We are currently investigating elevated errors to our Request stats in our NGWAF Dashboard services.

Our engineers have identified the contributing factor and are applying a fix to Requests stats in our NGWAF Dashboard services.

Engineering has confirmed the impact to NGWAF Requests dashboard services has been mitigated.

Our engineers have observed a recurrence of this issue and identified the contributing factor. They are currently applying a fix to Requests stats in our NGWAF Dashboard services.

Update: Agents appeared offline within the service dashboard from 21:25 UTC to 21:50 UTC (~25 minutes), however our investigations confirmed that they were still operational.

• Engineering has confirmed the impact to our NGWAF Agent and Module services have been mitigated.
  

Engineers are continuing to apply mitigations for Request services within our dashboard.

Our network availability and all other services are unaffected by this incident.

Engineering has confirmed the impact to NGWAF Request dashboard services has been mitigated, we will resolve this status post after a period of monitoring.

This event has been resolved.

Our engineers have identified the contributing factor and are applying a fix to NGWAF@edge and Cloud WAF services.

All other locations and services are unaffected.

Engineering has confirmed the impact to Agents and Module, NGWAF@Edge, Cloud WAF has been mitigated.

Engineering has confirmed that Agents and Module, NGWAF@Edge, Cloud WAF has been fully restored. Customers may have experienced NGWAF agents not receiving updates from 17:58 to 18:42 UTC.

This incident is resolved.

On the 18th of December 2023 at 05:00 UTC, Fastly engineers inadvertently launched an incomplete agent release for our NGWAF services. We ask that any customer who deployed release version 4.49.1, to rollback to the previous version 4.49.0. 

There is no impact to customer services as a result of this inadvertent release. Our network availability and all other services are unaffected. 

Fastly is currently experiencing issues with NGWAF GeoIP country identification. Customers may experience instances in which NGWAF  labels requests with an incorrect region. For further information, please contact support@fastly.com.

This issue has been identified and a fix is being implemented. 

A fix has been implemented and we are monitoring the results.

This incident has been resolved.

Our teams have detected an issue that impacts Signal Sciences data collectors beginning at 00:53 UTC. Agents may appear offline in dashboard/API, agents will not receive rule updates; rate limit rules, templated rules and sites alerts will not take new traffic into account; new traffic will not appear in the dashboard/API. Customers may experience delays in data available in the Signal Sciences console.

This issue has been identified and a fix is being implemented. 

A fix has been implemented and we are monitoring the results.

This incident has been resolved.

Our teams have detected an issue that is currently impacting Signal Sciences updated rule sets for rules with one hour interval. Alerts configured to look back one hour, as well as system alerts, may not be available.

A fix has been implemented and we are monitoring the results.

This incident has been resolved.

We are continuing to investigate and monitor this issue as an isolated incident, please continue to send and monitor ticket updates via email (securitysupport@fastly.com) while we investigate.

Issue has been isolated and determined to be impacting customers whom have enabled SSO and have not accepted the invite sent from the console. Logging in directly from SSO will prevent customers from viewing, updating and interacting with tickets in the console. Fastly advises customers to accept the invite send from the console to resolve their issues with ticket logging and interactions.

Fastly is aware of an expected critical vulnerability the OpenSSL project is expected to disclose in the near future. We are studying the currently available information surrounding this vulnerability and do not currently believe that Signal Sciences is vulnerable. We will continue to monitor as additional information is released and will provide our customers with more information as available.

Fastly has reviewed the initial notification from OpenSSL regarding CVE-2022-3786 and CVE-2022-3602. We have analyzed the versions of OpenSSL in use at Fastly, and verified that we do not use OpenSSL 3.x. Fastly and customer usage of Fastly services are not vulnerable to CVE-2022-3786 or CVE-2022-3602.