---
title: Configuring Edge WAF deployments using the Next-Gen WAF control panel
summary: null
url: >-
  https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/ngwaf-control-panel/configuring-edge-waf-deployments-using-the-next-gen-waf-control-panel
---

> **IMPORTANT:** This guide only applies to Next-Gen WAF customers who **cannot** access the WAF in the Fastly control panel. If you can access the WAF in the Fastly control panel, refer to the [Edge WAF deployment using the Fastly control panel](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/edge-waf-deployment-using-the-fastly-control-panel) guide instead.

After [deploying the Edge WAF](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/ngwaf-control-panel/setting-up-edge-waf-deployments-using-the-next-gen-waf-control-panel), you can:

- change the [percentage of traffic](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/ngwaf-control-panel/configuring-edge-waf-deployments-using-the-next-gen-waf-control-panel#changing-the-percentage-of-traffic-sent-to-the-waf) that is sent to the WAF.
- use [request headers](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/ngwaf-control-panel/configuring-edge-waf-deployments-using-the-next-gen-waf-control-panel#customizing-inspection-with-headers) to customize inspection.
- [re-assign the Fastly service](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/ngwaf-control-panel/configuring-edge-waf-deployments-using-the-next-gen-waf-control-panel#re-mapping-a-fastly-cdn-service-to-a-different-site-workspace) to a different site (workspace).

## Changing the percentage of traffic sent to the WAF

You can control the amount of traffic inspected by the Edge WAF using the `Enabled` dictionary key. This value is available in the `Edge_Security` dictionary and is automatically created when you attach a delivery service.

The default value is 0, with numbers greater than zero representing a percentage of the traffic being inspected. This means that unless you change the value of the `Edge_Security` Edge dictionary, your WAF will be enabled but won't inspect any traffic. If the value is set to 100, all traffic (100%) will be passed through the Edge WAF. If the value is less than 100, a random sample of the specified percentage will be sent through the Edge WAF.

> **HINT:** >As the `Edge_Security` Edge dictionary no longer uses the `DISABLED` field, set `Enabled` to 0 if you don't want the WAF to inspect any traffic. Alternatively, you can [use the control panel](https://www.fastly.com/documentation/guides/next-gen-waf/about-the-agent-mode#changing-the-agent-mode-protection-mode) to control blocking and logging behavior of the Edge WAF or to turn off agent configurations entirely.

## Customizing inspection with headers

You can use [`X-SigSci-` headers](https://www.fastly.com/documentation/guides/next-gen-waf/developer/x-sigsci-headers#adding-headers-to-customize-inspection-for-edge-waf-deployments) to force the Next-Gen WAF to inspect requests, to disable inspection, and to skip initial inspection.

## Re-mapping a Fastly CDN service to a different site (workspace)

To re-assign the Fastly service to a different site (workspace), follow these steps:

1. If the site (workspace) is new or had a deployment type other than Edge WAF, mark the site (workspace) as an edge deployment by calling the [Edge WAF deployment API endpoint](https://www.fastly.com/documentation/signalsciences/api/#_corps__corpName__sites__siteName__edgeDeployment_put):

   ```term copy nolinenums
   $ curl -X PUT "https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/edgeDeployment" \
   -H "x-api-user:${SIGSCI_EMAIL}" \
   -H "x-api-token:${SIGSCI_TOKEN}" \
   -H "Content-Type: application/json"
   ```

   For more information about this API endpoint, check out the [Creating the edge security service](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/ngwaf-control-panel/setting-up-edge-waf-deployments-using-the-next-gen-waf-control-panel/#creating-the-edge-security-service) section.

2. Using the curl command line tool, call the [DELETE deliveryIntegration/${fastlySID} API endpoint](https://www.fastly.com/documentation/signalsciences/api/#_corps__corpName__sites__siteName__deliveryIntegration__fastlySID__delete) in a terminal application:

   ```term copy nolinenums
   $ curl -v -H "x-api-user: ${SIGSCI_EMAIL}" -H "x-api-token: ${SIGSCI_TOKEN}" \
   -H "Fastly-Key: ${FASTLY_KEY}" -H 'Content-Type: application/json' -X DELETE \
   "https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/deliveryIntegration/${fastlySID}"
   ```

   This API call requires the [Fastly-Key](https://www.fastly.com/documentation/reference/http/http-headers/Fastly-Key/) header for authentication. The Fastly API key must have write access to the Fastly service ID. This API call removes all backends from the Edge WAF deployment connected to the Fastly service and detaches the Fastly service from the Edge WAF deployment.

3. Using the curl command line tool, call the [PUT deliveryIntegration/{fastlySID} API endpoint](https://www.fastly.com/documentation/signalsciences/api/#_corps__corpName__sites__siteName__deliveryIntegration__fastlySID__put) in a terminal application to map the existing Fastly service to the new `${siteName}`. For example:

   ```term copy nolinenums
   $ curl -H "x-api-user:${SIGSCI_EMAIL}" -H "x-api-token:${SIGSCI_TOKEN}" \
   -H "Fastly-Key: ${FASTLY_KEY}" -H 'Content-Type: application/json' -X PUT \
   -d '{"activateVersion": true, "percentEnabled": 100}' \
   "https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/deliveryIntegration/${fastlySID}"
   ```

   This API call will activate a new service version by updating the existing Next-Gen WAF VCL dynamic snippet with the new edge security service ID. It also sets the percent of traffic sent to the WAF for inspection to `100`.

4. _(Optional)_ Increase the [percentage of traffic](https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/edge-deployment/ngwaf-control-panel/configuring-edge-waf-deployments-using-the-next-gen-waf-control-panel#changing-the-percentage-of-traffic-sent-to-the-waf) sent to the WAF for inspection.

## Related content

- [Using Next-Gen WAF in Compute](https://www.fastly.com/documentation/solutions/tutorials/next-gen-waf-compute/)