We have planning to launch a public-facing web application soon which will contain sensitive data, as well as several API’s. Among the various layers of defense and best practices (i.e. secure application development, DevSecOps) we are implementing, we are also thinking of a good WAF to implement. Given that we are already using Palo Alto for network security (Next-Gen FW, IDS/IPS, etc), we are planning to use Palo Alto’s WAF capability (known as WAAS).
Has anyone here had experience with Palo Alto WAAS? Interested in knowing your experience with this feature, such as pros and cons. If you haven’t used Palo Alto WAAS before, have you experienced any issues with any WAF’s that you did use?