This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TCarrigan
Employee
Employee
4 weeks ago

Load Balancing now available in Check Point WAF

Now available in the Check Point WAF is the ability to operate as a reverse proxy with built in load balancing.

Protect Internal Services

WAFs traditionally focused on public facing applications. Internal APIs, admin panels, and service to service traffic typically lived behind a load balancer with little application layer inspection.

With reverse proxy behavior, Check Point WAF can front those services directly and route traffic internally. That means you can put real application security in front of partner integrations, private APIs, and internal platforms where attackers often move after initial access.

The WAF understands application context

When a WAF sits behind a load balancer, it sees a modified version of the request. TLS termination and routing have already happened, which reduces detection quality and can increase false positives.

As the reverse proxy, the WAF sees the original request and knows which backend service is being targeted. Decisions can be based on behavior instead of just payload indicators.

Practically, this means we are even better at detecting malicious traffic while allowing business critical traffic to flow, and if you’ve seen our most recent testing,  that’s really saying something.

Security becomes part of availability

Security controls have historically been kept out of the critical path because teams fear outages.

Now Check Point WAF can health check upstream services and stop sending traffic to a failing node. During an attack or service instability, it can route around a problem while still filtering malicious traffic.

Security is no longer just a gate. It actively helps keep the application online.

Simpler incident response

Modern application stacks often include a CDN, load balancer, API gateway, and WAF owned by different teams. During an incident, response becomes coordination.

With routing and protection in one control point, teams can rate limit, block, or isolate a backend from a single place instead of opening multiple emergency tickets.

Better handling of real world attacks

Attackers rarely target the entire site. They target a login endpoint, a specific API, or one fragile microservice.

Because Check Point WAF now controls routing, it can rate limit individual paths, quarantine a targeted backend, or prevent cascading failures across services. The WAF becomes an active runtime control instead of a passive inspection layer.

Getting started

To use load balancing through the WAF, you need an existing Check Point WAF asset configured in reverse proxy mode, and your backend applications must be reachable from the WAF.

The WAF becomes the front door to the application, not just a checkpoint beside it.

What’s actually new

This release is not about making the WAF faster.

It is about changing its role.

Previously the WAF watched traffic and reported problems.

Now it can actively influence how the application behaves during an attack or failure. We are not just filtering bad requests anymore. We are helping keep the application running while we do it.

(1)
1 Reply
the_rock
MVP Diamond
MVP Diamond
4 weeks ago

Amazing.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events