NetFire Cloud WAF (Web Application Firewall) is part of the NetFire Cloud Networking suite and runs on our high-performance cloud compute tiers. It delivers consistent performance, predictable pricing, and seamless integration across your cloud infrastructure.

The service is built for horizontal scalability and optimized for high-performance Layer 7 traffic inspection. It runs on our Frequency-Optimized Compute tier, powered by AMD EPYC™ 4584PX or better. This platform is ideal for low-latency, packet-heavy workloads. For vertically scaled applications or high concurrency requirements, it can also be deployed on our Thread-Optimized Compute tier, which provides greater CPU thread density per instance.

NetFire Cloud WAF defends against injection attacks, credential stuffing, bot abuse, and other Layer 7 threats. It can operate as a standalone firewall or alongside our NetFire Cloud NGFW for complete traffic protection.

---

Feature	Details
REST API	Initial version with core WAF control capabilities
Reverse Proxying	Flexible reverse proxy for multi-app environments
Load-Balancing	Supports horizontally distributed traffic processing
HTTPS Termination	Handles TLS encryption/decryption at the WAF edge
WAF Engine	Powered by ModSecurity v3 (libmodsecurity) supporting: Rules targeting method, content, and headers Reusable policies grouped by app type (e.g., WordPress) Scoping by global, domain, or URL path Full-spectrum logging: from IP-only to request/response body Includes OWASP CRS (toggleable) Custom rule and policy upload
High Availability	Redundant failover and load distribution across multiple nodes

Beta Subscription Features

Feature	Description
Metrics	Performance insights for request handling and processing load
REST API v2	Token-based auth, bulk ops, enhanced management endpoints
Link Shortener	Integrated short URL service, managed via API
API-Based Rule Management	Programmatic creation and editing of policies and rules
SSHTUI	Terminal UI that replicates REST functionality for CLI workflows

---

NetFire Cloud WAF is designed for high availability and seamless horizontal scaling. Deployments can be clustered to intelligently distribute traffic across multiple nodes, supporting redundancy, performance, and operational flexibility.

Highly Available by Design

• Automatically balances inspection traffic across all active WAF nodes
• Redundancy ensures continued protection in the event of a node failure
• Each instance contributes to the overall workload to avoid bottlenecks

Scalable Architecture

• Start with two WAF instances for resilient baseline coverage
• Add nodes to support increased inspection capacity and additional protected sites
• Traffic routing and node coordination scale without the need to re-architect

Flexible Deployment

• Deploy nodes individually or in a coordinated cluster with centralized entry points
• Seamlessly integrates with NetFire’s networking and application layer services
• Ideal for phased migrations, multi-app environments, or dynamic workloads

With NetFire Cloud WAF, your defenses scale alongside your applications—without compromise, without complexity.

---

NetFire Cloud WAF shares machine families with NetFire Public Cloud. Choose your deployment tier based on your application’s performance profile.

NetFire Cloud WAF is deployable on these Machine Families.

Machine Family	Silicon	Ideal For
Thread-Optimized	AMD EPYC™ 7763 or better	High-traffic applications that require vertical scaling, including game servers, media streaming, and analytics workloads.
Frequency-Optimized	AMD EPYC™ 4584PX or better	Low to medium traffic or horizontally scalable applications, optimized for ultra-fast rule processing, regex evaluation, and single-thread performance.

---

Both the Frequency-Optimized and Thread-Optimized machine family tiers support a broad range of private networking speeds, making them flexible for any modern workloads.

Machine Family Tier	1 Gbps	10 Gbps	25 Gbps	50 Gbps	100 Gbps
Frequency-Optimized	✔	✔	✔	✔	✘
Thread-Optimized	✔	✔	✔	✔	✔

Learn more about our VM Networking options on NetFire Cloud.

---

WAF Instance Tier	Monthly Price
Frequency-Optimized Instance	$2,900
Thread-Optimized Instance	$4,800
Subsequent Instance(s)	15% savings

Pricing applies to both Primary WAF or Load Balancer roles. Choose your machine family based on workload characteristics and performance objectives.

Additional Services

Service	Scope	Rate
ModSecurity Consulting	Custom rule or policy creation	$180.00/hr (billed at Systems Administrator rate)