D A T A S H E E T

Web Application Firewall (WAF)

NEXT GEN TECH TO STOP NEXT GEN ATTACKS

KEY BENEFITS
OVERVIEW Eliminate costly data breaches
Reduce false positives to
Attacks on web applications and servers are more complex and frequent than ever.
ensure business continuity
Organizations continue to suffer costly data breaches using WAFs that still rely on
Simplify PCI compliance
signatures and pattern matching as their primary defenses; technologies that are efforts
easily evaded. And moving applications to the cloud does not make them any safer.
KEY FEATURES
The NSFOCUS WAF uses next generation technologies to provide comprehensive Semantic analysis engine
application layer security, eliminating these problems and completely protecting your Semantic analysis and
critical web applications. With full out-of-the-box protection against the OWASP Top contextual logic-based attack
Ten, the WAF is specifically engineered to protect not just web applications, but their detection identifies unknown
underlying infrastructure, plug-ins, protocols, and more. threats and minimizes false
positive and false negative

ADVANCED, INNOVATIVE TECHNOLOGY API security

The NSFOCUS WAF technology is powered by an internationally-recognized API security detection and
research lab and developed with over 10 years of experience protecting the world’s protection against API abuse
largest banks, telecommunications, gaming, and SMBs. The WAF uses Intelligent
Patches for code vuln.
Detection™ advanced machine learning technology that is far superior for identifying
Integration with the 3rd-party
web attacks and minimizing false positives/negatives than traditional positive and
code audit products and
negative security models to deliver next-gen real-time web security. capability of providing patches
for source code vulnerabilities
SQLi False Negative False Positive
(based on 7442 payloads) (based on 1458625 payloads) Hybrid management and
solution
Intelligent Detection 0.026874% 0.000745% Open API configuration;
on-premises and cloud
Signature-based Detection 0.604676% 0.342720% management through
centralizedmanagement
platform;
COMPREHENSIVE, MULTI-LAYER SECURITY
Integration with NSFOCUS
The WAF serves as an essential part of a multi-layer security strategy by providing on-prems & cloud DDoS
advanced inspection and specialized security for the web application layer. It also solutions for ensuring
includes up to 1 Gbps of DDoS protection from volumetric layer 7 attacks, including performance during the
largest DDoSattacks
TCP flood and HTTP/S GET/POST floods. When deployed together with higher
capacity NSFOCUS on-premises or cloud Anti-DDoS Defenses, the WAF can direct
Closed Loop vulnerability
traffic flows in real time to the ADS to keep your servers running under the most mitigation
extreme DDoS attacks. Integration with NSFOCUS web
scanner (WVSS) for fastest time
for 0-day vulnerability mitigation
by automatically creating virtual
Botnet patching policies for most found
INTERNET
vulnerabilities

NSFOCUS CLOUD CENTERS

ROUTER

SWITCH
DDoS Defenses to Block DDoS Defenses to
Upstream Block Upstream

WAF defeats WAF defeats HTTP/S

volumetric attacks GET/POST Flood and
(up to 1Gbps) Slow Rate Attacks

Online Trading Finance Gaming

 D A T A S H E E T

WEB SECURITY MADE SMART AND SIMPLE

The NSFOCUS WAF is the ideal solution for safeguarding your critical web infrastructure whether on-prem or in the
cloud.With Intelligent Detection, Smart Patch, Threat Intelligence and Anti-DDoS System, the WAF delivers high
quality application layer security for organizations of any size.

SOFTWARE SPECIFICATIONS
Security Analysis
» Intelligent Detection™ next-gen advanced machine » Positive behavior-based protection model with
learning for lower false positive/negative rates enhanced dynamic profile learning and whitelist
identifying web attacks security
» Automated False Positive Behavioral Analysis » Negative signature-based model
Application Attack Prevention
» OWASP Top 10 » LDAP Injection Protection
» Cross-site Scripting (XSS) » Server-side Includes (SSI) Injection Protection
» Cross Site Request Forgery (CSRF) » xPath Injection Protection
» Command & SQL Injection » Path Traversal Protection
» Remote File Inclusion Protection » Webshell Protection
» Malicious Scanning » Anti-Leeching/Anti-Phishing
» Botnet Protection » Response control
» XML Attack Protection » Outbound Data Theft Protection to secure personal
» Cookie Signing and Encryption privacy information such as credit card, social
» URL Access Control security number, and ID
» Web Scraping Protection » Data Loss Protection
» File Upload and Download Control
Web Server and Networking
» Server cloaking » 802.1Q support
» Server extension security » VLAN decode
» Network-layer ACLs » Protection in Trunk
» ARP spoofing protection » Protection in Port-channels
» Real-time server status monitoring to ensure server
availability
DDoS Protection
» TCP Flood (SYN Flood/ACK Flood) » Brute Force Protection
» HTTP/S GET/POST Flood (Up to 1 Gbps) » Integration with external Anti-DDoS products
» Low-and-Slow Attacks » Integration with cloud based Anti-DDoS products
Security Services
» Content Filtering » Risk level policies
» Sensitive Information Filtering » Client IP-address tracking
» IP Reputation » Exception control
» Geo IP location » Base64 decode
» Virtual patching » False positive analysis and automatic/manual
» Customized policies and rules adjustment

Supported Web Protocols

» HTTP/HTTPS » HSTS
» XML/SOAP » IPv4/IPv6 full stack (IPv4, IPv6 or hybrid)
» WebSocket
Application Delivery
» HTTPS/SSL Offloading » Catching
» HTTP Compression to compress textual content » Web Page Defacement Protection
transferred from web servers to browsers. » Page prefetch
» Layer 7 Server Load balancing » Offline Server Takeover
 D A T A S H E E T

High Availability
» Active/Active; » Fail-open hardware bypass NIC interfaces
» Active/Passive; » Emergency Mode based on thresholds of new
» VRRP connections, use of CPU and use of memory
» Internal “Software” bypass to pass traffic without
inspection (HW appliance)
Management and Reporting
» Secure web-based GUI » Real-time dashboard
» SSH-based CLI access network management » PCI-DSS compliance reporting
» SNMP » Centralized logging and reporting
» Syslog-based logging » Custom templates
» REST API » Central management for multiple NSFOCUS devices
» Built-in test tools » Session tracking and forensics
» Packet capture » Geo IP analytics and blocking
Virtual Machine & Cloud Support Certification
» VMware, KVM, Xen, Hyper-V » ICSA Labs Certified
» AWS, Microsoft Azure, AliCloud, HUAWEI, ZTE, Wo » Veracode VL4 Certified
Cloud, Softbank (Japan), OpenStack

DEPLOYMENT OPTIONS
Shown here are the most popular deployment options, with no changes to applications or networks

Transparent Proxy Mode Out-of-Path Mode Reverse Proxy Mode Cluster Deployment Plug-in Deployment

INTERNET INTERNET INTERNET INTERNET INTERNET

WAF
GATEWAY GATEWAY GATEWAY GATEWAY GATEWAY

WAF
NGINX
WAF LOAD
BALANCER
WAF WAF
NGINX CLUSTER

WAF CLUSTER WAF CLUSTER

WEB SERVER
WEB SERVER WEB SERVER
WEB SERVER WEB SERVER WEB SERVER

HARDWARE SPECIFICATIONS

WAF 300 WAF 600 WAF 800

Gigabit Ethernet Ports 4GE RJ45 bypass 4GE RJ45 bypass 4GE RJ45 bypass

10 Gigabit Ethernet Ports -- -- --

Ethernet
Extension Slot 1 1 1
Interface
4GE RJ45 bypass, 4GE RJ45 bypass, 4GE RJ45 bypass, 4SFP GE
Extension Interface
4SFP GE bypass or 4SFP GE bypass or bypass, 2SFP+10GE w/o
w/o bypass w/o bypass bypass
Max. Number of Ethernet 8 GE 8 GE 8 GE
Interface
Management Port 1FE RJ45 1FE RJ45 1FE RJ45
Management
Serial Port 1×RJ45 1×RJ45 1×RJ45
Interface
USB Interface 2 2 2

Storage Hard Disk 1T, SATA 1T, SATA 1T, SATA

Network-layer 2000 Mbps 2400 Mbps 2800 Mbps

Throughput (RFC 2544)

Performance Latency (RFC 2544) <150 μs <150 μs <150 μs

 D A T A S H E E T

HTTP Throughput 200 Mbps 400 Mbps 800 Mbps

HTTP Transactions Per 10,000 TPS 15,000 TPS 20,000 TPS

Second
HTTP Connections Per 3,000 CPS 5,000 CPS 8,000 CPS
Second
Max. Number of 80,000 110,000 150,000
Concurrent Connections
Form Factor 1U 1U 1U

Dimensions (in) 17.0x1.7x15.4 17.0x1.7x15.4 17.0x1.7x15.4

(W x H x D)
Weight (lb) 11 11 11

Power Supply AC, single or redundant AC, single or redundant AC, single or redundant
Physical AC Input (Amps) 2A 2A 2A

Voltage 100-240V50-60 Hz 100-240V50-60 Hz 100-240V50-60 Hz

Heat Output (BTU/Hr) 222 222 222

Operating Temperature 0°C-40°C (32°F-104°F) 0°C-40°C (32°F-104°F) 0°C-40°C (32°F-104°F)

Storage Temperature -20°C-70°C (-4°F-158°F) -20°C-70°C (-4°F-158°F) -20°C-70°C (-4°F-158°F)

Operational 5% - 95% 5% - 95% 5% - 95%

Relative Humidity (non-condensing) (non-condensing) (non-condensing)

WAF 1000 WAF 1600 WAF 2020 WAF 6000

Gigabit Ethernet Ports 6GE RJ45 -- -- --

w/bypass

Ethernet
Interface 2SFP+
10 Gigabit Ethernet Ports -- -- --
(Transceiver
not included)

Extension Slot 1 4 3 4

4GE RJ45 bypass, 4GE RJ45 bypass,

4GE RJ45 bypass, 4GE RJ45 bypass,
4SFP GE bypass or 4SFP GE bypass or
Extension Interface 4SFP GE bypass or 4SFP GE bypass or
w/o bypass, 2SFP+ w/o bypass, 2SFP+
w/o bypass w/o bypass
bypass or w/o bypass or w/o
bypass bypass

Max. Number of Ethernet 10 GE 16 GE 16 GE or 16 GE or

Interface 8*10GE 8*10GE

Management Port 1GE RJ45 2GE RJ45 2GE RJ45 2GE RJ45
Management
Serial Port 1×RJ45 1×RJ45 1×RJ45 1×RJ45
Interface
USB Interface 2 2 2 2

Storage Hard Disk 1T, SATA 1T, SATA 1T, SATA 1T, SATA

Network-layer 4 Gbps 6 Gbps 8 Gbps 20 Gbps

Throughput
(RFC 2544)
Latency (RFC 2544) <60 μs <50 μs <50 μs <20 μs

HTTP Throughput 1 Gbps 3 Gbps 6 Gbps 10 Gbps

HTTP Transactions 30,000 TPS 55,000 TPS 110,000 TPS 180,000 TPS
Performance Per Second
HTTP Connections 10,000 CPS 20,000 CPS 38,000 CPS 70,000 CPS
Per Second
HTTPS Transaction 15,500 TPS 15,500 TPS 20,000 TPS 68,000 TPS
Per Second (1KB)
 D A T A S H E E T

Max. Number of 150,000 175,000 1,100,000 4,000,000

Concurrent Connections
Form Factor 2U 2U 2U 2U

Dimensions (in) 17.0 x 3.5 x 22.6 17.0 x 3.5 x 22.6 17.0 x 3.5 x 22.6 24.6 x 3.5 x 17.4
(W x H x D)"
Weight (lb) 27.8 28.9 24.3 36.4

Power Supply AC, AC, AC, AC,

redundant redundant redundant redundant

Physical AC Input (Amps) 8-5A 4.5-2A 8-5A 7-3A

Voltage 100-240V 100-240V 100-240V 100-240V

50-60 Hz 50-60 Hz 50-60 Hz 50-60 Hz

Heat Output (BTU/Hr) 1194 1365 1365 1706

Operating Temperature 0°C-40°C 0°C-40°C 0°C-40°C 0°C-40°C

(32°F-104°F) (32°F-104°F) (32°F-104°F) (32°F-104°F)

Storage Temperature -20°C-70°C -20°C-70°C -20°C-70°C -20°C-70°C

(-4°F-158°F) (-4°F-158°F) (-4°F-158°F) (-4°F-158°F)

Operational Relative 5%-95% 5%-95% 5%-95% 5%-95%

Humidity (non-condensing) (non-condensing) (non-condensing) (non-condensing)

VM SPECIFICATIONS
(C)V1000 (C)V500 (C)V200 (C)V100 (C)V50

HTTP Throughput 1 Gbps 500 Mbps 200 Mbps 100 Mbps 50 Mbps

Hypervisor » QEMU-KVM 1.2.8

» VMware vSphere ESXi 5.0/5.5/6.0
» XEN 6.5-7.2

» OpenStack Queen

Minimum Environment Requirements

CPU Cores 8 8 4 4 2

Memory (Min.) 64G 32G 16G 8G 4G

Storage (Min.) 100G 100G 100G 100G 100G

*The performance data is obtained when using Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz.

NSFOCUSGLOBAL.COM 690 N McCarthy Blvd, Suite 170, Milpitas, CA 95035 408.907.6638

© COPYRIGHT 2021, NSFOCUS, Inc. ALL RIGHTS RESERVED WAF | DS091521