WAF 3.6 release packs some serious punch when it comes to precision targeting, monitoring capabilities, and operational stability. Let’s dive into what makes this release special and how these enhancements can benefit your security posture.
Client-ID-Based Blocking: Precision That Matters
Traditionally, WAFs rely on source IPs to block malicious traffic. But what happens when both attackers and legitimate users share the same public IP (like in NAT or CDN scenarios)? Blocking the entire IP could take down good traffic, leading to frustrating false positives.
WAF 3.6 introduces Client-ID-Based Blocking, a smarter way to handle malicious traffic: The WAF generates a unique Client ID and embeds it in the Set-Cookie header; For HTTP Flood attacks and scanner protection, blocking can now be applied at the Client ID level instead of the entire IP; A site-specific Client ID blacklist records blocked sessions for better tracking. It brings fewer false positives and better accuracy, while maintaining security.
SNMP Monitoring for TPS & CPS: Real-Time Visibility for Proactive Security
Many security teams rely on external monitoring tools to track WAF performance. But without native SNMP support, getting real-time metrics like Transactions Per Second (TPS) and Connections Per Second (CPS) was tricky.
WAF 3.6 now supports SNMP-based monitoring, allowing real-time tracking of TPS & CPS passing through the WAF and seamless integration with third-party monitoring platforms, which leads to better performance insights and easier performance management.
Virtual Instance Management: Configuration Lockdown Instead of Restarts on LMS Disconnection
In previous versions, if a vWAF lost connection to the License Management Server (LMS) for over 30 days, it would automatically restart—potentially disrupting live traffic. That made a possible problem: unnecessary restarts causing downtime.
WAF 3.6 replaces forced restarts with a smarter lockdown approach. If LMS disconnection lasts >30 days, the vWAF locks the configuration (no restart); Once reconnected, the configuration automatically unlocks; If the vWAF restarts within the 30-day window, the timer continues from the last lock; If restarted after 30 days, an 8-hour grace period allows reconnection before locking again. As a result, configurations stay intact until LMS is back, and you can avoid unnecessary service interruptions.
With Client-ID-Based Blocking, SNMP Monitoring, and Enhanced vWAF Management, WAF 3.6 brings precision, visibility, and reliability to your security setup. For more details, reach out to Hillstone Networks representative.
