Airlock Gateway (WAF Core)Airlock WAF

The Airlock Web Application Firewall offers a unique combination of protective mechanisms for web applications. Whether your objective is PCI DSS compliance, security for online banking or protection for eCommerce: Airlock WAF will upgrade security for your Internet applications — a permanent solution with a host of well thought-out functionalities.

The Airlock WAF core is the corner stone of the Airlock Suite. It provides all functionality you would expect from a solid WAF solution. However, this is just the beginning. Turn it into a Web access management solution with central upstream authentication by using the Airlock Login or Airlock IAM. Add further the Application Portal Module and it becomes the center piece for integrating all your internal web applications. Add the SSL VPN Service Module, the Kerberos Client and the Secure Session Transfer Module to build a separate remote access Intranet portal for your employees. Build a secure partner portal in order to enable remote access to selected applications to your business partners.

Use the SOAP/XML Validator Module separately in order to integrate external SOA web services in a secure way. Increase your security further by storing your key material in a HSM module. Plug in external security software for additional security checks, e.g. virus check for data transfers. Session recording and integration with Splunk services is also supported.

Do you need a simple failover setup or a farm based high availability setup? Do you need to support BCP and testing environments? Have a look at the reduced license pricing model with makes it interesting also for many more use cases and environments.

Do you offer cloud based solutions? Then it is ideal for enhancing the security of your cloud services – or it can be offered independently as external cloud based security service.

The Airlock WAF core is the ideal base for building security gateways for your perimeter boundary – on premise or as cloud service.

Thanks to Airlock WAF, businesses can exploit the potential of the Internet without jeopardizing the security and availability of their web applications and services. Each access is systematically monitored and filtered at every level. Used in conjunction with an authentication solution such as Airlock Login or IAM, Airlock WAF can force upstream user authentication and authorization. This allows a uniform, central single sign-on infrastructure. All important information is also made available via monitoring and reporting functions. Airlock WAF is the only web application security solution on the market that provides superlative end-to-end protection for complex web environments.

Reverse Proxy and Web Application Firewall

Airlock WAF offers a unique protection mechanism by operating as a combined secure reverse proxy server and web application firewall. All access attempts are systematically controlled and filtered.

Improved availability and performance

Web applications and web services deal only with authorized users and valid data traffic. High availability is guaranteed through load balancing and failover functions.

Control via a central access point

Airlock WAF is a central point of control for web access, avoiding anonymous interactions with applications that have user authentication. Airlock covers every layer reducing costs and dependencies.

SIEM integration

The Airlock Operations app for Splunk® Enterprise makes aggregated management reports available on security issues and application usage. Network administrators can use various dashboards to investigate security-critical events so application and performance problems are rapidly resolved.

Shorter time to market thanks to virtual patching

Secure now, fix later – that’s virtual patching in a nutshell. Airlock WAF’s reverse proxy approach makes it very easy to virtualize servers and services. Virtual import of patches is also possible. The benefit: security-relevant weaknesses are quickly remedied.

Simple operating

Airlock is a linux-based software appliance with a hardened operating system. It runs on the common hardware platforms, in virtual machines and in the cloud.

Details Airlock WAF

Main Features:

  • Secure reverse proxy
  • Central security hub/checkpoint
  • Filtering
  • Dynamic whitelisting
  • High availability and performance
  • Efficient management
  • Modern Web interface
  • Unrivaled flexibility through graphical mappings between domain, proxy and backup setups
  • Role-based administration
  • Versioning and rollback
  • Stagging support for DevOps scenarios
  • Fine granular configuration import/export
  • Real-time regex tester
  • Central certificate management
  • Zero downtime updates
  • Extensive logging/reporting
  • Machine learning
  • Modularity for additional features
  • etc.
Effective against most common types of attack

  • Injections
  • Cross-site Scripting (XSS)
  • Session takeover
  • Cross-site request forgery
  • Forceful browsing
  • Cookie tampering
  • Path traversal
  • DDoS protection
  • etc.

Airlock specialties

  • Easy URl encryption
  • HTML form field protection
  • HTML parameter protection
  • Cookie store
  • Session cookie mapping, encryption, etc.
  • DyVE for protecting JSON data
  • Preconfigured black list
  • etc.
  • Airlock WAF is a software appliance – performance and capacity is adjusted by installing it on appropriately powerful hardware
  • Supported CPU: x86 bare metal – or related virtual machines (VMWare is officially supported).
  • Airlock WAF as Docker host: If you want to use Airlock WAF as Docker host in e.g. a dev/test environment or Dev/Ops pipeline, then you need support for nested virtualization (VT-X and AMD-V on bare metal, and a virtual machine capable to support nested virtualization).
  • WAF Core software requirements: None, it comes with its own OS. However, it should be operated in an appropriate environment
  • Modular approach: Add security functionality with extension modules
  • Flexible licensing model

License Details Airlock WAF

There are no bandwidth or domain limitations! The WAF license is bound to the number of backend applications and the number of modules or plugins which are activated.


License Part 1 (WAF Core)

WAF core part of the license: Bound to the max. number of backend applications which are to be protected. The license can be upgraded easily without changing the installation base.

A standalone installation without further modules or plugins will base on this license.


License Part 2 (Authentication Enforcement Module)

Second part of the WAF license in case of authentication enforcement is used with the Airlock Login: Additional license fee tied to the number of concurrent sessions. This license is only required if authenticated sessions are managed on the Airlock WAF, i.e. if the AE Module (Authentication Enforcement) is activated when the Login module is used.

The AE module supports various backend directories like LDAP, Radius, Active Directory, ACE-SecurID, JDBC-DBs, File-DB and is flexible through additional plugins. The AE Module can be used with existing login services (from third parties) or with the standard Airlock Login component.

This Authentication Enforcement license is not required in case of public applications (because there are no authenticated users) or if the application is managing authentication and access control on its own without using this Airlock functionality.

Please use below contact form for any questions, comments or product inquiries.


This page contains copyright material from ©Ergon Informatik AG. Other products or trademarks mentioned are the property of their respective owners.