Resource Center
Pulse Virtual Web Application Firewall Network Deployment Options
Deployment Guide

Pulse Secure Virtual Web Application Firewall (vWAF) supports a full range of deployment options enabling you to choose the best fit for your architecture and application risk profile. Pulse Secure vWAF can be deployed as a virtual appliance, on a web server, or as a physical appliance in a customer data center or cloud provider—or even as an integrated package with Pulse Secure Virtual Traffic Manager (vTM) for enhanced security and control of complex applications.

In addition, Pulse Secure vWAF is also available as a stand-alone solution, designed to be used with existing load- balancers and ADCs, and is particularly suitable for cloud deployment to add application-level security to a cloud application without changing the application architecture.

Pulse Secure Virtual Web Application Firewall Deployment Options

A range of deployment options is available to suit any kind of IT environment:
  • Pulse Secure vWAF with Pulse Secure vTM: Pulse vWAF is included with the “Enterprise Edition” of Pulse Secure vTM (software or virtual appliance), and allows the Pulse Secure vTM to enforce application-level security to traffic.
  • Pulse Secure vWAF Web server plug-in: For maximum scalability in global applications, the Pulse Secure vWAF can be implemented as Web server plug-ins providing a fully distributed architecture with complete flexibility.
  • Pulse Secure vWAF proxy solution: This stand-alone solution is available as either a software or virtual appliance, and is typically deployed alongside an existing ADC or load balancer device. The existing ADC routes traffic via Pulse Secure vWAF in order to apply deep application-level security.

Deploying Pulse Secure vWAF with Pulse Secure vTM

Pulse Secure vWAF for Pulse Secure vTM is included with the “Enterprise Edition” of Pulse Secure vTM. The network deployment options are same as Pulse Secure vTM network configurations as described in Chapter 2 of the vTM user guide (See Figure 1).

Figure 1: Pulse Secure vWAF deployed as an add-on module for the Pulse Secure vTM.

Deploying Pulse Secure vWAF Web-Server Plug-In

The fully distributed version of Pulse Secure vWAF is installed as a Web server plug-in and is therefore very simple to deploy from a network perspective. For more details on installation and deployment, please refer to the support and documentation pages of the vWAF user guide (See Figure 2).

Figure 2: Pulse Secure vWAF plug-in modules deployed on the Web server.

Deploying Pulse Secure vWAF stand-alone Solutions

The Pulse Secure vWAF stand-alone software solution is deployed as a stand-alone proxy device either sandwiched within an existing ADC deployment (much like a firewall or other proxy device) or in front of a single Web server.


The range of Pulse Secure Web Application Firewall platforms and deployment options make it possible to apply vWAF optimizations to almost any Web-based application:
  • Pulse Secure vWAF may be added to an existing Pulse Secure vTM ADC
  • Pulse Secure vWAF web-server plugins may be deployed for maximum scalability in global applications
  • Pulse Secure vWAF solutions may be deployed to augment an existing load-balanced or singleserver environment
Pulse Secure vWAF platforms support multiple network topologies and can be provisioned as both software and a packaged virtual appliance, making it easy to accelerate existing enterprise or online applications and free development teams from the burden of content optimization and testing.
Download Entire Document PDF