For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Hawary's avatar
Hawary
Icon for Altostratus rankAltostratus
Mar 01, 2018

Netscaler WAF Migration

hi guys,   i have a migration scenario and need you inputs for best approach to migrate. currently i have following scenario: Firewall > Netscaler WAF > F5 LTM and need to replace the Netscaler WA...
ASM Advanced WAF
LTM
migration
netscaler
security
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Apr 22, 2018

With WAF migration, consider feature by feature approach as a worthy alternative.

 

If an incident occurs, all troubleshooting efforts can be focused on a smaller area of surface. As an example, in day 1-2, you could only enable basic HTTP compliance checks on BigIP WAF and disable the respective protection on Netscaler WAF. In day 3-4, you take next feature and progress further until Netscaler WAF has no enforced features left. While the migration is ongoing, you're free to handle your usual day-to-day activities with no exposure to major risks.

 

If you enable learning, your own understanding of the product will not improve as much. Furthermore, automatic learning only gets you to 75% quality of a manually built policy regardless of the learning duration. With that said, in some scenarios 75% could be justified when human labor costs are taken into account.