WAF Service Outage Response

When a WAF service outage occurs, address and respond to the issue in the order below.

Service outage detection

• The service owner will become aware of a failed service URL health check or a response error.
• The security monitoring center will encounter SECaaS service disruptions and cause the registered Origin Healthcheck to fail.

Remediation

• After confirming the cause of the outage, if it is determined to be a failure of the SECaaS service, you must change the registered CNAME/A Record values back to the original service’s Origin IP/address for redirection (reversion). Since DNS values need to be changed, the user must handle it directly.
• When an urgent bypass (restoration) is required.
  • SECaaS(WAF) → Server(Origin) Open the segment firewall to any.
  • You can achieve the same effect by asking the SECaaS administrator to request DNS bypass processing in the SECaaS settings. (It is applied based on the DNS TTL value and takes about 5 minutes.)
  • Websites that use an A Record for DNS, such as root (naked) domains, cannot be applied.

SECaaS reapplication

After the outage is resolved, reapply the modified CNAME/A Record values to the SECaaS CNAME/A Record address.