Firewall Rules for Physical or Virtual WAF
The following is a list of firewall rules for physical or virtual WAF deployments.
For outbound, the WAF requires 443/https to the Internet (0.0.0.0/0).
The inbound firewall rules below assume the WAF will be listening for HTTP/HTTPS traffic on 80/http and 443/https. Please adjust accordingly if using different TCP ports.
US Data Center Inbound Firewall Rules
| Source | Destination | Protocol | Port | Product Function | Description |
|---|---|---|---|---|---|
| 204.110.218.96/27 | WAF Management Interface | TCP | 4849 | HTTPS | WAF user interface |
| 204.110.219.96/27 | WAF Management Interface | TCP | 4849 | HTTPS | WAF user interface |
| 208.71.209.96/27 | WAF Management Interface | TCP | 4849 | HTTPS | WAF user interface |
| 204.110.218.96/27 | WAF Management Interface | TCP | 22 | SSH | SSH console access |
| 204.110.219.96/27 | WAF Management Interface | TCP | 22 | SSH | SSH console access |
| 208.71.209.96/27 | WAF Management Interface | TCP | 22 | SSH | SSH console access |
| 0.0.0.0/0 | WAF VIP | TCP | 80 | HTTP | Inbound web traffic |
| 0.0.0.0/0 | WAF VIP | TCP | 443 | HTTPS | Inbound web traffic |
UK Data Center Inbound Firewall Rules
| Source | Destination | Protocol | Port | Function | Description |
|---|---|---|---|---|---|
| 185.54.124.0/24 | WAF Management Interface | TCP | 4849 | HTTPS | WAF user interface |
| 185.54.124.0/24 | WAF Management Interface | TCP | 22 | SSH | SSH console access |
| 0.0.0.0/0 | WAF VIP | TCP | 80 | HTTP | Inbound web traffic |
| 0.0.0.0/0 | WAF VIP | TCP | 443 | HTTPS | Inbound web traffic |