Implementation of web application firewall (WAF) solutions can be a complex process with multiple factors affecting the overall performance of the solution. Each of these factors should be considered over the course of the useful life of the solution, including: What applications and web services will it protect? What is the predominant traffic mix? What security policy is applied? There is usually a trade-off between security effectiveness and performance (capacity); a product’s security effectiveness should be evaluated within the context of its capacity (and vice versa). This ensures that new security protections do not adversely impact capacity and security shortcuts are not taken to maintain or improve capacity. This report is part of a series of Comparative Analysis Reports (CAR) on security, performance, total cost of ownership (TCO) and Security Value Map (SVM). In addition, a SVM Toolkit is available to NSS clients that allows for the incorporation of organization-specific costs and requirements to create a completely customized SVM.