Skip to content

Broadcom Layer7 API Gateways

Broadcom's Layer7 API Gateways provide a robust solution for controlling and securing an organization's API traffic. Wallarm can function as a connector to enhance the security of APIs managed through Broadcom Layer7 API Gateways.

To use Wallarm as a connector for Broadcom Layer7 API Gateway, you need to deploy the Wallarm Node externally and configure Wallarm policies on the gateway to route traffic to the Wallarm Node for analysis.

The Broadcom connector supports only in-line traffic flow.

Use cases

Among all supported Wallarm deployment options, this solution is recommended in case when you manage your APIs with the Layer7 API Gateways.

Limitations

Requirements

To proceed with the deployment, ensure that you meet the following requirements:

  • Understanding of the Broadcom Layer7 API Gateways product.

  • Your application and API are linked and running on Broadcom Layer7 API Gateways.

  • Broadcom Policy Manager is installed and connected to the Broadcom Gateway.

Deployment

1. Deploy a Wallarm Node

The Wallarm Node is a core component of the Wallarm platform that you need to deploy. It inspects incoming traffic, detects malicious activities, and can be configured to mitigate threats.

You need to deploy it in your own infrastructure as a separate service using one of the following artifacts:

2. Add the Node's SSL/TLS certificate to the Policy Manager

To enable the Broadcom Gateway to route traffic to the Wallarm Node over HTTPS, add the Node's SSL/TLS certificate to the Policy Manager:

  1. Open Broadcom Policy Manager → TasksCertificates, Keys and SecretsManage Certificates.

  2. Click AddRetrieve via SSL and specify the Wallarm Node's address.

3. Obtain and deploy Wallarm policies

To configure the Broadcom Gateway to route traffic through the Wallarm Node:

  1. Contact sales@wallarm.com to get the Wallarm policy code bundles.

  2. Open Broadcom Policy Manager → your Broadcom Gateway's menu → Create Policy and add 2 policies:

    • Request forwarding policy: Assign the Global Policy Fragment type and message-received tag.

    • Response forwarding policy: Assign the Global Policy Fragment type and message-completed tag.

  3. For the request forwarding policy (forward-requests-to-wallarm in this example):

    1. Import the wallarm-request-blocking.xml file.
    2. Specify the Wallarm Node instance address in the wlrm-node-addr parameter.
    3. Save and Active the policy.

  4. For the response forwarding policy (forward-responses-to-wallarm in this example):

    1. Import the wallarm-response.xml file.
    2. Save and Active the policy.

Testing

To test the functionality of the deployed policy, follow these steps:

  1. Send the request with the test Path Traversal attack to your Gateway address:

    curl http://<YOUR_GATEWAY_ADDRESS>/etc/passwd

  2. Open Wallarm Console → Attacks section in the US Cloud or EU Cloud and make sure the attack is displayed in the list.

    Attacks in the interface

    If the Wallarm Node mode is set to blocking, the request will also be blocked.

Upgrading the Wallarm policies

To upgrade the Wallarm policies deployed on Broadcom to a newer version:

  1. Contact sales@wallarm.com to get the updated code bundle.

  2. Import the updated policy files into the existing policy instances in Policy Manager as described in the deployment steps.

  3. Configure the policy parameters with the correct values.

  4. Save and Activate the updated policies.

Policy upgrades may require a Wallarm Node upgrade, especially for major version updates. See the Wallarm Native Node changelog for release updates and upgrade instructions. Regular node updates are recommended to avoid deprecation and simplify future upgrades.