This depends on scenario and use case requirements.
For the web application scenario, Airlock WAF is normally placed upstream in front of these applications – which usually are placed in an inbound DMZ dedicated for web applications.
Building such a DMZ depends on the customer preferences. However, all traffic to the web applications should be routed through the Airlock WAF.
The Airlock WAF is a hardened security device, however, it still is recommended to place it behind a network firewall and open only the few ports which are required to access the WAF.
The Airlock Login can be implemented on the WAF itself (via Tomcat or by using the WAF as Docker host) or on an application server behind the WAF.
A scenario with a cloud based Airlock would look slightly different in requirements and setup. An important consideration is the use of https or other VPN tunnel solutions for integrating securely the downstream backend application servers to such a cloud based service.
2016/02/05, last update 2018/07/10 ©ACROSEC Inc.
← Where to place the Airlock components?