Connection and Integration
- The domain secure.aegister.com connects to Cloud Defender through the Cloud_External_IP_Address.
- The system combines Cloud WAF and OneFirewall Threat Prevention for layered protection.
Request Handling
- When a client sends a request, for example to client1.domain1.com:
- client1.domain1.com is set up as a CNAME for secure.aegister.com.
- The request carries the originating IP address and the X-Forwarded-For header, which trace the traffic’s path.
Traffic Analysis
- Client traffic flows through Cloud Defender (the “blue tunnel” in the diagram), where two checks run:
- Threat Intelligence Analysis: continuously updated WAF rules score the risk of each request.
- Traffic Evaluation: further queries to client domains or hostnames verify the traffic’s origin and authenticity.
Decision and Action
- The system acts on the analysis:
- If the traffic is safe, it grants access to the endpoint behind client1.domain1.com.
- If it detects a high risk level or a malicious IP, it blocks the request and denies access.