---
title: Getting started with the Edge WAF
summary: null
url: >-
  https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/getting-started-with-the-edge-waf
---

If your web application uses a [Fastly CDN or Compute service](https://www.fastly.com/documentation/guides/getting-started/services/about-services), you can integrate the [Next-Gen WAF](https://docs.fastly.com/products/fastly-next-gen-waf) into your request flow by enabling an Edge WAF deployment. Like your CDN or Compute service, Fastly delivers the Edge WAF through our [global network of POPs](https://www.fastly.com/documentation/guides/getting-started/concepts/using-fastlys-global-pop-network). This means that you don’t have to make any changes to your hosting environment (e.g., installing clients or applications locally). The Edge WAF is able to process a request within a few milliseconds.

## Prerequisites

Before enabling the Edge WAF, be sure you have the following prerequisites in place:

- You must purchase the [Next-Gen WAF](https://docs.fastly.com/products/fastly-next-gen-waf) for your Fastly account by contacting [sales@fastly.com](mailto:sales@fastly.com). Once purchased, our staff will give you access to the Next-Gen WAF product in either the [Fastly control panel](https://manage.fastly.com) or the [Next-Gen WAF control panel](https://dashboard.signalsciences.net/). Our staff will also create a Next-Gen WAF corp (also known as account) and at least one site (also known as workspace) for your use.
- If you have access to the product in the Fastly control panel, you must be assigned the [superuser role](https://www.fastly.com/documentation/guides/account-info/user-and-account-management/about-user-roles-and-permissions) in order to [enable the Edge WAF](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/edge-waf-deployment-using-the-fastly-control-panel#setting-up-the-deployment). If you only have access to the product in the Next-Gen WAF control panel, you must be assigned the [owner role](https://www.fastly.com/documentation/guides/next-gen-waf/account-info/using-user-roles-and-permissions) in order to [enable the Edge WAF](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/ngwaf-control-panel/setting-up-edge-waf-deployments-using-the-next-gen-waf-control-panel).
- You must have an existing [CDN or Compute service](https://www.fastly.com/documentation/guides/getting-started/services/about-services) that you want to map to an existing [Next-Gen WAF site](https://www.fastly.com/documentation/guides/next-gen-waf/managing-sites#adding-sites-workspaces) (workspace).

## Quick start

Once all [prerequisites](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/getting-started-with-the-edge-waf#prerequisites) have been met, you can enable the Edge WAF for your web application. If you're able to access the WAF using the Fastly control panel, follow the Fastly control panel instructions. Otherwise, use the Next-Gen WAF control panel instructions.

### Fastly Control Panel

To deploy the Next-Gen WAF on an existing CDN or Compute service, complete the following steps:

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   From the [**Home**](https://manage.fastly.com/home) page, select the appropriate service. You can use the search box to search by ID, name, or domain.

3. Click **Service configuration** and then **Security**.

4. Fill out the following deployment settings on the Next-Gen WAF card:

   ![Edit Next-Gen WAF deployment settings](/img/ngwaf/edit-ngwaf-deployment.png)

   - From the **Workspace** menu, select the workspace that you want to link to the service. If your account only has one workspace, this field is read-only.
   - (CDN services only) In the **% of traffic** field, enter the percentage of traffic that you want the Next-Gen WAF to inspect. When set to `100`, all traffic to your service is inspected. When the value is less than 100, a random sample of the specified percentage is inspected.

5. Click the **Next-Gen WAF** switch to the **On** position.

6. In the confirmation window, click **Update all versions**.

7. _(Optional)_ [Use attack tooling](https://www.fastly.com/documentation/guides/next-gen-waf/developer/testing-with-attack-tooling) to verify that the Next-Gen WAF is monitoring your web application and identifying malicious and anomalous requests.

### Next Gen Waf Control Panel

To deploy the Next-Gen WAF on an existing CDN service, complete the following steps:

> **HINT:** Have a Compute service? Check out [our tutorial](https://www.fastly.com/documentation/solutions/tutorials/next-gen-waf-compute).

1. Using the curl command line tool, call the [PUT /edgeDeployment](https://www.fastly.com/documentation/signalsciences/api/#_corps__corpName__sites__siteName__edgeDeployment_put) API endpoint. Be sure to replace `${SIGSCI_EMAIL}` and `${SIGSCI_TOKEN}` with your email and [Next-Gen WAF API token](https://www.fastly.com/documentation/guides/next-gen-waf/developer/using-an-api-with-the-next-gen-waf#about-api-access-tokens) and `${corpName}` and `${siteName}` with those of your corp (account) and site (workspace). You can find these values in the address of the Next-Gen WAF control panel, such as `https://dashboard.signalsciences.net/corps/${corpName}/sites/${siteName}`.

   ```term copy nolinenums
   $ curl -X PUT "https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/edgeDeployment" \
   -H "x-api-user:${SIGSCI_EMAIL}" \
   -H "x-api-token:${SIGSCI_TOKEN}" \
   -H "Content-Type: application/json"
   ```

2. Using the curl command line tool, call the [PUT /deliveryIntegration/${fastlySID}](https://www.fastly.com/documentation/signalsciences/api/#_corps__corpName__sites__siteName__deliveryIntegration__fastlySID__put) API endpoint. Be sure to replace `${FASTLY_KEY}` with your [Fastly authentication token](https://www.fastly.com/documentation/reference/api/#authentication), `${fastlySID}` with the ID of your CDN service, and `${SIGSCI_EMAIL}`, `${SIGSCI_TOKEN}`, `${corpName}`, and `${siteName}` with the same values used in the previous step.

   ```term copy nolinenums
   $ curl -H "x-api-user:${SIGSCI_EMAIL}" -H "x-api-token:${SIGSCI_TOKEN}" \
   -H "Fastly-Key: ${FASTLY_KEY}" -H "Content-Type: application/json" -X PUT \
   -d '{"activateVersion": true, "percentEnabled": 100}' \
   "https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/deliveryIntegration/${fastlySID}"
   ```

   The Edge WAF starts inspecting all traffic that passes through your CDN service.

3. _(Optional)_ [Use attack tooling](https://www.fastly.com/documentation/guides/next-gen-waf/developer/testing-with-attack-tooling) to verify that the Next-Gen WAF is monitoring your web application and identifying malicious and anomalous requests.

For detailed set up instructions, check out [Setting up Edge WAF deployments using the Next-Gen WAF control panel](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/ngwaf-control-panel/setting-up-edge-waf-deployments-using-the-next-gen-waf-control-panel).

## What’s next

Learn more about [how the Edge WAF works](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/how-the-edge-waf-works) and [adjust the protection](https://www.fastly.com/documentation/guides/next-gen-waf/getting-started/start-here#3-test-your-staging-or-production-website-at-increasing-blocking-levels) of your web application as needed.

## Related content

- [Edge Deployment API](https://www.fastly.com/documentation/signalsciences/api/#_corps__corpName__sites__siteName__edgeDeployment_put)