Installation: Getting started

Next-Gen WAF supports multiple installation methods. You can use Fastly’s Edge Cloud Platform, hosted Cloud WAF solution, or you can deploy directly onto your hosting environment via traditional module-agent process. Next-Gen WAF supports traditional, virtual machine (VM)-based architectures as well as modern container-based ones. Integrations with several Platforms-as-a-Service (PaaS) are also available. Below are all the installation options available to get Next-Gen WAF up and running.

Edge deployment

You can deploy Next-Gen WAF on Fastly's Edge Cloud Platform by adding it to new or existing Fastly services. Deploying on Fastly's Edge Cloud Platform doesn't require you to install or modify anything on your own hosting environment.

Cloud WAF deployment

Our Cloud WAF solution allows you to deploy Next-Gen WAF without requiring you to install the Signal Sciences agent and module directly onto your environment.

Module-agent deployment

Next-Gen WAF can also be deployed directly onto your hosting environment. In the module-agent topology, modules are installed on your reverse proxy or load balancer (e.g., Apache, NGINX, and HAProxy) to extend the request handling logic and communicate with the agent for subsequent advice. Another less common but technically viable approach is to deploy our software at the application layer. Check out our About module-agent deployment guide.

Containers and Kubernetes

Next-Gen WAF supports multiple deployment patterns in Kubernetes. You will likely have to customize configurations for Next-Gen WAF to work in your own Kubernetes app. The documentation provides several Kubernetes deployment examples, using the Docker sidecar container pattern.

Learn how to install in Kubernetes

Agent-only deployment

If you want to deploy the WAF directly on the web servers in your infrastructure but do not want to install the optional module component, you can use one of our agent-only deployment options. With an agent-only deployment, the agent performs the role of both the module and agent components.

PaaS deployment

The Signal Sciences agent can be deployed by Platform as a Service (PaaS). We worked with multiple vendors to integrate our technologies directly into their platforms to simplify deployment.

View PaaS platforms

Embedded service deployment with A10 Networks

The Next-Gen WAF can be deployed as an embedded service with A10 Networks on select A10 Thunder and vThunder application delivery controller (ADC) form factors. To learn more about the A10 ADC Next-Gen WAF deployment, contact your Fastly account manager or email our Sales team.

NOTE

This deployment option requires an A10 feature license for activation.

Fastly services interoperate with non-Fastly services only when you configure them that way. We do not provide direct support for non-Fastly services. Software or services that enable integration with non-Fastly services (such as plug-ins, extensions, and add-ons) are available under their own terms. Read Fastly's Terms of Service for more information.

Agent and module release notifications

You can subscribe to release notifications through our corp integrations. The releaseCreated integration event will trigger the integration to notify you when a new agent or module version is available.

What's next

Once Next-Gen WAF is installed, there are no rules or signatures to configure to get immediate visibility and protection against common attack types.

Now that you have Next-Gen WAF installed, learn how to use it.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.