I’ve already written a lot about Web Application Firewall (WAF). I’ve configured AWS Shield & AWS WAF in the Amazon Cloud. I’ve also configured F5 BIG-IP WAF and I’ve even recorded some videos such as L7 DDoS Mitigation and CSRF Protection. I’ve written about the differences between WAF vs IPS as well as I’ve configured the Fortinet FortiWeb. However, although I knew FortiOS allowed to enable the WAF feature years ago, I had never configured the WAF feature in FortiGate till now.
Firstly, it’s important to know WAF is not an Intrusion Detection System. An IDS is not going to block attacks. An IDS is going to alert us about attacks. I recommend installing an IDS in your network to know and detect attacks as well as misconfigurations and bad practices. Maybe an IDS is going to alert us about attacks which are not truth. They are false positives. It’s doesn’t matter! IDS are very sensitive and that’s why every suspicious packet can send alerts. However, it’s a best practice to install IDS probes in your network.
Secondly, it’s also important to highlight WAF is not like an IPS. An Intrusion Prevention System is going to block attacks but only well-known attacks. IPS use signatures to detect and block attacks. Therefore, signatures should be updated everyday. When there is a new vulnerability, the signature database is updated. It’s highly recommended installing IPS to all services they are reachable from Internet. For instance, web, mail and file services should have an IPS profile to protect these services from attackers who want to exploit vulnerabilities.
From my point of view, IDS and IPS are recommended to detect and block attacks. However, if you have web services and they are reachable from Internet, you should also install a WAF. You are going to realise a WAF is much better than an IPS because web services will also be protected from sophisticated attacks. You’ll be able to configure URLs, file types, cookies, redirections, etc in the WAF profile. I’ve recorded a new video where you can watch how to configure WAF in a FortiGate firewall.
Regards my friends! Have a nice day!