Introduction

Sitecore Managed Cloud customers can request to migrate from WAF v1 to WAF v2. This article outlines what Managed Cloud customers need to know about the technical implementation for the migration of WAF v1 to WAF v2. For more details on the Azure Application Gateway and WAF products and how they work to secure a Sitecore Content Delivery server, see this article.

Prerequisites

When the Service Request is created, the following items must be provided. These can be included in the Service Request form or the engineer completing the setup will request them from the customer:

• The PFX certificate that corresponds to the Sitecore CD web app public DNS name.
• The certificate password.

Migration And Timing

The following notes outline timing and the overall process followed by the Sitecore Managed Cloud team in completing this Service Request:

1. After the migration, IP restrictions (Public IP address of WAF v2) will be configured on the Sitecore Content Delivery web app in Azure. Now CD instance can be accessible by Public IP address of WAF v1 and WAF v2.

   We have enabled WAF logs for monitoring and troubleshooting and also applied HTTP to HTTPs redirection rule in WAF v2.

2. Right after the WAF service is deployed, the customer must configure their DNS server to create the needed records. DNS records on NS-servers may take up to 72 hours to fully update, so the final configuration might require up to 3 days.
3. Sitecore engineers will coordinate a time window with the customer for the WAF migration. Once the customer validate & verify that Sitecore environment is working with WAF v2, Sitecore will delete the WAF v1 and associated resources.

WAF V2 Migration Final Steps

After the WAF v2 is configured by the Managed Cloud Sitecore engineers, the following details will be provided to the customer in the Service Request ticket:

• The WAF deployment is finished.
• All of your resources are now located in the mc-{your-identifier-here}-virtualNetwork virtual network.
• Please note that your Sitecore CD web app is only available now by Public IP (PIP) address: XXX.XXX.XXX.XXX.
• The PIP is associated with mc-{your-identifier-here}-applicationGateway-wafv2 application gateway.
• Next, you should set up the redirect from your Sitecore CD DNS https://{your.domain.here.com} to XXX.XXX.XXX.XXX to finish the migration.
• Once changes has been validated and tested, please get back to Sitecore team to delete WAF v1 & associated resources.