WAF Support and SLA
Last updated 2019-12-12
As of June 30, 2021, the Fastly WAF (WAF 2020) offering became a legacy product. It will continue to be supported for all existing users. As alternatives, Signal Sciences Cloud WAF or Signal Sciences Next-Gen WAF both offer proactive monitoring of and protection against suspicious and anomalous web traffic directed at your applications and origin servers. Each can be controlled via the web interface dashboard or application programming interface (API). Contact email@example.com or your Fastly account team to evaluate or move to the Signal Sciences WAF options.
No security product, such as a WAF or DDoS mitigation product, including those security services offered by Fastly, will detect or prevent all possible attacks or threats. As a subscriber, you should maintain appropriate security controls on all web applications and origins. The use of Fastly's security products do not relieve you of this obligation. As a subscriber, you should test and validate the effectiveness of Fastly's security services to the extent possible prior to deploying these services in production, continuously monitor their performance, and adjust these services as appropriate to address changes in your web applications, origin services, and configurations of the other aspects of your Fastly services.
Fastly WAF Support
Fastly WAF Support offers the following resources to assist you with mitigating the service impacts of unwanted or malicious requests:
- Onboarding - We will work with you to enable the initial setup and then do limited monitoring of the designated services for Fastly WAF.
- Initial configuration and deployment support - We will actively work with you to select your rules to block Attacks.
- Ongoing Attack mitigation support - We will work directly with you to configure and activate existing WAF rule filters to deal with changing Attacks or new Attacks.
- New standard rules - We will assist you with the configuration of any new, standard rules introduced in the Fastly WAF.
- "Business Hours" are 8AM-6PM during a Business Day in California, New York, and London.
- "Business Days" are Monday through Friday, excluding any day that is a US national or UK banking holiday.
- An "Attack" is a request or requests intended to cause unwanted or error responses from origin sites configured for any Fastly service. Fastly captures and analyzes suspected or actual Attack traffic to improve and protect its services.
- "Fastly Control" means elements entirely under Fastly's control and not a consequence of (a) a Subscriber's hardware or software failures, (b) a Subscriber's or end user's connectivity issues, (c) Subscriber operator errors, (d) Subscriber traffic amounts that exceed a Subscriber's Permitted Utilization as defined in the Terms and Conditions, (e) corrupted Subscriber content, (f) acts of god (any) or war, or earthquakes, or terrorist actions.
Support channels and availability
The following table summarizes support channels and availability for Fastly WAF Support as determined by the support package purchased by a Subscriber:
|Support offering||Gold Support||Enterprise Support|
|Online self-service help||Unlimited access.||Unlimited access.|
|Availability for general inquiries||Business hours.||24/7/365.|
|Severity 1 incident report response||2 hours.||15 minutes.|
|Dedicated chat channel||Not available.||Business hours.|
|Web and email support||Available.||Available.|
|Phone support||Not available.||Toll-free telephone available 24/7/365.|
|Emergency escalation||Available via email.||Available via email and phone support.|
As part of onboarding a subscriber service, Fastly support will:
- enable designated services for WAF functionality, providing access to our rule and filter libraries.
- work directly with you to determine the right set of rules and filters for your service.
- publish those rules or filters into your service in logging mode.
- monitor the behavior of those rules for a designated period starting when the rules are published to the service.
Note that false positive triage will resolve instances where legitimate requests have triggered a WAF rule or filter and either remove the rule from the policy or, where possible, modify the rule or policy to address the legitimate request properly.
Subscribers must identify and maintain two points of contact to be used during an Attack to communicate status and issues and to coordinate with Fastly to successfully protect services. Subscribers are responsible for using and configuring CDN services according to the documentation available at https://docs.fastly.com.
Subscribers may make support requests by submitting a support ticket, which will trigger a system-generated acknowledgement within minutes containing the ticket number and a direct link to the ticket.
In particular, when requesting support related to an Attack, Subscribers should include as much of the following information as available:
- a determination of the severity of the Attack.
- the size of the Attack threatened or previously observed.
- the type and vector of Attack traffic seen or threatened.
- any duration of previous Attacks and vector behavior including major source IP addresses.
- an Attack history for the last 24 months.
- threat specifics including all details of any Attacks that the protected services or sites have experienced in the past.
Communications and channels of support
Create support tickets by sending an email to firstname.lastname@example.org. Tickets for communication between Fastly support engineers and a Subscriber's personnel are tracked using a ticketing application, which maintains a time-stamped transcript of communications, and sends emails to Subscriber and Fastly staff as tickets are updated.
Subscribers who also purchase Enterprise Support receive a dedicated phone number to contact Fastly support engineers. Fastly personnel can also establish audio and video conferencing (free app or browser plug-in required) for real-time voice and video communications.
To facilitate real-time communication, Subscribers receive a dedicated chat channel during Onboarding and, for Subscribers that also purchase Enterprise Support, for an Attack for real-time communications about WAF issues during Business Hours or as needed by Fastly personnel. Though subject to change, Fastly's current chat provider is Slack (www.slack.com).
Fastly may from time to time, including as part of initial onboarding and during any period where Subscriber purchases additional Fastly WAF Tuning Package or Fastly WAF Tuning Plus Package, collect and store a copy of logging information from the Fastly WAF (which will include IP addresses) to monitor ruleset behavior, including false positives, by establishing a logging endpoint in your service configuration which will securely collect logging information in a third-party storage provider. Subscriber instructs Fastly to access and use the logs exclusively for providing WAF services, providing support and performance management to Subscriber, monitoring or maintaining Subscriber’s Services and the Fastly WAF, threat detection and in accordance with the Documentation. Logged data will be deleted on a rolling basis and in any event retained no longer than thirty (30) days unless otherwise agreed by Subscriber.