Fastly WAF (Legacy)

Fastly WAF (WAF Legacy and WAF 2020) End-of-Life

30 April 2023, 00:00 UTC
Security Fastly WAF (Legacy)
 
30 April 2023, 00:00 UTC

Fastly is announcing the end of life (EOL) schedule for our Fastly WAF (Legacy and WAF 2020). This will allow us to focus more of our resources on the replacement product, the Fastly Next-Gen WAF, which is an enhanced offering.

We’re looking forward to helping you transition to this product as soon as you are able.

  • The official EOL for the Fastly WAF is April 30th, 2023 at 00:00 UTC.

The product will continue to be supported until this date.

We’re happy to help you get you started with a proof-of-concept (POC) evaluation of our Next-Gen WAF so you can see how the two solutions compare. To get started, contact us via email at waftransition@fastly.com.

 
01 May 2023, 15:08 UTC

For additional information and/or questions about End-of-Life efforts, please contact us via email at waftransition@fastly.com.

Impact to Fastly WAF Console

03 February 2023, 04:23 UTC
Security Fastly WAF (Legacy)
 
03 February 2023, 04:23 UTC
Customers with the Fastly WAF are unable to navigate to the WAF console for administration. Our engineering teams are currently investigating. 
 
03 February 2023, 05:01 UTC

This issue has been identified and a fix is being implemented. 

 
03 February 2023, 06:13 UTC

Fastly engineers have corrected an issue with navigating to Legacy WAF administration pages. Please note that Legacy WAF functionality, WAF API, and NGWAF services were not affected by this UI bug.

 
03 February 2023, 06:31 UTC

This incident has been resolved.

Issue Updating Support Portal Tickets

31 October 2022, 20:07 UTC
Security Agents and Module Security Console & API Cloud WAF Fastly WAF (Legacy) Next-Gen WAF (NGWAF) Agent Downloads Data Services Dashboard Data Rule and IP List updates Rate Limiting and Alerts Rule Processing Requests Signals Dashboard
 
31 October 2022, 21:51 UTC

We are continuing to investigate and monitor this issue as an isolated incident, please continue to send and monitor ticket updates via email (securitysupport@fastly.com) while we investigate.

 
31 October 2022, 23:47 UTC

Issue has been isolated and determined to be impacting customers whom have enabled SSO and have not accepted the invite sent from the console. Logging in directly from SSO will prevent customers from viewing, updating and interacting with tickets in the console. Fastly advises customers to accept the invite send from the console to resolve their issues with ticket logging and interactions.

OpenSSL - Pending Vulnerability Announcement

28 October 2022, 19:49 UTC
Security Agents and Module Security Console & API Cloud WAF Fastly WAF (Legacy) Next-Gen WAF (NGWAF) Agent Downloads Data Services Dashboard Data Rule and IP List updates Rate Limiting and Alerts Rule Processing Requests Signals Dashboard
 
28 October 2022, 19:49 UTC

Fastly is aware of an expected critical vulnerability the OpenSSL project is expected to disclose in the near future. We are studying the currently available information surrounding this vulnerability and do not currently believe that Signal Sciences is vulnerable. We will continue to monitor as additional information is released and will provide our customers with more information as available.

 
01 November 2022, 16:50 UTC

Fastly has reviewed the initial notification from OpenSSL regarding CVE-2022-3786 and CVE-2022-3602. We have analyzed the versions of OpenSSL in use at Fastly, and verified that we do not use OpenSSL 3.x. Fastly and customer usage of Fastly services are not vulnerable to CVE-2022-3786 or CVE-2022-3602.

Issue with Signal Sciences Requests Feed

28 August 2022, 12:28 UTC
Security Agents and Module Security Console & API Fastly WAF (Legacy) Next-Gen WAF (NGWAF)
 
28 August 2022, 12:28 UTC
Potential degradation of the population of request data within the Signal Sciences console. Service disruption would have lasted between 10:35 UTC and 12:12UTC. During this time customers may have experienced delays in the time requests processed by the agent were shown in their site request feeds. Service restoration activity has been completed and is stable.

Elevated API Errors

22 August 2022, 23:30 UTC
Security Agents and Module Security Console & API Fastly WAF (Legacy) Next-Gen WAF (NGWAF)
 
22 August 2022, 23:30 UTC
Potential degradation of access on the Signal Science console due to a recent deployment. Service disruption would have lasted between 22:24 UTC and 22:46 UTC. Service restoration activity has been completed and are stable. During these time API requests may have experienced intermittent errors.
 
22 August 2022, 23:31 UTC
Incident closed.

Impact to Signal Sciences Rate Limiting

17 August 2022, 19:52 UTC
Security Agents and Module Security Console & API Fastly WAF (Legacy) Next-Gen WAF (NGWAF)
 
17 August 2022, 19:52 UTC
Due to a Fastly deployment at 18:01 UTC, rule updates were degraded between 18:01 to 18:34 UTC. During this time agent updates (new rules, changed rules and blocking decisions) may not have occurred. Agents would continue to run with their last known rules. The change that caused this interruption has been rolled back (18:13 UTC) and no additional issues have been observed.
 
17 August 2022, 20:03 UTC
This incident has been resolved.

Cloud Provider Issues with Potential Impact to Signal Sciences

11 August 2022, 21:12 UTC
Security Agents and Module Security Console & API Fastly WAF (Legacy) Next-Gen WAF (NGWAF)
 
11 August 2022, 21:12 UTC
“We are seeing indications of possible instability with a major cloud provider. As a result some Signal Sciences may be intermittently impacted. Our teams have identified impact to the Signal Sciences Rule Builder. During this time new rule sets would not be pushed to agents. Customers sites would continue being protected by previous rule sets during this time. Agents should have received updated rules sets once systems recovered.”
 
11 August 2022, 21:12 UTC
We are seeing indications of possible instability with a major cloud provider. As a result some Signal Sciences may be intermittently impacted. Our teams have identified impact to the Signal Sciences Rule Builder. During this time new rule sets would not be pushed to agents. Customers sites will continue being protected by previous rule sets during this time. Agents should receive updated rules sets once systems recovered.
 
11 August 2022, 21:37 UTC
The issue has been identified and a fix is being implemented.
 
11 August 2022, 22:07 UTC
We have confirmed that the issues with Signal Sciences are not related to any cloud provider. This was related to an ongoing deployment within the organization, which has been rolled back since.
 
11 August 2022, 22:33 UTC
A fix has been implemented and we are monitoring the results.
 
11 August 2022, 22:51 UTC
This incident has been resolved.

Intermittent Errors on the Signal Sciences Management Console

09 August 2022, 21:46 UTC
Security Agents and Module Security Console & API Fastly WAF (Legacy) Next-Gen WAF (NGWAF)
 
09 August 2022, 21:46 UTC
We have received reports of intermittent errors when using the Signal Sciences Management Console. Our engineering teams are currently investigating.
 
09 August 2022, 21:53 UTC
The issue has been identified and a fix is being implemented.
 
09 August 2022, 22:11 UTC
We are continuing to work on a fix for this issue.
 
09 August 2022, 22:31 UTC
Customer rule provisioning and decisioning was briefly impacted from 21:13 to 21:27 UTC. A fix has been implemented and we are now monitoring the results.
 
09 August 2022, 22:36 UTC
This incident has been resolved.

Possible Cloud WAF deployment issues in US-East-2

28 July 2022, 18:37 UTC
Security Agents and Module Security Console & API Fastly WAF (Legacy) Next-Gen WAF (NGWAF)
 
28 July 2022, 18:37 UTC
A power outage has affected the us-east-2 availability zone Fastly leverages for some Cloud WAF customers. Deployments or changes to some Cloud WAF configurations may be delayed or intermittently fail. If you are experiencing issues with your Cloud WAF, please contact our Customer Security Operations Center so that we may assist.
 
28 July 2022, 18:54 UTC
A fix has been implemented and we are monitoring the results.