Hi Prashant,
I guess you'll need to get a pd.debug (or even pd.snoop) trace of the connection when WAF is in place and when WAF is removed. Then you can look to see what the difference is between the requests that come via the WAF and those that don't. Whatever is causing the difference must be at the HTTP traffic because anything lower than that (TCP/TLS etc) wouldn't allow WAF connection to affect the backend connection (because they are separate).
If I had to guess I'd be looking for things like missing/modified session cookies or encoding headers or something which cause the backend server to have to do more work when the WAF is in place than when removed.
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------
Original Message:
Sent: Wed August 18, 2021 08:25 AM
From: Prashant Narkhede
Subject: Placing WAF in front of WebSEAL causing performance issues
Hi Team,
We have implemented the SSO for the customer by introducing ISAM in their environment.
Before ISAM, WAF and customer applications were working fine.
After ISAM has been introduced, there are lot of performance issues observed. The pdweb.debug shows the slowness in response from backend application.
After lot of troubleshooting, the team decide to remove the WAF completely and internet traffic directly reaching to SLB in front of WebSEAL. With this change, no performance issues has been observed. Not even from backend.
So it looks that something wrong with WAF-ISAM communication.
However, customer's say is that it was working fine with WAF before then why the issue with ISAM or WebSEAL.
The IndusFace WAF is being used currently which is there on AWS.
Is there any tuning/configuration at WAF side or ISAM side needs to be done to fix the issue?
Regards,
Prashant Narkhede
------------------------------
Prashant Narkhede
------------------------------