This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alex6
Participant
‎2025-01-23 11:53 PM
Jump to solution

Timeout Error 504 only with CloudGuard WAF

Hello,

We are using the SaaS version of the WAF. We have deployed an asset of type AppSec SaaS Profile to protect a web server that is also hosted in SaaS. Most of query are ok with the WAF but for a slightly long connection request to this server (around 60 seconds), the WAF returns a 504 error.

timeout_waf.gif

Every other access to web page or query is working with the WAF. Only this query with long processing time or response time.

We tested a direct connection, bypassing the WAF, and indeed the request takes time but completes successfully without errors.

We re-enabled the WAF and modified the timeout parameters as follows, but the issue persists. We are still receiving a 504 error:

waf_seeting.JPG

Do you have any idea how to resolve this issue? Without the WAF, everything works fine with direct connexion to the web server.
Is there a way to have detailed logs?

0 Kudos
2 Solutions

Accepted Solutions
yuvalmamka
Employee Alumnus
Employee Alumnus
‎2025-01-26 03:45 AM
Jump to solution

Hi Alex,

Thank you for your detailed description. The issue you’re experiencing is indeed related to a timeout within the WAF. CloudGuard WAF operates on an NGINX reverse proxy, and such issues typically occur when the processing time exceeds the default 60-second configuration of NGINX. You’ve correctly extended this timeout through the asset’s advanced settings.

For WAF as a Service, there’s an additional CloudFront layer before the WAF layer, which also requires a timeout increase. Currently, the only way to adjust this is by contacting Check Point support. However, we’re working on making this feature available through the asset’s advanced settings, so you’ll soon be able to manage it independently.

View solution in original post

0 Kudos
yuvalmamka
Employee Alumnus
Employee Alumnus
‎2025-02-04 01:51 AM
In response to yuvalmamka
Jump to solution

I'm happy to share that starting this week, you can increase the timeout for your assets secured by CloudGuard WAF as a Service on your own!

Check our documentation for further details: How To: Extend Connection Timeout to Upstream | CloudGuard WAF

View solution in original post

0 Kudos
2 Replies
yuvalmamka
Employee Alumnus
Employee Alumnus
‎2025-01-26 03:45 AM
Jump to solution

Hi Alex,

Thank you for your detailed description. The issue you’re experiencing is indeed related to a timeout within the WAF. CloudGuard WAF operates on an NGINX reverse proxy, and such issues typically occur when the processing time exceeds the default 60-second configuration of NGINX. You’ve correctly extended this timeout through the asset’s advanced settings.

For WAF as a Service, there’s an additional CloudFront layer before the WAF layer, which also requires a timeout increase. Currently, the only way to adjust this is by contacting Check Point support. However, we’re working on making this feature available through the asset’s advanced settings, so you’ll soon be able to manage it independently.

0 Kudos
yuvalmamka
Employee Alumnus
Employee Alumnus
‎2025-02-04 01:51 AM
In response to yuvalmamka
Jump to solution

I'm happy to share that starting this week, you can increase the timeout for your assets secured by CloudGuard WAF as a Service on your own!

Check our documentation for further details: How To: Extend Connection Timeout to Upstream | CloudGuard WAF

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events