WAF Support and SLA


As announced, April 30, 2023 marked the formal retirement of the Fastly WAF (WAF Legacy and WAF 2020). Our Fastly Next-Gen WAF offers similar functionality. It monitors for suspicious and anomalous web traffic and protects, in real-time, against attacks directed at the applications and origin servers that you specify.

Fastly WAF Support

Fastly WAF Support offers the following resources to assist you with mitigating the service impacts of unwanted or malicious requests:

  • Onboarding. We will work with you to enable the initial setup and then do limited monitoring of the designated services for Fastly WAF.
  • Initial configuration and deployment support. We will actively work with you to select your rules to block Attacks.
  • Ongoing Attack mitigation support. We will work directly with you to configure and activate existing WAF rule filters to deal with changing Attacks or new Attacks.
  • New standard rules. We will assist you with the configuration of any new, standard rules introduced in the Fastly WAF.


  • "Business Hours" are 8AM-6PM during a Business Day in California, New York, and London.
  • "Business Days" are Monday through Friday, excluding any day that is a US national or UK banking holiday.
  • An "Attack" is a request or requests intended to cause unwanted or error responses from origin sites configured for any Fastly service. Fastly captures and analyzes suspected or actual Attack traffic to improve and protect its services.
  • "Fastly Control" means elements entirely under Fastly's control and not a consequence of (a) your hardware or software failures, (b) you or your end user's connectivity issues, (c) your operator errors, (d) traffic amounts that exceed your Permitted Utilization as defined in the Terms and Conditions, (e) your corrupted content, (f) acts of god (any) or war, or earthquakes, or terrorist actions.

Support channels and availability

The following table summarizes support channels and availability for Fastly WAF Support as determined by the support package purchased by a Subscriber:

Support offeringGold SupportEnterprise Support
Online self-service helpUnlimited access.Unlimited access.
Availability for general inquiriesBusiness hours.24/7/365.
Severity 1 incident report response2 hours.15 minutes.
Dedicated chat channelNot available.Business hours.
Web and email supportAvailable.Available.
Phone supportNot available.Toll-free telephone available 24/7/365.
Emergency escalationAvailable via email.Available via email and phone support.


As part of onboarding a subscriber service, Fastly support will:

  • enable designated services for WAF functionality, providing access to our rule and filter libraries.
  • work directly with you to determine the right set of rules and filters for your service.
  • publish those rules or filters into your service in logging mode.
  • monitor the behavior of those rules for a designated period starting when the rules are published to the service.

Note that false positive triage will resolve instances where legitimate requests have triggered a WAF rule or filter and either remove the rule from the policy or, where possible, modify the rule or policy to address the legitimate request properly.

Subscriber responsibilities

Subscribers must identify and maintain two points of contact to be used during an Attack to communicate status and issues and to coordinate with Fastly to successfully protect services. Subscribers are responsible for using and configuring CDN services according to the documentation available at https://docs.fastly.com.

Support requests

Subscribers may make support requests by submitting a support ticket, which will trigger a system-generated acknowledgement within minutes containing the ticket number and a direct link to the ticket.

In particular, when requesting support related to an Attack, Subscribers should include as much of the following information as available:

  • a determination of the severity of the Attack.
  • the size of the Attack threatened or previously observed.
  • the type and vector of Attack traffic seen or threatened.
  • any duration of previous Attacks and vector behavior including major source IP addresses.
  • an Attack history for the last 24 months.
  • threat specifics including all details of any Attacks that the protected services or sites have experienced in the past.

Communications and channels of support

Support tickets

Create support tickets by visiting https://support.fastly.com/ or sending email to support@fastly.com. Tickets for communication between Fastly support engineers and a Subscriber's personnel are tracked using a ticketing application, which maintains a time-stamped transcript of communications, and sends emails to Subscriber and Fastly staff as tickets are updated.

Phone support

Subscribers who also purchase Enterprise Support receive a dedicated phone number to contact Fastly support engineers. Fastly personnel can also establish audio and video conferencing (free app or browser plug-in required) for real-time voice and video communications.


To facilitate real-time communication, Subscribers receive a dedicated chat channel during Onboarding and, for Subscribers that also purchase Enterprise Support, for an Attack for real-time communications about WAF issues during Business Hours or as needed by Fastly personnel. Though subject to change, Fastly's current chat provider is Slack (www.slack.com).

Observational logging

Fastly may from time to time, including as part of initial onboarding and during any period where Subscriber purchases additional Fastly WAF Tuning Package or Fastly WAF Tuning Plus Package, collect and store a copy of logging information from the Fastly WAF (which will include IP addresses) to monitor ruleset behavior, including false positives, by establishing a logging endpoint in your service configuration which will securely collect logging information in a third-party storage provider. Subscriber instructs Fastly to access and use the logs exclusively for providing WAF services, providing support and performance management to Subscriber, monitoring or maintaining Subscriber’s Services and the Fastly WAF, threat detection and in accordance with the Documentation. Logged data will be deleted on a rolling basis and in any event retained no longer than thirty (30) days unless otherwise agreed by Subscriber.

Security products note

No security product, such as a WAF or DDoS mitigation product, including those security services offered by Fastly, will detect or prevent all possible attacks or threats. As a subscriber, you should maintain appropriate security controls on all web applications and origins. The use of Fastly's security products do not relieve you of this obligation. As a subscriber, you should test and validate the effectiveness of Fastly's security services to the extent possible prior to deploying these services in production, continuously monitor their performance, and adjust these services as appropriate to address changes in your web applications, origin services, and configurations of the other aspects of your Fastly services.
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.