Skip to content

How to Configure TR7 WAF for Picus Testing?

Interface

Picus Configuration

Step > 1

First, a new vService is created for Picus. To do this, follow "vService > Add" steps to open the new vService creation screen.

Step > 2

Enter the IP addresses and port numbers that should be handled by TR7. For port 80, set SSL to "None". For port 443, set SSL to "Terminate" and select the appropriate certificate.

Step > 3

Then, configure "Conditional Routing" so that requests arriving at port 80 of the vService are forwarded to port 80 of the Picus service, and requests to port 443 are forwarded to port 443 of the Picus service.

Step > 4

Click the "Details" button to enable "WAF", then click the "Save" button to create the vService.

Step > 5

Open the WAF Management screen for the corresponding vService. To do this, follow "Monitor Mode > Related vService > WAF Management". Click the pencil icon next to "OWASP Protection Level".

Step > 6

Set the Protection Level to "Aggressive" and enable "Sync with default WAF rules". Click the "Edit" button to save the changes, and finally set the "Default Host Group" "WAF Mode" to "Blocking".

This completes the configuration, and the vService is now ready for Picus testing. Attacks can now be initiated from the Picus platform.