. This document is solely for the use of authorized Imperva customers. The information furnished in this document is believed to be accurate and reliable. However, no responsibility is assumed by Imperva, Inc. for the use of this material. TRADEMARK ATTRIBUTIONS Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand and product names are trademarks or registered trademarks of their respective owners. PATENT INFORMATION The software described by this document is covered by one or more of the following patents: US Patent Nos. 7,640,235, 7,743,420, 7,752,662, 8,024,804, 8,051,484, 8,056,141, 8,135,948, 8,181,246, 8,392,963, 8,448,233, 8,453,255, 8,713,682, 8,752,208, 8,869,279 and 8,904,558, 8,973,142, 8,984,630, 8,997,232, 9,009,832, 9,027,136, 9,027,137, 9,128,941, 9,148,440, 9,148,446 and 9,401,927. Imperva Inc. 3400 Bridge Parkway Redwood Shores, CA 94065 United States Tel: +1 (650) 345-9000 Fax: +1 (650) 345-9004 Website: http://www.imperva.com General Information: info@imperva.com Sales: sales@imperva.com Professional Services: consulting@imperva.com Technical Support: support@imperva.com Imperva-SecureSphere-v13.0-WAF-on-Amazon-AWS-On-Demand-Deployment-Kit-Configuration-Guide-v1 SecureSphere WAF on AWS Deployment Kit Configuration Guide 2

End User License and Services Agreement To view the End User License and Service Agreement for this product, please visit http://www.imperva.com/other/licenseagreement AWS Deployment Kit Supported Platforms The AWS Deployment Kit is supported with the following 'SecureSphere on AWS' platforms: SecureSphere Versions: v11.5 License Models: Both BYOL and On-Demand Products: WAF SecureSphere WAF on AWS Deployment Kit Configuration Guide 3

Using the SecureSphere AWS Deployment Kit The AWS Deployment Kit is a special CloudFormation template file that enables the user to create a working AWS environment, complete with availability zone redundancy, scalable Gateways, a working accessible Management Server, NAT instances, Load balancers etc., in about 90 minutes. The Deployment Kit can be used to set up a real, production deployment, or it can be used by customers who need more information on what a deployment should look like by creating a working reference deployment, to which they can then refer in order to troubleshoot their own SecureSphere AWS deployment. The Deployment Kit sets up the following components: VPC: a virtual private cloud network 2 NAT instances: required in order to allow access to Amazon API commands for the creation of the Management Server and the Gateway, as well as provide access to the Management Server UI 2 management subnets: used to access the Management server, one for each availability zone; 2 data subnets: used by the Gateway instances, one for each availability zone 2 public subnets: used by the NAT instances, one for each availability zone Management Server stack: an AWS stack that creates our Management Server Gateway stack: an AWS stack that creates a scaling group of Gateways on 2 availability zones ELB: a load balancer that directs HTTP traffic to the Gateways Routing tables: for each subnet mentioned above, a routing table is needed to allow access to other subnets Security groups: facilitate and block traffic from specific ports and subnets. Note that the Deployment Kit creates a fixed setup with the following characteristics: It sets up NAT instances rather than an HTTP Proxy It creates two Gateways in two availability zones It sets up a Management Server with no MX-HA It creates a single VPC and multiple subnets, and does not use existing VPCs or subnets It protects servers exposed to the internet and not a web server inside the VPC. You can easily update the deployment to support internal servers by VPC peering or using a VPN to the new VPC. Deploying SecureSphere WAF with the AWS Deployment Kit 5 Confirming that the SecureSphere WAF Site is Running 6 Moving to Production 6 SecureSphere WAF on AWS Deployment Kit Configuration Guide 4

Using the SecureSphere AWS Deployment Kit Deploying SecureSphere WAF with the AWS Deployment Kit Deploying SecureSphere WAF with the AWS deployment kit is designed to be seamless and fast, but it creates a very specific setup of SecureSphere. To deploy SecureSphere WAF with the AWS deployment kit: 1. In your browser, navigate to your Amazon Web Services page, and log in using your AWS account information. 2. Under Deployment and Management, click CloudFormation. The CloudFormation page appears. 3. Click Create Stack. The Select Template page appears. 4. Under Template, select Upload a template to Amazon S3 and click Browse. The File Upload dialog box appears. 5. Navigate to the AWS development kit json file (SecureSphere-POC-Kit-<SecureSphere-Version>.json) on your computer, then click Open. The dialog box closes. 6. In the Select Template page, click Next. 7. Enter a Stack Name for your stack. 8. Under Parameters, enter values in accordance with the table below. Click Next. The Options page appears. 9. Optional - Under Tags, for Key enter Name, and for Value enter the name you gave the stack. 10. Click Next. The Review page appears, summarizing the values for the parameters of your new stack. 11. Review these values to ensure they are correct. 12. Check the box I acknowledge that this template might cause AWS CloudFormation to create IAM resources. Click Create. The CloudFormation page appears, showing the progress of the creation of your new stack. The development kit first creates the Management Server stack, and then the Gateway stack. The process takes about 90 minutes. Name KeyPairName MXPassword ProtectedSite Description The AWS Key pair for connecting to the NAT instances and SecureSphere servers. The password used to log in as an admin user to the Management Server UI. The address of a site that the user would like SecureSphere to protect. Note: If you encounter an error that states, Your requested instance type (<instance>) is not supported in your requested Availability Zone (<zone_x>). Please retry your request by not specifying an Availability Zone or choosing <zone_y>, <zone_z>, perform the following: a. Open the json file. b. Find the section RegionToZoneMap. c. In the row that begins with the region specified by availability zone <zone_x>, replace the problematic availability zone <zone_x> with either <zone_y> or <zone_z>. d. Save the file. e. Redeploy SecureSphere WAF with the AWS Development Kit. SecureSphere WAF on AWS Deployment Kit Configuration Guide 5

Using the SecureSphere AWS Deployment Kit Confirming that the SecureSphere WAF Site is Running When the AWS development kit set-up process is complete, you can confirm that the site is running by selecting the Output tab. ManagementURL: The link to the Management Server UI, that enables you to manage your SecureSphere system. ProtectedSite: The link to the protected site. Notes: The AWS development kit creates a forwarding rule in the NAT instance to allow external access to the Management Server port. For production environments, remove this and ensure that the Management Server is accessible by internal connections (e.g. jump server) only. The NAT instance's DNS name may change after reboot. This new DNS name will not appear in the value of the ManagementURL. You can find the new name in the EC2 console. Moving to Production If you want to make your deployment kit setup into a production setup, you should consider carrying out the following tasks: Remove external access to the Management Server: The AWS development kit creates a forwarding rule in the NAT instance to allow external access to the Management Server port. For production environments, remove this and ensure that the Management Server is accessible by internal connections (e.g. jump server) only. Protect internal servers: You need to configure your web application servers so that they receive traffic via the WAF only. The WAF should then be connected to the web servers' VPC. this can be achieved by VPC peering. For more information, see VPC Peering. Move to protection: For more information, see Configuring Operation Mode. Configure XFF: For more information, see XFF. 6 SecureSphere WAF on AWS Deployment Kit Configuration Guide

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback