nginx · travisamartin · Nov 7, 2025 · Nov 7, 2025
@@ -1,7 +1,7 @@
 ---
 nd-docs: DOCS-1031
 files:
-  - content/nim/nginx-app-protect/setup-waf-config-management.md
+  - content/nim/waf-integration/configuration/setup-waf-config-management.md
 ---
 
 {{< call-out "note" >}}Make sure `gpg` is installed on your system before continuing. You can install NGINX Agent using command-line tools like `curl` or `wget`.{{< /call-out >}}

@@ -4,13 +4,13 @@ nd-docs: DOCS-1295
 
 To use basic authentication for API requests, include your base64-encoded credentials as a "Basic" token in the "Authorization" header. To create the base64-encoded credentials, run the following command:
 
-```bash
+```shell
 echo -n <username>:<password> | base64
 ```
 
 Once you've generated the credentials, you can include them in your API request. Here's how to do it with `curl`:
 
-```bash
+```shell
 curl -X GET "https://<NIM_FQDN>/api/platform/<API_VERSION>/systems" -H "Authorization: Basic <base64_encoded_credentials>"
 ```
 

@@ -12,6 +12,6 @@ nd-docs: "DOCS-1663"
 
 2.	Restart NGINX Instance Manager:
 
-    ``` bash
+    ```shell
     sudo systemctl restart nms
     ```
@@ -12,7 +12,7 @@ nd-docs: "DOCS-1666"
 
 2. Log in to the Docker registry using the contents of the JSON Web Token file:
 
-   ```bash
+   ```shell
    docker login private-registry.nginx.com --username=<JWT_CONTENTS> --password=none
    ```
 
@@ -2,8 +2,8 @@
 nd-docs: DOCS-991
 ---
 
-You can access the NGINX Instance Manager API documentation from the web interface:
+Access the NGINX Instance Manager API documentation from the web interface:
 
-1. Log in to the FQDN of your NGINX Instance Manager host.
-2. Select **API Documentation** from the Launchpad menu.
-3. On the left menu, select **NIM and Platform API**.
+1. Go to the FQDN of your NGINX Instance Manager host and log in.  
+2. From the Launchpad menu, select **API Documentation**.  
+3. In the left menu, choose **NIM and Platform API**.
@@ -2,4 +2,6 @@
 nd-docs: DOCS-1050
 ---
 
-You can use tools like `curl` or [Postman](https://www.postman.com) to interact with the NGINX Instance Manager REST API. The API URL is `https://<NIM-FQDN>/api/[nim|platform]/<API_VERSION>`, and each request requires authentication. For more details on authentication options, see the [API Overview]({{< ref "/nim/fundamentals/api-overview.md" >}}).
+Use tools such as `curl` or [Postman](https://www.postman.com) to send requests to the NGINX Instance Manager REST API.
+The API base URL is `https://<NIM-FQDN>/api/[nim|platform]/<API_VERSION>`.  
+All requests require authentication. For details on authentication methods, see the [API overview]({{< ref "/nim/fundamentals/api-overview.md" >}}).
@@ -6,7 +6,7 @@ You can access the NGINX Instance Manager web interface using the external IP ad
 
 1. To look up the external IP address for the API Gateway, run the following command:
 
-   ```bash
+   ```shell
    kubectl -n nim get svc apigw
    ```
 

@@ -0,0 +1,26 @@
+---
+docs:
+files:
+  - /nim/security-monitoring/update-signatures.md
+---
+
+1. Open an SSH connection to the data plane host and log in.
+1. Generate a Signature Report file using the [Attack Signature Report Tool]({{< ref "/waf/configure/converters.md#attack-signature-report-tool" >}}). Save the file as `signature-report.json`:
+
+    ```shell
+    sudo /opt/app_protect/bin/get-signatures -o ./signature-report.json
+    ```
+
+1. Open an SSH connection to the management plane host and log in.
+1. Copy the `signature-report.json` file to the NGINX Instance Manager control plane at `/usr/share/nms/sigdb/`:
+
+    ```shell
+    sudo scp /path/to/signature-report.json {user}@{host}:/usr/share/nms/sigdb/signature-report.json
+    ```
+
+1. Restart the NGINX Instance Manager services to apply the update:
+
+    ```shell
+    sudo systemctl restart nms-ingestion
+    sudo systemctl restart nms-core
+    ```
@@ -6,7 +6,7 @@
 
     - **Debian/Ubuntu**:
 
-       ```bash
+       ```shell
        sudo update-ca-certificates
        ``` 
 

@@ -2,13 +2,13 @@
 nd-docs: DOCS-1068
 ---
 
-NGINX Instance Manager supports the following versions of [F5 WAF for NGINX](https://docs.nginx.com/nginx-app-protect/):
+NGINX Instance Manager supports the following versions of [F5 WAF for NGINX](https://docs.nginx.com/waf/):
 
-{{<bootstrap-table "table table-striped table-bordered">}}
+{{< table >}}
 
-| NGINX Instance Manager | F5 WAF for NGINX              |
-|------------------------|------------------------------------|
-| 2.17.0–2.20.0          | Release 4.8.0–4.16.0, 5.1.0–5.9.0 |
+| NGINX Instance Manager | F5 WAF for NGINX                  |
+| ---------------------- | --------------------------------- |
+| 2.17.0–2.21.0          | Release 4.8.0–4.16.0, 5.1.0–5.9.0 |
 | 2.15.1–2.16.0          | Release 4.8.0–4.10.0              |
 | 2.14.1–2.15.0          | Release 4.4.0–4.7.0               |
 | 2.13.0–2.14.0          | Release 4.3.0–4.5.0               |
@@ -20,5 +20,4 @@ NGINX Instance Manager supports the following versions of [F5 WAF for NGINX](htt
 | 2.7.0                  | Release 3.12.2–4.0.0              |
 | 2.6.0                  | Release 3.12.2                    |
 
-{{</bootstrap-table>}}
-
+{{</ table >}}
@@ -5,15 +5,15 @@ Follow the steps below to uninstall NGINX Instance Manager and ClickHouse.
 
 - **For CentOS, RHEL, and RPM-based distributions:**
 
-   ```bash
+   ```shell
    sudo yum remove -y nms-*
    sudo systemctl stop clickhouse-server
    sudo yum remove -y clickhouse-server
    ```
 
 - **For Debian, Ubuntu, and Deb-based distributions:**
 
-   ``` bash
+   ```shell
    sudo apt-get remove -y nms-*
    sudo systemctl stop clickhouse-server
    sudo apt-get remove -y clickhouse-server

@@ -0,0 +1,22 @@
+---
+docs:
+files:
+  - content/nim/waf-integration/configuration/_index.md
+  - content/nim/waf-integration/configuration/install-waf-compiler/install.md
+  - content/nim/waf-integration/configuration/install-waf-compiler/install-disconnected.md
+---
+
+Make sure you’ve completed the following tasks:
+
+- You have one or more [F5 WAF for NGINX]({{< ref "/waf/" >}}) instances running.  
+  For supported versions, see [Support for F5 WAF for NGINX]({{< ref "/nim/fundamentals/tech-specs.md#f5-waf" >}}).
+
+  {{< call-out "note" >}}
+  If you plan to use configuration management and Security Monitoring, follow the steps in the [setup guide]({{< ref "/nim/security-monitoring/set-up-app-protect-instances.md" >}}) before continuing.
+  {{< /call-out >}}
+
+- NGINX Instance Manager is [installed]({{< ref "/nim/deploy/vm-bare-metal/_index.md" >}}), licensed, and running.  
+
+  The latest version of NGINX Instance Manager is recommended to ensure full compatibility and access to the newest features.
+
+  If you have a subscription for F5 WAF for NGINX, you can find your license in the subscription details section of [MyF5](https://my.f5.com).
@@ -1,7 +1,7 @@
 ---
 nd-docs: DOCS-000
 files:
-  - content/nim/nginx-app-protect/setup-waf-config-management.md
+  - content/nim/waf-integration/configuration/setup-waf-config-management.md
 ---
 
 Restart the `nms-integrations` service:

@@ -0,0 +1,80 @@
+---
+doc:
+files:
+  - content/nim/waf-integration/configuration/setup-signatures-and-threats/automatic-download.md
+---
+
+Follow these steps to get and upload the certificate and key:
+
+1. Log in to [MyF5](https://account.f5.com/myf5).
+1. Go to **My Products and Plans > Subscriptions**.
+1. Download these files from your F5 WAF for NGINX subscription:
+   - `nginx-repo.crt` (certificate)
+   - `nginx-repo.key` (private key)
+1. Create a JSON file that contains both files. Replace each newline (`\n`) in the certificate and key with a literal `\n` so the formatting is correct inside the JSON file.
+
+   **Example request:**
+
+   ```json
+   {
+     "name": "nginx-repo",
+     "nginxResourceType": "NginxRepo",
+     "certPEMDetails": {
+       "caCerts": [],
+       "password": "",
+       "privateKey": "-----BEGIN PRIVATE KEY-----\n[content snipped]\n-----END PRIVATE KEY-----\n",
+       "publicCert": "-----BEGIN CERTIFICATE-----\n[content snipped]\n-----END CERTIFICATE-----",
+       "type": "PEM"
+     }
+   }
+   ```
+
+1. Upload the file to NGINX Instance Manager using the REST API:
+
+   ```shell
+   curl -X POST 'https://{{NIM_FQDN}}/api/platform/v1/certs'    --header "Authorization: Bearer <access token>"    --header "Content-Type: application/json"    -d @nginx-repo-certs.json
+   ```
+
+1. If successful, you’ll see a response similar to this:
+
+   **Example response:**
+
+   ```json
+   {
+     "certAssignmentDetails": [],
+     "certMetadata": [
+       {
+         "authorityKeyIdentifier": "<fingerprint>",
+         "commonName": "<subscription name>",
+         "expired": false,
+         "expiry": 59789838,
+         "issuer": "C=US, ST=Washington, L=Seattle, Inc., O=F5 Networks\\, OU=Certificate Authority, CN=F5 PRD Issuing Certificate Authority TEEM V1",
+         "publicKeyType": "RSA (2048 bit)",
+         "serialNumber": "<serial number>",
+         "signatureAlgorithm": "SHA256-RSA",
+         "subject": "CN=<subscription name>",
+         "subjectAlternativeName": "",
+         "subjectKeyIdentifier": "<fingerprint>",
+         "thumbprint": "<thumbprint>",
+         "thumbprintAlgorithm": "SHA256-RSA",
+         "validFrom": "2021-12-21T16:57:55Z",
+         "validTo": "2024-12-20T00:00:00Z",
+         "version": 3
+       }
+     ],
+     "certPEMDetails": {
+       "caCerts": [],
+       "password": "**********",
+       "privateKey": "**********",
+       "publicCert": "[content snipped]",
+       "type": "PEM"
+     },
+     "created": "2023-01-27T23:42:41.587760092Z",
+     "modified": "2023-01-27T23:42:41.587760092Z",
+     "name": "nginx-repo",
+     "serialNumber": "<serial number>",
+     "uid": "d08d9f54-58dd-447a-a71d-6fa5aa0d880c",
+     "validFrom": "2021-12-21T16:57:55Z",
+     "validTo": "2024-12-20T00:00:00Z"
+   }
+   ```
@@ -0,0 +1,31 @@
+---
+docs:
+files:
+  - /nim/waf-integration/configuration/install-waf-compiler/install.md
+  - /nim/waf-integration/configuration/install-waf-compiler/install-disconnected.md
+---
+
+{{<bootstrap-table "table table-striped table-bordered">}}
+
+| F5 WAF for NGINX version | WAF compiler version       |
+|---------------------------|----------------------------|
+| 5.9.0                     | nms-nap-compiler-v5.527.0  |
+| 5.8.0                     | nms-nap-compiler-v5.498.0  |
+| 5.7.0                     | nms-nap-compiler-v5.442.0  |
+| 5.6.0                     | nms-nap-compiler-v5.342.0  |
+| 5.5.0                     | nms-nap-compiler-v5.264.0  |
+| 5.4.0                     | nms-nap-compiler-v5.210.0  |
+| 5.3.0                     | nms-nap-compiler-v5.144.0  |
+| 5.2.0                     | nms-nap-compiler-v5.48.0   |
+| 5.1.0                     | nms-nap-compiler-v5.17.0   |
+| 4.16.0                    | nms-nap-compiler-v5.498.0  |
+| 4.15.0                    | nms-nap-compiler-v5.442.0  |
+| 4.14.0                    | nms-nap-compiler-v5.342.0  |
+| 4.13.0                    | nms-nap-compiler-v5.264.0  |
+| 4.12.0                    | nms-nap-compiler-v5.210.0  |
+| 4.11.0                    | nms-nap-compiler-v5.144.0  |
+| 4.10.0                    | nms-nap-compiler-v5.48.0   |
+| 4.9.0                     | nms-nap-compiler-v5.17.0   |
+| 4.8.1                     | nms-nap-compiler-v4.815.0  |
+
+{{</bootstrap-table>}}
@@ -54,7 +54,7 @@ F5 NGINX One Console makes it easy to manage NGINX instances across locations an
 ### More information
 
 {{<card-section showAsCards="true" >}}
-  {{<card title="Secure with F5 WAF for NGINX" titleUrl="/nginx-one/nap-integration/" >}}
+  {{<card title="Secure with F5 WAF for NGINX" titleUrl="/nginx-one/waf-integration/" >}}
     Set up security policies by instance and group
   {{</card>}}
   {{<card title="Organize users with RBAC" titleUrl="/nginx-one/rbac/" >}}

@@ -26,14 +26,13 @@ You can now graph any two metrics simultaneously on one chart within the Metrics
 ### Expanded features for configuring NGINX security policies with F5 WAF
 
 You can now configure the following for F5 WAF policies directly in the NGINX One Console:
+- [Signature Sets]({{< ref "/nginx-one/waf-integration/add-signature-sets.md" >}})
+- [Signature Exceptions]({{< ref "/nginx-one/waf-integration/add-signature-sets.md#exceptions" >}})
+- [Parameters]({{< ref "/nginx-one/waf-integration/cookies-params-urls.md#add-parameters" >}})
+- [URLs]({{< ref "/nginx-one/waf-integration/cookies-params-urls.md#add-urls" >}})
+- [Cookies]({{< ref "/nginx-one/waf-integration/cookies-params-urls.md#add-cookies" >}})
 
-- [Signature Sets]({{< ref "/nginx-one/nap-integration/add-signature-sets.md" >}})
-- [Signature Exceptions]({{< ref "/nginx-one/nap-integration/add-signature-sets.md#exceptions" >}})
-- [Parameters]({{< ref "/nginx-one/nap-integration/cookies-params-urls.md#add-parameters" >}})
-- [URLs]({{< ref "/nginx-one/nap-integration/cookies-params-urls.md#add-urls" >}})
-- [Cookies]({{< ref "/nginx-one/nap-integration/cookies-params-urls.md#add-cookies" >}})
-
-For more details, see the [F5 WAF Integration Guide ]({{< ref "/nginx-one/nap-integration/" >}}).
+For more details, see the [F5 WAF Integration Guide ]({{< ref "/nginx-one/waf-integration/" >}}).
 
 ## October 2, 2025
 
@@ -53,7 +52,7 @@ See the [Getting Started Guide]({{< ref "/nginx-one/getting-started.md#install-n
 
 ### Set up F5 WAF for NGINX security policies
 
-You can now incorporate [F5 WAF for NGINX]({{< ref "/waf/" >}}) in NGINX One Console UI. For details, see [Secure with F5 WAF for NGINX]({{< ref "/nginx-one/nap-integration/" >}}).
+You can now incorporate [F5 WAF for NGINX]({{< ref "/waf/" >}}) in NGINX One Console UI. For details, see [Secure with F5 WAF for NGINX]({{< ref "/nginx-one/waf-integration/" >}}).
 
 In NGINX One Console, you can:
 

@@ -123,10 +123,10 @@ After configuring signature sets and exceptions:
 
 1. Select **Add Policy**. The policy JSON will be updated with your changes.
 1. Your policy will appear in the list under the name you provided.
-1. You can then [deploy]({{< ref "/nginx-one/nap-integration/deploy-policy.md/" >}}) the policy to either:
+1. You can then [deploy]({{< ref "/nginx-one/waf-integration/deploy-policy.md/" >}}) the policy to either:
    - An instance
    - A Config Sync Group
 
-From NGINX One Console, you can [review and modify]({{< ref "/nginx-one/nap-integration/review-policy.md/" >}}) your saved policies at any time by selecting **App Protect > Policies**.
+From NGINX One Console, you can [review and modify]({{< ref "/nginx-one/waf-integration/review-policy.md/" >}}) your saved policies at any time by selecting **App Protect > Policies**.
 
 For a complete list of available signature sets and detailed information about attack signatures, see the [Attack Signatures]({{< ref "/waf/policies/attack-signatures.md" >}}) documentation.
-Original file line number
+Diff line change
@@ Expand Up @@
 . To look up the external IP address for the API Gateway, run the following command:
-       ```bash
+       ```shell
        kubectl -n nim get svc apigw
        ```
@@ Expand Down @@