Zero-Downtime WAF Migration for a National Rail Operator
A national rail operator · Transport & critical infrastructure · EMEA
Migrated a national rail operator’s WAF to Cloudflare with zero downtime on live rail operations, deploying custom rules derived from penetration testing plus rate limiting, documented audits, and 24/7 support.
WAF cutover on live rail operations
custom WAF rules tuned to real vulnerabilities
support desk established for the new environment
audits confirming configuration and compliance
The challenge
- Transition the existing Web Application Firewall to Cloudflare without disrupting ongoing rail operations.
- Configure and deploy custom WAF rules informed by comprehensive penetration testing.
- Establish rate limiting and managed rules, deliver ongoing support and knowledge transfer, and maintain documented audits of the Cloudflare configuration.
Our approach
- 1 Built a detailed migration plan and ran a baseline audit of the existing WAF to understand current configuration and integration needs.
- 2 Set up the Cloudflare environment to mirror the existing configuration and completed a test migration with no impact on live operations.
- 3 Executed the full WAF migration with zero downtime, then deployed custom WAF rules from the penetration-testing insights and implemented rate limiting and managed rules.
- 4 Operationalized the platform: a 24/7 support desk, the first round of documented compliance audits, and training plus knowledge transfer for the client’s IT team.
Cloudflare & cloud services used
Client identity is withheld at the customer’s request. The figures and outcomes above are client-reported and reflect the engagement as delivered.
Facing something similar?
Nanosek can scope the work, the risks, and the rollback plan with you — as an authorized Cloudflare MSP/ASDP partner that also runs the rest of your cloud estate.