.. contents:: Table of Contents
Summary
################################
Use this tutorial and the provided sample policies with the Policy Supervisor <https://policysupervisor.io/>
_ (PS) project to convert WAF policies between different WAF platforms. There are two distinct workflows for doing the conversions:
Standard Policy Supervisor Workflow: authenticate with Policy Supervisor <https://policysupervisor.io/>
_ using Azure Active Directory, and then create a new "Policy" object from either a File Import or by setting up and connecting to a WAF "Provider". This saved policy can then be converted, deployed, and attached to one or more WAF providers to protect endpoints / applications.
Direct Conversion Utility: use the Conversion Utility <https://policysupervisor.io/convert>
_ to quickly perform a direct conversion of a policy from a source WAF format to a target WAF format. Because this approach does not require authentication, your converted Policies are not saved and must be downloaded & deployed/applied manually.
For more information and detailed "Getting Started Guide" please refer to the
Policy Supervisor User Guide <./guide/README.MD>
_
Supported WAF Solutions #####################################
The following use-cases involving F5 WAF solutions are currently supported by Policy Supervisor:
Policy Import From File:
Using Policy Supervisor standard workflow or the direct conversion utility you can quickly import and convert a WAF policy file from the following F5 WAF solutions:
Policy Ingest From Provider:
The standard workload within Policy Supervisor supports connecting to and ingesting the following policies:
Policy Deploy (and Attach) to Provider (automatic):
The standard workload within Policy Supervisor supports connecting to and deploying Policies as well as attaching them to applications for immediate protection for the following solutions (and features):
*F5 Distributed Cloud Services* <https://f5.com/waap>
_ (XC): WAF, Bot, DoS
BIG-IP Advanced WAF versions v16.1., v17.*: WAF, Bot, DoS
NGINX App Protect WAF releases R27, R28, and R29: WAF
Policy Export to File(s):
Using Policy Supervisor standard workflow or the direct conversion utility you can quickly convert & export a WAF policy file to the following F5 WAF solutions:
*F5 Distributed Cloud Services* <https://f5.com/waap>
_: WAFWorkstreams ################################
Policy Supervisor project simplifies the conversion and management of policies across multiple WAF solutions. It provides a web-based framework for connecting to and ingesting policies from user-configured Providers, as well as deployment and attachment of Policies to Providers. A standalone direct conversion utility is also provided to simplify conversions between different file formats.
.. figure:: ./assets/00-marketecture.png
Policy Supervisor <https://policysupervisor.io/>
_AWAF </big-ip-awaf>
or NAP </nginx-app-protect-waf>
TIP: Create Providers (BIG-IP, NGINX, or F5 Distributed Cloud) to automate the ingestion of WAF policies, and deployment / attachment of policies to the apps serviced by the Provider.
AWAF </big-ip-awaf>
or NAP </nginx-app-protect-waf>
Conversion Utility <https://policysupervisor.io/convert>
_ and select the source Provider Type (AWAF or NGINX App Protect), and upload your exported policy filePolicy Supervisor is API-first by design. You can retrieve the OpenAPI Spec or use the Swagger UI to make API calls on the /docs/ page <https://policysupervisor.io/docs/>
_. If using the Swagger UI to perform PS functions, be sure to set the X-Workspace-Key value in the 'Authorize' dialog. This ensures commands are ran against the intended workspace.
Rinse and Repeat!
For Any issues or problems with the conversion or either one of the Workstreams, go ahead and raise an issue <https://github.com/f5devcentral/ps-convert/issues/new>
_. You can also connect with our team for questions or enhancements by contacting the following email alias: policysupervisor[AT]f5.com. Please allow a couple of days for a reply and follow up on your issue.