https://community.checkpoint.com/t5/WAF/WAF-Validates-JWT-Tokens-Configuration-4-Attack-Scenarios/m-p/276257#M402 <P>Learn how Check Point CloudGuard WAF enforces JWT authentication at the edge , blocking forged, expired, and unauthenticated API requests before they ever reach your backend.</P> <P>In this video, we cover:</P> <UL> <LI>How CloudGuard WAF performs existence, expiration, and signature verification</LI> <LI>Step-by-step configuration in the Check Point Infinity Portal</LI> <LI>Live demo against 4 attack scenarios: – No token (existence check)</LI> <LI>Expired token (5-minute clock-skew tolerance)</LI> <LI>Token signed with the wrong RSA key (signature verification)</LI> <LI>Valid token (happy path)</LI> <LI>How blocked requests appear in the Events log</LI> </UL> <P><span class="lia-unicode-emoji" title=":link:">🔗</span> Useful Links CloudGuard WAF Authentication Enforcement docs: <A href="https://waf-doc.inext.checkpoint.com/additional-security-engines/api-protection/authentication-enforcement" target="_blank" rel="noopener">https://waf-doc.inext.checkpoint.com/additional-security-engines/api-protection/authentication-enforcement</A></P> <P><FONT size="4"><SPAN><div class="video-embed-center video-embed"><iframe class="embedly-embed" src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FHBmoJWkcghc%3Ffeature%3Doembed&amp;display_name=YouTube&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DHBmoJWkcghc&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FHBmoJWkcghc%2Fhqdefault.jpg&amp;type=text%2Fhtml&amp;schema=youtube" width="600" height="337" scrolling="no" title="How Check Point CloudGuard WAF Validates JWT Tokens (Configuration + 4 Attack Scenarios)" frameborder="0" allow="autoplay; fullscreen; encrypted-media; picture-in-picture;" allowfullscreen="true"></iframe></div></SPAN></FONT></P> Wed, 29 Apr 2026 12:11:15 GMT Shay_Levin 2026-04-29T12:11:15Z https://community.checkpoint.com/t5/WAF/WAF-Validates-JWT-Tokens-Configuration-4-Attack-Scenarios/m-p/276257#M402 <P>Learn how Check Point CloudGuard WAF enforces JWT authentication at the edge , blocking forged, expired, and unauthenticated API requests before they ever reach your backend.</P> <P>In this video, we cover:</P> <UL> <LI>How CloudGuard WAF performs existence, expiration, and signature verification</LI> <LI>Step-by-step configuration in the Check Point Infinity Portal</LI> <LI>Live demo against 4 attack scenarios: – No token (existence check)</LI> <LI>Expired token (5-minute clock-skew tolerance)</LI> <LI>Token signed with the wrong RSA key (signature verification)</LI> <LI>Valid token (happy path)</LI> <LI>How blocked requests appear in the Events log</LI> </UL> <P><span class="lia-unicode-emoji" title=":link:">🔗</span> Useful Links CloudGuard WAF Authentication Enforcement docs: <A href="https://waf-doc.inext.checkpoint.com/additional-security-engines/api-protection/authentication-enforcement" target="_blank" rel="noopener">https://waf-doc.inext.checkpoint.com/additional-security-engines/api-protection/authentication-enforcement</A></P> <P><FONT size="4"><SPAN><div class="video-embed-center video-embed"><iframe class="embedly-embed" src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FHBmoJWkcghc%3Ffeature%3Doembed&amp;display_name=YouTube&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DHBmoJWkcghc&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FHBmoJWkcghc%2Fhqdefault.jpg&amp;type=text%2Fhtml&amp;schema=youtube" width="600" height="337" scrolling="no" title="How Check Point CloudGuard WAF Validates JWT Tokens (Configuration + 4 Attack Scenarios)" frameborder="0" allow="autoplay; fullscreen; encrypted-media; picture-in-picture;" allowfullscreen="true"></iframe></div></SPAN></FONT></P> Wed, 29 Apr 2026 12:11:15 GMT https://community.checkpoint.com/t5/WAF/WAF-Validates-JWT-Tokens-Configuration-4-Attack-Scenarios/m-p/276257#M402 Shay_Levin 2026-04-29T12:11:15Z