| Developers: | UserGate, Usergate (formerly Entensys) |
| Last Release Date: | 2026/01/15 |
| Branches: | Information security |
| Technology: | IS - Firewalls |
Content |
Main article: Firewall
2026: Enhanced Performance UserGate WAF 7.5.0 Beta
UserGate on January 15, 2026 announced the release of an updated version of the firewall for protecting web applications - UserGate WAF 7.5.0 Beta. The key features of the release were: improving performance, new signatures to protect popular services, expanding the capabilities of dashboards and customizing user lock pages. Along with the release of the new version of the solution, customers also have access to an additional high-performance hardware platform of their own design for UserGate WAF - E3010.
.jpg)
One of the tasks of the UserGate WAF product command is to optimize the operation and expand the functionality of the built-in OWASP TOP-10 module, which contains rules for blocking the exploitation of vulnerabilities in web applications and technologies. But the main direction of development of security expertise in UserGate WAF is protection against new types of attacks, including those aimed at Bitrix, React Server Components and other popular solutions and tools.
 | Our customers know that UserGate WAF provides maximum protection against all current threats while offering simple, convenient and efficient administration. Expanding the toolkit that a narrow segment of customers needs is also a priority for us in 2026. This is what the product team is focused on now, "said Vitaly Abramovich, UserGate WAF Development Manager. |  |
With improved resource utilization in UserGate WAF 7.5.0, the updated version shows a noticeable increase in solution performance - compared to 7.4.1, it increased by 31% for 4 cores and 23% for 8 cores. At the same time, at the request of the client, the solution can be delivered with even greater performance indicators by increasing the number of CPU cores.
UserGate WAF 7.5.0 received an updated implementation of dashboards, which have even more widgets, detailed visualization and the ability to manually configure their location. In addition to manual updates, customization of their update speed, multi-level filtering and a quick navigation mechanism in the interface have become available for dashboards and event log. Updated dashboards allow administrators to get more information in real time and better report it.
Another change in solution administration is the implementation of UserGate WAF and UserGate Management Center (MC) interaction. It will be available to customers after the release of UserGate MC 7.6.
Added a feature in demand that allows administrators to set their own response codes for blocked requests for specific rules or rule groups. Of course, there is also the ability to download a custom response page.
Simultaneously with the release of the new release, UserGate tested and expanded the list of hardware platforms for UserGate WAF. Added to the list is the high-performance UserGate E3010, which has a performance of up to 3000 RPS (Requests Per Second - the number of requests processed to web applications per second). The device is powered by a 24-core processor, has 64 GB of RAM and a 1 TB SSD. The UserGate platform E3010 certified and included in the register of the Ministry of Industry and Trade of Russia (No. 10600407) and is already available to customers.
2025
Start deliveries in the form of hardware platforms
UserGate on October 1, 2025 announced the start of deliveries of its firewall to protect UserGate WAF web applications in the form of hardware platforms. They are intended for organizations of the middle and large segments, which, in order to ensure the protection of their web applications, need an easy-to-implement and administer solution with a single technical support of the vendor at both the software and hardware levels. Delivery in the form of hardware complexes avoids compatibility problems between the server and software parts of the solution and achieves maximum performance to confidently counter threats to the information security of web applications. UserGate WAF is certified by the FSTEC of Russia, which allows it to be used to implement the regulatory requirements of the regulator.
In June 2025, UserGate WAF was introduced as a software solution. It is actively tested by customers, several companies have implemented implementation projects - UserGate WAF is already used as part of enterprise security systems to protect web applications. Further development of the product is aimed at achieving its maximum performance and expanding functionality.
UserGate WAF is a firewall for protecting web applications, fully developed by the company's specialists, in which, as of October 2025, about 11 thousand rules and variations of web traffic analysis were implemented. He conducts granular analysis of incoming and outgoing HTTP(S) traffic and protects web applications from a large range of threats, including those included in the list of OWASP TOR-10: DoS attacks on web applications, code injections, access control violations, all known vulnerabilities outdated species. ON At the same time, UserGate WAF implements a mechanism for updating expertise in real time, which allows you to deliver new rules and signatures, regardless of the timing of the next versions of the product.
Support for hardware platforms is implemented in UserGate WAF version 7.4.1. The product can be deployed both on customers' own computing power and on UserGate D200 and E1000 hardware platforms. In the future, the list of supported UserGate platforms will be expanded to include other models. At the same time, UserGate D200 provides higher UserGate WAF performance than the software version of the firewall on the same number of processor cores, and UserGate E1000, in addition, allows for increased fault tolerance thanks to support for "hot" power supply replacement. An additional advantage of using these platforms will be their presence in the warehouses of partner companies, which guarantees a high speed of their delivery to customers. Deliveries of UserGate WAF hardware platforms will begin on October 1, 2025. Their acquisition involves the purchase of two items: the UserGate hardware platform and the UserGate WAF Software License. At the same time, customers who already use the UserGate D200 or E1000 hardware platforms should take into account that UserGate NGFW and UserGate WAF cannot work at the same time.
| | The release of the solution in the form of hardware platforms is a reaction to feedback from a large number of customers who have shown interest in introducing the product at the public beta testing stage. These are organizations that lack their own computing power, as well as enterprises where the commissioning of new software is difficult due to the peculiarities of various procedures. Therefore, immediately after the release of the first commercial version, significant forces were devoted to ensuring compatibility and improving performance on UserGate hardware platforms. In addition, we sought to ensure the availability of a hardware solution - for this, we used UserGate D200 and UserGate, which were well-proven in use and available in the warehouses of our partners in sufficient quantities, E1000 said Vitaly Abramovich, UserGate WAF Development Manager. | |
UserGate WAF 7.4.0
On June 18, 2025, UserGate announced that it complements its product ecosystem with a specialized solution - a firewall for protecting the web applications, sites and APIs from narrowly targeted attacks and bots. UserGate WAF 7.4.0 became available for shipment to customers from June 18, 2025.
According to the company, UserGate WAF is a completely original solution based on its own engine for analyzing web traffic, developed by the company's specialists without using open-source components. This ensures an optimal level of security for the solution. UserGate WAF has the FSTEC No3905 certificate.
Avoiding the use of open source in development allows you to ensure full support and development of the solution. The product is supplied in the form of a virtual machine image for local deployment, there is compatibility with dozens of popular domestic and foreign hypervisors. The image includes the UGOS operating system and UserGate WAF software, which allows you to optimize the product deployment process. Another feature is built-in rule bases for protecting popular applications and protecting against threats from the OWASP Top-10 list. Databases are updated in real time regardless of software updates at the moment when UserGate experts find a new threat and create a rule to counter. This allows you to counter current threats and reduce manual settings of product security rules to a minimum. The deployment and basic configuration of the product takes 15 minutes. For finer configuration, users can create their own traffic analysis rules in UPL (UserGate Policy Language) without any restrictions. Application-level (L7) API and Anti-DoS protection features are present.
In the early stages of development, it was determined that the product would be a standalone solution, not one of the NGFW modules. This decision was made for several reasons. First of all, the protection of web applications is not relevant for everyone, but only for those companies in the infrastructure of which there are web applications and sites with incoming and outgoing HTTP (S) traffic. In addition, as a standalone solution, UserGate WAF provides the necessary flexibility and integration, as well as the ability to withstand narrowly targeted attacks. Among the reasons is the large variability in the logic of web applications among different customers, which requires individual configuration of the solution for the needs of each organization.
| | The release of UserGate WAF is an important step in the development of UserGate SUMMA, which is practical cyber security within the UserGate ecosystem. The products, services, educational courses and training programs that are included in it are based on the extensive expertise and competencies that the company has accumulated over the years and the separation of UserGate WAF into a separate product allows you to pack your knowledge of the security of web applications into a "box" ON to convey the solution to such problems in its entirety. This product uses its own UserGate technologies to protect customers' business systems from L7 attacks on web services and applications such as Cross-Site Scripting, OWASP TOP-10 or code injections through web query settings. emphasized Elman Beibutov, Director of Business Development at UserGate | |
The UserGate WAF solution is designed for local deployment and use to protect sites in web applications based on the customer's own infrastructure. The company's immediate plans include the release of UserGate WAF hardware and software systems.
UserGate WAF is a certified FSTEC product that quickly deploys in any infrastructure and interacts with the FW/NGFW of any manufacturer. Built-in expertise bases with more than 10,000 rules to protect popular applications and sites, as well as an intuitive interface, allow specialists, even without deep knowledge, information security to ensure the optimal level of security of their systems, and, if necessary, write their own protection rules. To work in closed circuits with increased information security requirements, there is the possibility of offline updates ON and expertise databases. Dedicated Development Team Within UserGate and the Long-Term Customer Feedback Product Development Plan provide a product that fully meets expectations.
At the same time, the potential of the Russian information security market in the WAF segment is quite high. This is primarily due to the large number of customers who pay special attention to the security of their infrastructure, but for a number of reasons are looking for solutions that will meet their needs. In addition, due to the relevance of the general trend in the Russian market for import substitution technologies, customers who use foreign solutions take an active part in testing domestic products and consider them as a full-fledged import-independent alternative.
| | The Russian market for web application protection systems is actively developing, but it is still far from saturated despite the fact that authoritative domestic vendors offer their WAF class solutions. Many customers continue to use foreign developments, waiting for the emergence of a domestic product that will most fully meet their needs. Some enterprises prefer open source solutions, forced to come to terms with all the shortcomings that they have. Moreover, our experience with customers shows that there are organizations that do not use special tools to protect web applications. narrated by Vitaliy Abramovich, UserGate WAF Development Manager | |
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |