F5 分布式云服务仅适用于年度企业订阅,可满足高级应用网络和安全要求。
感谢您有兴趣了解 F5 Distributed Cloud Services。F5 代表将很快与您联系,协助您处理此请求。
年度订阅支持各种用例,其中包括应用安全和多云网络。标准产品可提供基本功能,而高级产品则专为满足分布式云和边缘站点中对高级 API 安全和服务网络的严苛要求而量身打造。
高级应用安全包括 API 发现和保护、行为 Bot 缓解和第 7 层 DDoS 缓解。
扩展多云网络,以支持跨多云和边缘站点的分布式应用群集之间的安全服务网络高级用例。
通过 CDN、DNS 和应用堆栈,提高全局应用性能和可靠性。
WAF | Standard |
Advanced |
|
---|---|---|---|
Signature based protection | Mitigate application and API vulnerabilities with F5's core WAF technology, backed by our advanced signature engine containng nearly 8,000 signatures for CVEs, plus other known vulnerabilities and techniques including Bot Signatures identified by F5 Labs and threat researchers | Yes | Yes |
Compliance enforcement | Combination of violations, evasions and http protocol compliance checks. | Yes | Yes |
Automatic attack signature tuning | Self-learning, probabilistic model that suppresses false positive triggers | Yes | Yes |
Masking Sensitive Parameters/Data in Logs | Users can mask sensitive data in request logs by specifying http header name, cookie name, or query parameter name. Only values are masked. By default, values of query parameters card, pass, pwd, and password are masked. | Yes | Yes |
Custom blocking pages/response codes | When a request or repsonse is blocked by the WAF, users have the ability to customize the blocking response page served to the client. | Yes | Yes |
Allowed responses codes from origin | User can specify which HTTP response status codes are allowed. | Yes | Yes |
IP Reputation | Analyzes IP threats and publishes a dynamic data set of millions of high-risk IP addresses maintained by F5, to protect app endpoints from inbound traffic from malicious IPs. IP treat categories include Spam Sources, Windows Exploits, Web Attacks, Botnets, Scanners Denial of Services, Phishing and more. | Yes | Yes |
Sensitive Data Protection for Apps | Data Guard prevents HTTP/HTTPS responses from exposing sensitive information, like credit card numbers and social security numbers, by masking the data. | Yes | Yes |
Exclusion rules | Rules that define the signature IDs and violations/attack types that should be excluded from WAF processing based on specific match criteria. The specific match criteria include domain, path, and method. If the client request matches on all these criteria, then the WAF will exclude processing for the items configured in the detection control. | Yes | Yes |
CSRF protection | Allows users to easily configure/specify the appropriate, allowed source domains | Yes | Yes |
Cookie protection | Cookie Protection provides the ability to modify response cookies by adding SameSite, Secure, and Http Only attributes. | Yes | Yes |
GraphQL protection | The WAF engine inspects GraphQL requests for vulnerabilities and will block traffic based on the F5 signature database | Yes | Yes |
DDoS Mitigation | Standard |
Advanced |
|
Fast ACLs | Network Firewall controls allowing users to block ingress traffic from specific sources, or apply rate limits to network traffic from a specific source. Enhanced protections allow for filtering traffic based on source address, source port, destination address, destination port, and protocol. | Yes | Yes |
Layer 3-4 DDoS Mitigation | Multi-layered, volumetric attack mitigation including a combination of pre-set mitigation rules with automitigation and advanced routed DDoS mitigation scrubbing with full packet analysis via BGP route advertisement or authoritative DNS resolution for customers needing DDoS protection for on premises or public cloud applications and associated networks. | No | Yes |
Layer 3-4 DDoS Mitigation | Multi-layered, volumetric attack mitigation including a combination of pre-set mitigation rules with auto mitigation and advanced DDoS mitigation scrubbing for customers consuming Distributed Cloud services only – the platform protects customer provisioned services on the F5 network from DDoS attacks. | Yes | No |
Layer 7 DoS - Detection and mitigation | Anomaly detection and alerting on abnormal traffic patterns and trends across apps and API endpoints, leveraging advanced machine learning (ML) to detect spikes, drops and other changes in app and API behavior over time by analyzing request rates, error rates, latency and throughput with the ability to deny or rate limit endpoints including auto-mitigation. | Yes | Yes |
Layer 7 DoS - Policy based challenges | Custom policy-based challenges can be set up to execute a Javascript or Captcha challenge. Define match criteria and rules when to trigger challenges based on source IP and reputation, ASNs or Labels (cities, countries) helping to filter out attackers from legitimate clients trying to execute an attack. | Yes | Yes |
Slow DDoS Mitigation | "Slow and low" attacks tie up server resources, leaving none available for servicing requests from actual users. This feature allows for the configuration and enforcement of request timeout and request header timeout values. | Yes | Yes |
Application Rate Limiting | Rate limiting controls the rate of requests coming into or going out of an application origin. Rate limiting can be controlled for apps using key identifiers IP address, Cookie name, and/or HTTP header name. | No | Yes |
API | Standard |
Advanced |
|
Signature based protection | F5 Distributed Cloud App Firewall supports inspection of the two most popular API protocols - GraphQL, and REST | Yes | Yes |
API Discovery and Schema Learning | Advanced machine learning, Enables markup and analysis of API endpoints for applications in order to discover API endpoints and perform behavioral analysis. This includes request and response schemas, sensitive data detection and authentication status. Providing inventory and shadow API sets with OpenAPI spec (OAS) generation. | No | Yes |
API Schema Import | Import OpenAPI spec files to define API groups and set rules to control access to and enforce behavior of APIs. | No | Yes |
OpenAPI Spec Validation | API spec enforcement functionality enables a positive security model for APIs, allowing organization to easily enforce desired API behavior based on characteristics for valid, API requests. These characteristics are used to validate input and output data for things like data type, min or max length, permitted characters, or valid values ranges. | No | Yes |
Posture Management | Includes the capability to learn and detect the authentication type and status of API Endpoints plus API risk scoring. API Endpoints Risk Score feature provides users with a comprehensive measure of the risk associated with their API endpoints. The risk score is calculated using a variety of techniques, such as vulnerability discovery, attack impact, business value, attack likelihood, and mitigating controls. This helps organizations evaluate and prioritize API vulnerabilities in order to quickly identify APIs that require additional security measures. | No | Yes |
API Protection Rules | Organizations can granularly control API endpoint connectivity and request types. They can identify, monitor, and block specific clients and connections all together or set particular thresholds. These includes deny listing (blocking) based on IP address, region/country, ASN or TLS fingerprint, plus more advanced rules defining specific match criteria guiding app and API interactions with clients, including HTTP method, path, query parameters, headers, cookies, and more. This granular control of API connections and requests can be done for individual APIs or an entire domain. | No | Yes |
API Rate Limiting | Rate limiting controls the rate of requests coming into or going out of API endpoints. | No | Yes |
Sensitive Data Protection for APIs | Detect generic (credit card, social security number) or less common and custom PII data patterns (addresses, names, phone numbers) within API responses, then mask the sensitive data or block API endpoints that are transmitting sensitive information. | No | Yes |
Bot Defense | Standard |
Advanced |
|
Signature based protection | The WAF signature engine includes unique signatures for automated threats and bot techniques including crawlers, DDoS/DoS and more. | Yes | Yes |
Bot Defense | Protects apps from automated attacks by leveraging JavaScript and API calls to collect telemetry and mitigate sophisticated attacks with constant ML analysis of signal data to rapidly respond to bot retooling, dynamic updates of real-time detection models designed to protect against all bot use cases e.g. credential stuffing, account takeover, fake accounts etc. | No | Yes |
Client-side Defense | Provides multi-phase protection for web applications against Formjacking, Magecart, digital skimming and other malicious JavaScript attacks. This multi-phase protection system includes detection, alerting, and mitigation. | Yes | Yes |
Network Connect | Standard |
Advanced |
|
Multi-cloud transit | Layer 3 network transit between public clouds, on-premises datacenters and distributed edge sites | Yes | Yes |
Security service insertion | Integrate third-party network firewall services such as BIG-IP and Palo Alto Networks across multiple cloud networks. | Yes | Yes |
Network segmentation | Granular network isolation and microsegmentation to secure network segments on premises and across public cloud networks | Yes | Yes |
End-to-end-encryption | Native TLS encryption for all data transit across networks | Yes | Yes |
Automated provisioning | Automated provisioning and orchestration of public cloud network constructs | Yes | Yes |
App Connect | Standard |
Advanced |
|
App and service networking | Distributed load balancing services for TCP, UDP and HTTPS requests between app clusters across clouds | No | Yes |
App segmentation | Granular security policies to control access to API endpoints and clusters in distributed cloud environments | No | Yes |
Service discovery | Identify service availability across distributed app clusters | No | Yes |
Ingress and egress | Route based policy enforcement fo HTTP and HTTPS traffic | No | Yes |
End-to-end-encryption | Native TLS encryption for all data transit across networks | Yes | Yes |
DNS | Standard |
Advanced |
|
Automatic Failover | Ensure high availability of DNS environments with seamless failover to F5 Distributed Cloud DNS. | Yes | Yes |
Auto-scaling | Automatically scale to keep up with demand as the number of applications increases, traffic patterns change, and request volumes grow. | Yes | Yes |
DDoS Protection | Prevent distributed denial-of-service (DDoS) attacks or manipulation of domain responses with built-in protection. | Yes | Yes |
DNSSEC | DNS extension that guarantees authenticity of DNS responses, including zone transfers, and to return Denial of Existence responses that protect your network against DNS protocol and DNS server attacks | Yes | Yes |
TSIG Authentication | Automate services with declarative APIs & an intuitive GUI | Yes | Yes |
API Support | Transaction signature keys that authenticate communications about zone transfers between client and server | Yes | Yes |
DNS Load Balancer (DNSLB) | Standard |
Advanced |
|
Global Location-Based Routing | Direct clients to the nearest application instance with geolocation-based load balancing for the best user experience. | Yes | Yes |
Intelligent Load Balancing | Directs application traffic across environments, performs health checks, and automates responses. Includes fully-automated disaster recovery | Yes | Yes |
API support | Automate services with declarative APIs & an intuitive GUI | Yes | Yes |
ADC Telemetry | Track performance, app health, and usage with basic visualization | Yes | Yes |
Multi-Faceted Security | Dynamic security includes automatic failover, built-in DDoS protection, DNSSEC, and TSIG authentication | Yes | Yes |
Observability | Standard |
Advanced |
|
Reporting, Rich Analytics and Telemetry | Unified visibility from application to infrastructure across heterogeneous edge and cloud deployments, including granular status of application deployments, infrastructure health, security, availability, and performance | Yes | Yes |
Security Incidents | Events view that groups thousands of individual events into related security incidents based on context and common characteristics. Aimed at making investigation of app security events easier. | Yes | Yes |
Security Events | Single dashboard view into all security events across full breadth of web app and API security functionality with customization and drill down into all WAF, Bot, API and other layer 7 security events | Yes | Yes |
Global Log Receiver - Log Export Integration (i.e Splunk) | Log distribution to external log collection systems including Amazon S3, Datadog, Splunk, SumoLogic and more. | Yes | Yes |
Other | Standard |
Advanced |
|
Malicious User Detection + Mitigation | AI/ML powered malicious user detection performs user behavior analysis and assigns a suspicion score and threat level based on the acitivity of each user. Client interactions are analyzed on how a client compares to others—the number of WAF rules hit, forbidden access attempts, login failures, error rates, and more. Malicious user mitigation is an adaptive response and risk-based challenge capability - serving different challenges such as Javascript or Captcha challenge or block temporarily based on user threat level. | No | Yes |
Service Policies | Enables micro segmentation and support for advanced security at the application layer with development of allow/deny lists, Geo IP filtering and custom rule creation to act on incoming requests including match and request constraint criteria based on a variety of attributes/parameters TLS fingerprint, geo/country, IP prefix, HTTP method, path, headers and more. | Yes | Yes |
CORS policy | Cross-Origin Resource Sharing (CORS) is useful in any situation where the browser, by default, will disallow a cross-origin request and you have a specific need to enable them. CORS policy is a mechanism that uses additional HTTP header information to inform a browser to allow a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. | Yes | Yes |
Trusted Client IP Headers | Identification of real client IP addresses for monitoring, logging, defining allow/deny policies etc. Security events and request logs will show this real client IP address as the source IP, when this feature is enabled. | Yes | Yes |
Mutual TLS | Support for both TLS and mutual-TLS for authentication with policy-based authorization on the load balancer/proxy provides the capability to enforce end-to-end security of application traffic. Mutual TLS supports the ability to send client certificate details to origin servers in x-forwarded-client-cert (XFCC) request headers. | Yes | Yes |
Support | Standard |
Advanced |
|
24/7/365 Support | Support provided in a variety of methods including in console ticketing, email and phone support. | Yes | Yes |
Uptime SLAs (99.99%) | Yes | Yes | |
Audit Logs (30 days) | Yes | Yes | |
Security Logs (30 days) | Yes | Yes | |
Request Logs (7 days) | Yes | Yes |
利用 F5 核心 WAF 技术,以及在我们的高级签名引擎(包含近 8,000 个 CVE 签名,以及其他已知的漏洞和技术,包括 F5 Labs 和威胁研究人员发现的 Bot 签名)的支持下,缓解应用和 API 漏洞。
结合违规、规避和 http 协议合规性检查。
可抑制误报触发的自主学习概率模型。
用户可以通过指定 HTTP 标头名称、Cookie 名称或查询参数名称,屏蔽请求日志中的敏感数据。仅有数值会被蔽值。默认情况下,会屏蔽查询参数卡、pass、pwd 和密码的值。
当 WAF 拦截请求或响应时,用户能够自定义提供给客户端的拦截响应页面。
用户可以指定允许的 HTTP 响应状态代码。
分析 IP 威胁并发布由 F5 维护的数百万个高风险 IP 地址的动态数据集,以保护应用端点免受来自恶意 IP 的入站流量影响。IP 威胁类别包括垃圾邮件来源、Windows 漏洞利用、Web 攻击、僵尸网络、扫描器拒绝服务、网络钓鱼等。
Data Guard 通过屏蔽数据,预防 HTTP/HTTPS 响应泄露敏感信息,如信用卡号和社会安全号码。
定义基于特定匹配条件,应从 WAF 处理中排除的签名 ID 和违规/攻击类型的规则。特定匹配条件包括域、路径和方法。如果客户端请求匹配所有这些条件,WAF 将会排除对检测控制中所配置项目的处理。
允许用户轻松配置/指定合适且被允许的源域。
Cookie 保护能够通过添加 SameSite、Secure 和 Http Only 属性来修改响应 Cookie。
WAF 引擎能够检查 GraphQL 请求是否存在漏洞,并根据 F5 签名数据库拦截流量。
网络防火墙控制允许用户拦截来自指定来源的入站流量,或对来自指定来源的网络流量施加速率限制。增强保护允许根据源地址、源端口、目标地址、目标端口和协议过滤流量。
对跨应用和 API 端点的异常流量模式和趋势进行异常检测和警报,利用先进的机器学习 (ML),通过分析请求率、错误率、延迟和吞吐量,检测应用和 API 行为随时间的激增、下降和其他变化,并且能够拒绝或限制端点速率。
“缓慢和低速”攻击会占用服务器资源,导致无法为真实用户的请求提供服务。该功能允许配置和执行请求超时和请求标头超时值。
F5 分布式云应用防火墙支持检查两种最常见的 API 协议 - GraphQL 和 REST。
WAF 签名引擎包括自动化威胁和 Bot 技术的独特签名,其中包括爬虫、DDoS/DoS 等。
为 Web 应用提供多阶段防护,以预防 Formjacking、Magecart、数字掠夺和其他恶意的 JavaScript 攻击。这种多阶段防护系统包括检测、警报和缓解。
公有云、本地数据中心和分布式边缘站点之间的 3 层网络传输。
跨多个云网络集成第三方网络防火墙服务,如 BIG-IP 和 Palo Alto Networks。
精细的网络隔离和微分段,以确保本地和跨公有云网络的网络段安全。
为网络上的所有数据传输提供本机 TLS 加密。
公有云网络构建的自动化配置和编排。
为网络上的所有数据传输提供本机 TLS 加密。
通过制定许可/拒绝列表、地理 IP 过滤和自定义规则创建,在应用层启用微分段并支持高级安全性,以对传入的请求采取行动,其中包括基于各种属性/参数(TLS 指纹、地理/国家或地区、IP 前缀、HTTP 方法、路径、标头等)匹配和请求限制条件。
在默认情况下,浏览器不允许进行跨域请求,但如果您在某情况下需要启用,您可借助跨域资源共享 (CORS) 。CORS 策略是一种机制,使用其他 HTTP 标头信息通知浏览器,以允许在一个源(域)上运行的 Web 应用有权访问来自不同域的服务器的所选资源。
识别真实的客户端 IP 地址,以监控、记录、定义许可/拒绝策略等。启用此功能后,安全事件和请求日志将显示此真实的客户端 IP 地址作为源 IP。
通过对负载均衡器/代理进行基于策略的授权,支持 TLS 和双向 TLS 进行身份验证,可确保应用流量的端到端安全性。双向 TLS 支持在 x-forwarded-client-cert (XFCC) 请求标头中,将客户端证书详细信息发送给源服务器。
通过各种方式提供支持,包括控制台工单、电子邮件和电话支持。
运行时间 SLA (99.99%)
Audit Logs(30 天)
指标(< 30 天)
请求日志(< 30 天)
利用 F5 核心 WAF 技术,以及在我们的高级签名引擎(包含近 8,000 个 CVE 签名,以及其他已知的漏洞和技术,包括 F5 Labs 和威胁研究人员发现的 Bot 签名)的支持下,缓解应用和 API 漏洞。
结合违规、规避和 http 协议合规性检查。
可抑制误报触发的自主学习概率模型。
用户可以通过指定 HTTP 标头名称、Cookie 名称或查询参数名称,屏蔽请求日志中的敏感数据。仅有数值会被蔽值。默认情况下,会屏蔽查询参数卡、pass、pwd 和密码的值。
当 WAF 拦截请求或响应时,用户能够自定义提供给客户端的拦截响应页面。
用户可以指定允许的 HTTP 响应状态代码。
速率限制可以控制请求进出应用源的速率。对于使用密钥标识符 IP 地址、Cookie 名称和/或 HTTP 标头名称的应用,可以控制速率限制。
分析 IP 威胁并发布由 F5 维护的数百万个高风险 IP 地址的动态数据集,以保护应用端点免受来自恶意 IP 的入站流量影响。IP 威胁类别包括垃圾邮件来源、Windows 漏洞利用、Web 攻击、僵尸网络、扫描器拒绝服务、网络钓鱼等。
Data Guard 通过屏蔽数据,预防 HTTP/HTTPS 响应泄露敏感信息,如信用卡号和社会安全号码。
定义基于特定匹配条件,应从 WAF 处理中排除的签名 ID 和违规/攻击类型的规则。特定匹配条件包括域、路径和方法。如果客户端请求匹配所有这些条件,WAF 将会排除对检测控制中所配置项目的处理。
允许用户轻松配置/指定合适且被允许的源域。
Cookie 保护能够通过添加 SameSite、Secure 和 Http Only 属性来修改响应 Cookie。
WAF 引擎能够检查 GraphQL 请求是否存在漏洞,并根据 F5 签名数据库拦截流量。
网络防火墙控制允许用户拦截来自指定来源的入站流量,或对来自指定来源的网络流量施加速率限制。增强保护允许根据源地址、源端口、目标地址、目标端口和协议过滤流量。
多层次、容量耗尽攻击缓解包括将预设的缓解规则与自动缓解和高级路由的 DDoS 缓解清理相结合,并通过 BGP 路由通告或权威的 DNS 解析,进行全面的数据包分析。
对跨应用和 API 端点的异常流量模式和趋势进行异常检测和警报,利用先进的机器学习 (ML),通过分析请求率、错误率、延迟和吞吐量,检测应用和 API 行为随时间的激增、下降和其他变化,并且能够拒绝或限制端点速率。
基于机器学习 (ML) 的功能,能够根据一段时间内对单个客户端行为和应用性能的分析(包括请求率、错误率、延迟等),为异常的 7 层流量配置自动缓解。
“缓慢和低速”攻击会占用服务器资源,导致无法为真实用户的请求提供服务。该功能允许配置和执行请求超时和请求标头超时值。
F5 分布式云应用防火墙支持检查两种最常见的 API 协议 - GraphQL 和 REST。
先进的机器学习,可对应用的 API 端点进行标记和分析,以发现 API 端点并进行行为分析。这包括请求和响应模式、敏感数据检测和身份验证状态。利用 OpenAPI 规范 (OAS) 生成,提供库存和影子 API 集。
导入 OpenAPI 规范文件,以定义 API 组并设置规则,从而控制对 API 的访问并执行 API 行为。
API 规范执行功能为 API 启用了积极的安全模型,使企业能够根据有效 API 请求的特征,轻松执行所需的 API 行为。这些特性用于验证输入和输出数据,如数据类型、最小或最大长度、允许的字符或有效值范围。
包括能够学习和检测 API 端点的身份验证类型和状态,以及 API 风险评分。API 端点风险评分功能让用户能够全面衡量与其 API 端点相关的风险。风险评分通过各种技术进行计算,例如漏洞发现、攻击影响、商业价值、攻击可能性和缓解控制。这有助于企业评估 API 漏洞并确定其优先级,以便快速识别需要采取额外安全措施的 API。
企业可以精细控制 API 端点连接和请求类型。他们可以一同识别、监控和拦截特定的客户端与连接,或设置特定的阈值。其中包括根据 IP 地址、地区/国家、ASN 或 TLS 指纹的拒绝列表(拦截),以及定义特定匹配条件并指导应用和 API 与客户端交互的更高级规则,包括 HTTP 方法、路径、查询参数、标头、Cookie 等。这种针对 API 连接和请求的精细控制可以针对单个 API 或整个域进行。
速率限制可控制进出 API 端点的请求速率。
检测 API 响应中的通用(信用卡、社会安全号码)或不太常见的自定义 PII 数据模式(地址、姓名、电话号码),然后屏蔽敏感数据或拦截传输敏感信息的 API 端点。
WAF 签名引擎包括自动化威胁和 Bot 技术的独特签名,其中包括爬虫、DDoS/DoS 等。
通过利用 JavaScript 和 API 调用来收集遥测数据,保护应用免受自动化攻击,并通过不断对信号数据进行 ML 分析,缓解复杂攻击,以快速响应 Bot 重组攻击,动态更新旨在预防所有 Bot 用例(例如撞库攻击、帐户接管、虚假帐户等)的实时检测模型。
为 Web 应用提供多阶段保护,以预防 Formjacking、Magecart、数字掠夺和其他恶意的 JavaScript 攻击。这种多阶段保护系统包括检测、警报和缓解。
公有云、本地数据中心和分布式边缘站点之间的 3 层网络传输。
跨多个云网络集成第三方网络防火墙服务,如 BIG-IP 和 Palo Alto Networks。
精细的网络隔离和微分段,以确保本地和跨公有云网络的网络段安全。
为网络上的所有数据传输提供本机 TLS 加密。
公有云网络构建的自动化配置和编排。
跨云的应用集群间的 TCP、UDP 和 HTTPS 请求的分布式负载均衡服务。
精细的安全策略,以控制对分布式云环境中 API 端点和群集的访问。
识别跨分布式应用群集的服务可用性。
为 HTTP 和 HTTPS 流量执行基于路由的策略。
为网络上的所有数据传输提供本机 TLS 加密。
人工智能/机器学习驱动的恶意用户检测可进行用户行为分析,并根据每个用户的活跃度,给出可疑分数并划定威胁等级。分析客户端互动情况,以了解客户端与其他客户端的对比情况 - 命中的 WAF 规则数、禁止访问次数、登录失败次数、错误率等。恶意用户缓解是对自适应功能响应和风险挑战的能力,可根据用户威胁等级,提供不同的挑战,例如 Javascript 或 Captcha 挑战或暂时拦截。
通过制定许可/拒绝列表、地理 IP 过滤和自定义规则创建,在应用层启用微分段并支持高级安全性,以对传入的请求采取行动,其中包括基于各种属性/参数(TLS 指纹、地理/国家或地区、IP 前缀、HTTP 方法、路径、标头等)匹配和请求限制条件。
在默认情况下,浏览器不允许进行跨域请求,但如果您在某情况下需要启用,您可借助跨域资源共享 (CORS) 。CORS 策略是一种机制,使用其他 HTTP 标头信息通知浏览器,以允许在一个源(域)上运行的 Web 应用有权访问来自不同域的服务器的所选资源。
识别真实的客户端 IP 地址,以监控、记录、定义许可/拒绝策略等。启用此功能后,安全事件和请求日志将显示此真实的客户端 IP 地址作为源 IP。
通过对负载均衡器/代理进行基于策略的授权,支持 TLS 和双向 TLS 进行身份验证,可确保应用流量的端到端安全性。双向 TLS 支持在 x-forwarded-client-cert (XFCC) 请求标头中,将客户端证书详细信息发送给源服务器。
通过各种方式提供支持,包括控制台工单、电子邮件和电话支持。
运行时间 SLA (99.99%)
Audit Logs(30 天)
指标(< 30 天)
请求日志(< 30 天)