The WAF section is completely new to v8, so there's no documentation done yet. For a breif overview though, the tabs do the following (Right to left):
Firewall Profile: This tab lets you setup different levels of security you will want to apply to different web servers. The policy defines whether you will do AV scanning, and what attack protection types you want to enable, such as SQL injection.
Real Web Servers: This tab is where you tell Astaro how to reach the real web servers you have running inside your network. Every web server you want to filter with WAF will need to be listed here. When you choose how to connect, (IP, port number, HTTP/HTTPS) you are deciding how Astaro will reach that server, not how internet clients will reach it. Astaro can connect to the server using http, for instance, but internet users may connect to the WAF using https.
Virtual Servers: This tab allows you to safely expose real web servers to the internet. You can define how users are allowed to connect, and what policy their connections will be filtered with.
