This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall and WAF - what comes first?

Hello,

this is a follow up on this post:

High CPU usage since 2:20 this night - General Discussion - UTM Firewall - Sophos Community

With some other questions. This is why the other post doesn't fit, but if reference is needed...

The question is:

What comes first? Firewall or WAF?

According to my tests, firewall can't block what WAF is allowing through, is that correct?

If so, is there a way I can selectively allow what is allowed on the WAF, like which IP or domain?

The problem I have is that the firewall is being bombarded with millions of packets daily from various sources (agents), and I have found no way to allow them on the WAF, without bringing the whole firewall to the crawl.

So my thinking is like, "block all, but allow x.x.x.x IP", hoping that one customer or IP won't overload the firewall, and I'll be able to update or uninstall agents.

Thank you.



This thread was automatically locked due to age.
Parents Reply Children
No Data