Comparative Product Review: Six Web Application Firewalls


This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."

Download it now to read this article plus other related content.

Installation and Configuration
All the products we tested were 1Uor 2Urack-mounted de-vices built on hardened appli- ances. Our first step was to gauge the ease with which each product could be in-stalled and configured. Al-though each appliance sup- ported a variety of deployment configurations (bridge, router, inline, out-of-line), we set up each as a reverse proxy, except Breach Security's WebDefend, which is designed to operate in a non-linear environment.

Imperva and Breach were easiest to set up and configure. Thanks to their intuitive design and wizards, each took approximately an hour to get running.

Using the Site Manager through Breach's console, we could easily verify that the domains, IP addresses and ports were correct. It even identifies the type of server on which the application is hosted (e.g., IIS). Through the logical tree structure, it's easy to locate and add sites.

    Requires Free Membership to View

At the Core - Installation and Configuration
The good news Imperva and Breach are easiest to set up and configure, thanks to their intuitive design and wizards, though Imperva requires a little more manual intervention.

The bad news Barracuda is somewhat complex, and setup is time-consuming, requiring a lot of manual configuration.

Imperva required more manual intervention for the configuration of our servers, Web sites, services and applications. It presented a logical tree structure similar to that of Breach, but lacked the useful at-a-glance verification and instead spread the information among four different tabs. Nonetheless, these were minor points and we found it overall to be on a par with Breach in this category.

Bee Ware's initial installation was similar to our other test subjects, and the configuration wizard stepped us through assigning the basics such as host name, date and time, network interfaces and assigning the destination IP address for our target back-end server. The documentation showed some rough translation issues from the original French, but the configuration wizard led us through a fairly straightforward setup.

F5's Application Security Manager (ASM) is a part of its BIG-IP port-based multilayer switch built on F5's proprietary TMOS platform, which is designed for traffic management, acceleration and load balancing. After a fairly painless installation onto our network, the configuration required us to spend the better portion of a day understanding how the ASM module integrated with the other modules, such as the Local Traffic Manager.

This was first published in March 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: