HAProxy Launches Fusion 2.0 and Unified Gateway 1.0 at KubeCon Amsterdam
HAProxy Technologies has launched HAProxy Fusion 2.0 and HAProxy Unified Gateway 1.0 at KubeCon Amsterdam. Fusion 2.0 introduces centralized security policy management with Security Profiles, a visual Threat-Response Matrix, and a unified security control plane for WAF, bot management, and DDoS protection. Built on HAProxy Enterprise 3.2 LTS, it includes native Kubernetes deployment via a new Oper
HAProxy Technologies has released Fusion 2.0 and Unified Gateway 1.0, announced at KubeCon Amsterdam this week. The update turns HAProxy from a load balancer with security features into a full security control plane.
What Fusion 2.0 brings
The headline feature is centralized security policy management. Fusion 2.0 introduces Security Profiles: preset security policies that administrators can apply across all HAProxy Enterprise deployments in a few clicks. A new visual Threat-Response Matrix lets operators configure WAF rules, bot management, and DDoS protection without writing HAProxy configuration by hand.
The underlying engine runs on HAProxy Enterprise 3.2 LTS, which includes an updated WAF engine for SQL injection, XSS, and CSRF detection, plus a new Threat Detection Engine for bot classification. That engine distinguishes between humans, verified bots (search engines, AI crawlers), and malicious traffic using behavioral and reputational signals.
Cloud-native push
Fusion 2.0 ships with a Kubernetes Operator that deploys the full control plane in under five minutes. New Consul Enterprise integration, an official Terraform Provider, and OIDC role mapping round out the infrastructure-as-code story. For teams running multi-cluster or multi-cloud setups, this is a significant operational upgrade.
WAFplanet take
HAProxy has been quietly building out its security stack for years. Fusion 2.0 is the moment it stops being "a load balancer that also does WAF" and starts competing directly with integrated WAAP platforms from Cloudflare, F5, and Imperva.
The visual Threat-Response Matrix is smart positioning. Most WAF products require deep expertise to configure properly. Lowering that barrier while keeping the underlying HAProxy performance is a strong combination. The Kubernetes-native deployment also matters: organizations running service meshes and Kubernetes ingress already trust HAProxy in that role. Adding WAF and bot management at the same layer reduces architectural complexity compared to bolting on a separate open-appsec or Coraza sidecar.
Worth watching how this stacks up against Kong Gateway and NGINX App Protect, which are targeting the same Kubernetes-native security space.
