Skip to content

Valtix Documentation

Valtix Home
Documentation
Documentation
- Solution Overview
- Getting Started
  Getting Started
  - Easy Setup
- Account Onboarding
  Account Onboarding
  - AWS
    AWS
    
    Overview
    
    Account Onboarding
    
    Tech Notes
    Tech Notes
    
    IAM Roles
    
    Discovery Features
    
    VPC Setup
  - Azure
    Azure
    
    Overview
    
    AD Application
    
    Custom Role
    
    Marketplace Terms
    
    User Assigned Identity
    
    Account Onboarding
    
    VNet Setup
  - GCP
    GCP
    
    Overview
    
    Enable API
    
    Service Accounts
    
    Account Onboarding
    
    VPC Setup
  - OCI
    OCI
    
    Overview
    
    Setup Tenant
    
    Onboard Account
- Discovery
  Discovery
  - Overview
  - Enable Inventory
  - Discovered Assets
  - Security Insights
  - Rules and Findings
  - Enable DNS Logs
    Enable DNS Logs
    
    AWS
    
    Azure
    
    GCP
  - Enable VPC Flow Logs
    Enable VPC Flow Logs
    
    AWS
    
    Azure
    
    GCP
- Investigate & Analysis
  Investigate & Analysis
  - Flow Analytics
    Flow Analytics
    
    Overview
    
    Traffic Summary
    
    All Events
    
    Flow Logs
    
    Firewall Events
    
    Network Threats
    
    Web Attacks
    
    URL Filtering
    
    FQDN Filtering
    
    HTTPS Logs
  - Network Analytics
    Network Analytics
    
    Stats
  - System Status
    System Status
    
    Audit Logs
    
    System Logs
- Security Gateways
  Security Gateways
  - Overview
  - AWS
    AWS
    
    Service VPCs
    Service VPCs
    
    Manage Service VPCs
    
    Manage Spoke VPCs
    
    Ingress
    
    Egress / East-West
  - Azure
    Azure
    
    Service VNet
    Service VNet
    
    Manage Service VNets
    
    Manage Spoke VNets
    
    Ingress
    
    Egress / East-West
  - GCP
    GCP
    
    Service VPC
    Service VPC
    
    Manage Service VPCs
    
    Manage Spoke VPCs
    
    Ingress
    
    Egress / East-West
  - OCI
    OCI
    
    Ingress
    
    Egress / East-West
  - Upgrade
- Security Policy
  Security Policy
  - Ruleset
  - Rules
- Addresses and Services
  Addresses and Services
  - Address Objects
  - FQDN Objects
  - Service Objects
    Service Objects
    
    Reverse Proxy (Ingress)
    
    Forward Proxy (Egress/East-West)
    
    Forwarding (Egress/East-West)
  - Application ID
- Certificates and Decryption
  Certificates and Decryption
  - Certificates & Keys
  - Decryption
  - Tech Notes
    Tech Notes
    
    Azure Key Vault
    
    AWS KMS
    
    Self-Signed Certificates
- Application Threats
  Application Threats
  - WAF (Web Application Firewall)
  - L7 DoS (L7 Denial of Service)
- Network Threats
  Network Threats
- FQDN and URL Filtering
  FQDN and URL Filtering
  - FQDN
  - URL
  - Categories
- Log Forwarding
  Log Forwarding
  - Overview
    Overview
    
    Events and Logs
    
    Discovery Logs
  - Destinations / SIEMs
    Destinations / SIEMs
    
    AWS S3 Bucket
    
    Datadog
    
    GCP Logging
    
    Microsoft Sentinel
    
    Splunk
    
    Sumo Logic
    
    Syslog
- NTP
  NTP
  - Overview
- Packet Capture
  Packet Capture
  - Overview
- Reports
  Reports
  - Overview
- Administration
  Administration
  - Users
    Users
    
    Overview
    
    Multi-Factor Authentication (MFA)
    
    Single Sign-On (SSO)
    Single Sign-On (SSO)
    
    Azure AD (SAML)
    
    Okta (SAML)
    
    OneLogin (SAML)
  - Roles
  - Account
- Alerting
  Alerting
  - Overview
  - Destinations / SIEMs
    Destinations / SIEMs
    
    Datadog
    
    Microsoft Sentinel
    
    Pagerduty
    
    ServiceNow
    
    Slack
    
    Webex
- Terraform
  Terraform
  - Terraform
Tutorials
Tutorials
- Overview
- AWS
  AWS
  - Workshop
    Workshop
    
    Introduction
    
    Workshop Breakdown
    
    Prerequisites
    
    Lab
    Lab
    
    Lab 1: Discover
    
    Lab 2: Deploy
    
    Lab 3: Defend
    
    Clean Up
    
    Conclusion
  - Advanced Network Setup
    Advanced Network Setup
    
    Egress & East-West
    Egress & East-West
    
    Discover
    Discover
    
    Step 1: AWS Setup
    
    Step 2: Add AWS Account
    
    Step 3: Discovery
    
    Deploy
    Deploy
    
    Step 1: Deploy Service VPC
    
    Step 2: Deploy Valtix Gateway
    
    Step 3: Protect Spoke VPCs
    
    Defend
    Defend
    
    Step 1: Policy Rule
    Step 1: Policy Rule
    
    Forward Proxy
    
    Forwarding
    
    Step 2: Security Profiles
    Step 2: Security Profiles
    
    IPS
    
    FQDN-Filtering
    
    Data Loss Prevention
    
    Ingress
    Ingress
    
    Discover
    Discover
    
    Step 1: AWS Setup
    
    Step 2: Add AWS Account
    
    Step 3: Discovery
    
    Deploy
    Deploy
    
    Step 1: Deploy Service VPC
    
    Step 2: Deploy Valtix Gateway
    
    Step 3: Protect Spoke VPCs
    
    Defend
    Defend
    
    Step 1: Policy Rule
    
    Step 2: Security Profiles
    Step 2: Security Profiles
    
    IPS
    
    WAF
- GCP
  GCP
  - Workshop
    Workshop
    
    Introduction
    
    Workshop Breakdown
    
    Prerequisites
    
    Lab
    Lab
    
    Lab 1: Discover
    
    Lab 2: Deploy
    
    Lab 3: Defend
    
    Clean Up
    
    Conclusion
Reference Architecture
Reference Architecture
- Overview
- AWS
  AWS
  - Centralized
    Centralized
    
    Ingress
    
    Egress / East-West
    
    Subnet Segmentation
    
    Egress / East-West (NAT Gateway)
    
    GWLB-based Ingress / Egress
- Azure
  Azure
  - Centralized
    Centralized
    
    Ingress
    
    Egress / East-West
- GCP
  GCP
  - Centralized
    Centralized
    
    Combined
- OCI
  OCI
  - Centralized
    Centralized
    
    Ingress
    
    Egress / East-West
FAQ
FAQ
- FAQ
Releases
Releases
- Overview
  Overview
- Supported Releases
  Supported Releases
  - Controller / UI
    Controller / UI
    
    24.04 - April 30, 2024
  - Gateways
    Gateways
    
    24.06-04 - October 25, 2024
    
    23.08-17 - September 4, 2024
  - Terraform Provider
    Terraform Provider
    
    24.10.2 - November 15, 2024
    
    24.2.3 - September 9, 2024
- End-of-Support Releases
  End-of-Support Releases
  - Gateways
    Gateways
    
    24.04 - May 16, 2024
  - Terraform Provider
    Terraform Provider
    
    23.10 - November 6, 2023
- End-of-Life Releases
  End-of-Life Releases
  - Controller / UI
    Controller / UI
    
    24.02 - February 26, 2024
    
    23.12 - December 14, 2023
    
    23.10 - October 31, 2023
    
    23.09 - September 30, 2023
    
    23.08 - August 21, 2023
    
    23.07 - July 19, 2023
    
    23.06 - June 26, 2023
    
    23.05 - June 8, 2023
    
    23.04 - April 20, 2023
    
    23.02 - February 15, 2023
    
    22.12 - December 15, 2022
    
    22.10 - November 7, 2022
    
    22.09 - October 6, 2022
    
    22.08 - September 7, 2022
    
    22.07 - August 7, 2022
    
    22.06 - July 6, 2022
    
    22.05 - June 2, 2022
    
    22.04 - May 5, 2022
    
    22.03 - March 31, 2022
    
    22.02 - March 2, 2022
    
    22.01 - January 31, 2022
    
    2.11 - December 26, 2021
  - Gateways
    Gateways
    
    24.02 - April 18, 2024
    
    23.10 - January 11, 2024
    
    23.06 - November 12, 2023
    
    23.04 - September 3, 2023
    
    23.02 - July 10, 2023
    
    22.12 - July 27, 2023
    
    22.10 - March 7, 2023
    
    22.09 - October 17, 2022
    
    22.08 - January 4, 2023
    
    22.06 - November 8, 2022
    
    22.04 - September 3, 2022
    
    22.02 - April 22, 2022
    
    2.11 - July 25, 2022
  - Terraform Provider
    Terraform Provider
    
    23.8 - August 22, 2023
    
    23.7 - July 27, 2023
    
    23.6 - July 17, 2023
    
    23.5 - June 12, 2023
    
    23.4 - May 23, 2023
    
    23.2 - February 17, 2023
    
    22.12 - December 29, 2022
    
    22.10 - December 6, 2022
    
    22.9 - October 6, 2022
    
    22.8 - September 10, 2022
    
    22.7 - August 10, 2022
    
    22.6 - July 6, 2022
    
    22.5 - June 6, 2022
    
    22.4 - May 13, 2022
    
    22.3 - March 31, 2022
    
    22.1 - February 7, 2022
  - 2.10 - 2021-10-21
    2.10 - 2021-10-21
    
    Features and Changes
    
    Controller / UI
    
    Gateway
    
    Terraform Provider
  - 2.9 - 2021-08-25
    2.9 - 2021-08-25
    
    Features and Changes
    
    Controller / UI
    
    Gateway
    
    Terraform Provider
  - 2.8 - 2021-06-08
  - 2.7 - 2021-03-29
  - 2.6 - 2021-02-08
  - 2.5 - 2020-11-10
  - 2.4 - 2020-09-03
  - 2.2 - 2020-06-23
  - 2.1 - 2020-06-05
  - 2.0 - 2020-04-17
  - 1.2 - 2020-01-23
  - 1.1 - 2019-11-05
Support
Support
- Overview

WAF¶

Web Application Firewall(WAF) helps protect web application from common exploits.

Step 1: Create WAF Profile

Go to Manage -> Profiles -> Web Protection
Click on Create Protection Profile.
Select Application Threat
In the Profile Builder table, click on "Add All" link under Core tab.
Give the profile a name. (eg. waf-demo)
For "CRS Ruleset Version" field, select Automatic.
For "Trustwave Ruleset Version" field, select Automatic.
For Paranoia Level, select 3.
Leave remaining fields as default and click Save.

Step 2: Attach WAF Profile to Policy

Click Manage -> Security Policies -> Rules
Click on the ruleset name that's associated with the ingress gateway
Click the table row ingress-http and click Edit
In the editor panel, select the Web Protection Profile waf-demo and click Save to save the rule
Click Save to save the ruleset
The rule shows waf-demo as a profile in the rules table