WAF related questions and Compliance

Ashu_clouddev 101 Reputation points
2020-06-23T11:48:16.403+00:00

Hi,

My questions on Azure WAF support on below -

1) Does WAF support TACACS, SAML, AAD, LDAP , Kerberos, RADIUS ?
2) Compliance GDPR, Sarbanes-Oxley, HIPAA, PCI-DSS, SOC2
3) Is there any to test WAF with in the Azure with all the imposed rules such OWASP. Third party tools such as Burpsuite can be used but want to check if there are any internal solutions
4) NGE encryption, cipher suites, DH groups, hashing,  SHA-2, AES,x.509 certificates
5) Does it support connection pooling
6) Ability to install signatures
7) Ability to configure/enforce IETF

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
956 questions
Azure Content Delivery Network
Azure Web Application Firewall
Accepted answer
  1. Malleswara Reddy, G 1,631 Reputation points
    2020-07-08T04:59:54.187+00:00

    Hi,

    Please find my answers below -

    1) Does WAF support TACACS, SAML, AAD, LDAP , Kerberos, RADIUS ?
    AFAIK, SAML is not yet supported by Azure WAF and the rest are regular Firewall /Appliance Firewall based requirement. If you are particular about them, Have look at Cloudflare or Barracuda.

    2) Compliance GDPR, Sarbanes-Oxley, HIPAA, PCI-DSS, SOC2
    Not all, GDPR, PCI-DSS and HIPPA --- Please take a look on this document -- https://azure.microsoft.com/en-us/resources/microsoft-azure-compliance-offerings/

    3) Is there any to test WAF with in the Azure with all the imposed rules such OWASP. Third party tools such as Burpsuite can be used but want to check if there are any internal solutions
    Not sure about this, plz post it as different question

    4) NGE encryption, cipher suites, DH groups, hashing, SHA-2, AES,x.509 certificates
    There are limitations on this. But there is a provision through keyvault. -- This explains - https://learn.microsoft.com/en-us/azure/application-gateway/key-vault-certs

    5) Does it support connection pooling
    Yes, if you are talking about back end pooling

    6) Ability to install signatures
    Same as 4th answer

    7) Ability to configure/enforce IETF
    This is big subject, usually, WAF enforces the same which is app following. But you need to checkpoint to point of rules.

    3 people found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. TravisCragg-MSFT 5,676 Reputation points Microsoft Employee
    2020-07-07T02:11:34.333+00:00

    Azure WAF is currently an add-on to existing Azure services like Application Gateway, Front Door, and CDN. The answer to your question might be different depending upon what service you are trying to use it for. Can you give some more information about your scenario?

    Azure WAF typically only handles a portion of your question. For example. Application Gateway allows you to create a custom TLS policy that lets you specify what ciphers and minimum TLS version you use. Azure WAF is also typically only for HTTPS traffic, and will likely not support other protocols.

    1 person found this answer helpful.