The WAF subsystem uses a significant amount of system resources. When enabling WAF, you should avoid overconsuming system resources that are needed for load balancing Virtual Services. When WAF starts to consume resources at a level that impacts overall system performance, one or more of these symptoms can be observed:

  • High CPU utilization
  • High memory utilization
  • InterProcess Communication (IPC) issues between Layer 7 and WAF processes
  • Decreased Virtual Service throughput
  • Increased Virtual Service latency

There are essentially two ways of dealing with these issues:

  • Disable WAF completely on one or more Virtual Services.
  • Tailor the applied rulesets used on each Virtual Service to reduce the rules applied to the minimum necessary for secure operation.

The best practice for WAF rulesets is to avoid a blanket application of a ruleset and instead, enable only those rules in the ruleset that are specifically required for your application.

To this end, Progress has carried out significant work and testing to build a bespoke set of custom WAF rules specifically to work with MOVEit Transfer. These pre-made custom rules are included with MOVEit WAF by default and are tailored to provide the best performance and experience with MOVEit Transfer.