This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

How-to guides

1: WAF Build Process Guide

Users can apply for the service by entering the required information for using the WAF service through the Samsung Cloud Platform Console.

Apply for WAF

You can apply for and use the WAF service from the Samsung Cloud Platform Console.

To request the creation of a WAF service, follow these steps.

Click the All Services > Security > WAF menu. You will be taken to the WAF’s Service Home page.
On the Service Home page, click the WAF Service Request button. You will be taken to the Support Center > Service Request List > Service Request page.

Service Request page: enter or select the required information in the mandatory input fields.

Select WAF creation in the task type.

Input field	Detailed description
Title	Enter the title of the service request Example: WAF Service Creation Request
Region	Select the location of the Samsung Cloud Platform Automatically filled with the region corresponding to the Account
Service	Select the service category and service. If you click the WAF service request button, it is entered automatically Service Category: Security Service: WAF
Task classification	Select the type you want to request Create WAF: select when requesting a new service
content	Customer Basic Information Entry and Application Process Guide Content: End Customer/MSP Information
Attachment	Upload the completed WAF service application (required) and any additional files you wish to share You can attach up to 5 files, each no larger than 5 MB Only doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, and tif files are allowed

Table. WAF Service Creation Request Items

After reviewing the application process and reference information, click the Form Download > Service Request Form Download button to download the WAF Service Application Form.

Please complete the WAF Service Application.

Refer to the item descriptions in the Application Information and Monitoring Information tabs and complete the required fields.

Category	Detailed description
Application Information	Write required items such as application type, usage period, throughput information, basic information, etc.
Monitoring information	Enter required items such as WAF service application information and SSL certificate information Public-sector customers do not need to fill this out

Table. Main contents of the WAF service creation request form

Attach the completed application form in the attachment area.
Click the Request button on the service request page.
- When the request is completed, check the submitted details on the Support Center > Service Request List page.
After the monitoring personnel review the submitted service request, they proceed with the process to use the service.
The WAF service is being launched.

Terminate WAF

To request termination of the WAF service, follow the steps below.

Click the All Services > Management > Support Center menu. Go to the Support Center > Service Home page.
On the Support Center Service Home page, click the Service Request button. You will be taken to the Service Request List page.
On the Service Request List page, click the Service Request button. You will be taken to the Service Request page.

Service Request page: enter or select the required information in the mandatory input fields.

Select WAF termination in the task type.

Input field	Detailed description
Title	Enter the title of the service request Example: WAF Service Termination Request
Region	Select the location of the Samsung Cloud Platform automatically entered with the region corresponding to the Account
Service	Select service category and service Service Category: Security Service: WAF
Task classification	Select the type you want to request WAF termination: select if you are terminating the service
content	Customer Basic Information Entry and Application Process Guide Content: End Customer/MSP Information
Attachment	If you have a completed WAF service application (required) and any additional files you wish to share, proceed with the upload You can attach up to 5 files, each no larger than 5 MB Only doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, and tif files are allowed

Table. Table. WAF service termination request items

After reviewing Application Process and Notes, click the Form Download > Service Request Form Download button to download the WAF Service Application Form.

Please complete the WAF Service Application.

Refer to the item descriptions in the Application Information and Monitoring Information tabs and complete the required fields.

Category	Detailed description
Application Information	Fill out required fields such as application type, usage period, transaction volume information, and basic information.
Monitoring information	When terminating the entire service, no input is required.

Table. Main contents of WAF service termination request form

Attach the completed application form to the attachment area.
Click the Request button on the service request page.
- After the request is completed, verify the submitted information on the Support Center > Service Request list page.
After the monitoring staff verifies the submitted service request, the termination process is completed once the monitored URL, port, and IP are removed.
- Service termination requires three business days, including the cancellation request date.

1 - WAF Build Process Guide

To start the WAF service, you need to apply for the service and then perform WAF license installation and monitoring integration verification. After you request the WAF service, the person in charge will review the service request details and contact you. Please refer to the process below to request the WAF service.

guide

WAF installation is directly supported by SDS engineers and proceeds after consulting with the client on configuration, specifications, and related details.

Considering the overall process schedule, apply for the service at least one month before the service launch (business days).

Preliminary preparation work

The preliminary preparation steps for using the WAF service are carried out according to the following procedure.

Submit a service request to install the WAF. (MSP → SDS)
Please request WAF SW installation. (SDS → Engineer)
Please provide the engineer information for the WAF installation work. (SDS → MSP)

Samsung Cloud Platform Console task (MSP execution)

To use the WAF service, the Samsung Cloud Platform Console performs the following steps.

Register an SSL certificate in the Certificate Manager service.
- Application path: Samsung Cloud Platform Console > Security > Certificate Manager
- Purpose: Operation
Create a Virtual Server service for WAF.
- Application path: Samsung Cloud Platform Console > Compute > Virtual Server
- Determine CPU, memory, and block storage capacity based on WAF specifications.
- WAF Virtual Server specifications: view quotation
Create a Load Balancer service.
- Application path: Samsung Cloud Platform Console > Networking > Load Balancer
Create an L7 service for SSL offloading.
Create an L4 service when load balancing is required for WAF redundancy.
Create an L4 service when load balancing is required for web server redundancy.

Configure the required Load Balancer/Firewall/Security Group.

Configure the Firewall and Security Group to match the Load Balancer’s communication path as follows.

The source inputs the user’s network information.

Category	Common Security Zone FW	Internet Gateway FW	Load Balancer FW	Virtual Server SG
Inbound (destination)	LB service public IP	LB service private IP	LB service private IP	LB Link IP
IP (example)	123.43.8.xxx	10.10.0.xxx	10.10.0.xxx	192.168.254.xxx
Port	LB service port	LB service port	LB service port	Forwarding/Health Check Port

Table. FW/SG configuration items according to the Load Balancer's communication path

Configure HTTP redirection for the LB service. (Optional)

Set the Load Balancer’s HTTP redirection option as follows.

LB service	L7 HTTP	L7 HTTPS
LB Profile > Profile Type	Application	Application
LB Profile > Service Classification	L7 HTTP	L7 HTTP
LB Profile > HTTP Redirection	Settings	Not set
IP/NAT IP	Set the same	Set the same
service port	80	443
forwarding port	80	80
Server Group > When Using WAF	Not set	WAF Virtual Server
Server Group > When WAF is not used	Not set	WEB Virtual Server
Certificate registration	Unregistered	Register

Table. Load Balancer HTTP redirection configuration items

Grant the WAF engineer access permissions to the Virtual Server for WAF.

WAF SW Installation and Test (WAF Engineer & MSP)

When the WAF specifications are finalized, the engineer installs the WAF software and conducts testing.

Policy request and implementation for WAF security monitoring

Create and apply policies required for WAF security monitoring.

Request the required policy from the Samsung Cloud Platform Console. (SDS → MSP)
Deliver and apply the created policy. (SDS → MSP)
Check the items that require policy registration. (Direct Connect Firewall/Security Group/Routing)
- SDS → Verify that the WAF access path for each client is secured. If additional registration is required, request it by email.
- Check whether the WAF → SIEM log transmission path is secured for each client. If additional registration is needed, request it via email.

Constraints

When installing the WAF, first check the following constraints before proceeding.

When WAF is configured as a single instance, service continuity cannot be guaranteed in case of a failure of the WAF-installed Virtual Server or the WAF application. (Bypass is not supported between Samsung Cloud Platform LB and WAF)
If service availability of the website where WAF is applied is critical, WAF redundancy must be implemented. If WAF redundancy is required, a separate request must be made.
Security monitoring through the Samsung Cloud Platform service is available only for Penta Security products.
Other vendors’ products are listed in the marketplace, but Samsung SDS security monitoring services are not offered.