Forum Discussion
Hawary
Altostratus
AltostratusNetscaler WAF Migration
hi guys,
i have a migration scenario and need you inputs for best approach to migrate. currently i have following scenario: Firewall > Netscaler WAF > F5 LTM and need to replace the Netscaler WA...
Hannes_Rapp
Nimbostratus
NimbostratusWith WAF migration, consider feature by feature approach as a worthy alternative.
If an incident occurs, all troubleshooting efforts can be focused on a smaller area of surface. As an example, in day 1-2, you could only enable basic HTTP compliance checks on BigIP WAF and disable the respective protection on Netscaler WAF. In day 3-4, you take next feature and progress further until Netscaler WAF has no enforced features left. While the migration is ongoing, you're free to handle your usual day-to-day activities with no exposure to major risks.
If you enable learning, your own understanding of the product will not improve as much. Furthermore, automatic learning only gets you to 75% quality of a manually built policy regardless of the learning duration. With that said, in some scenarios 75% could be justified when human labor costs are taken into account.