Need some additional confirmation on this please. What IP do external clients need to whitelist for reaching WAF-hosted websites?
Scenario: A public client, who whitelists all of their allowed outbound traffic, is trying to reach a website hosted on a sub account on an Imperva WAF frontend. The published IP for all sites under that sub account is always the same and is an IP on Imperva's subnet = 45.60.0.0/16.
Question: Which of the following should we instruct the client to whitelist:
1. just the IP that the website resolves to (since it is never changing and static)
2. the entire subnet that this IP belongs to (to be prepared if it should ever change in the future? although the IP has been static for several years.)
3. All of the Incapsula subnets listed at
https://docs.imperva.com/howto/c85245b7 (which appears to only be for WAF-2-backend application WL needs?
4. other
#CloudWAF(formerlyIncapsula)------------------------------
donna
------------------------------