Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-237060 | AADC-AG-000143 | SV-237060r639627_rule | Medium |
Description |
---|
The Web Application Firewall (WAF) supports three operational modes - Learning, Passive, and Active. Active is the standard operational mode and must be used in order to drop or sanitize traffic. Learning mode is used in lab environments to initially set thresholds for certain WAF checks and should not be used in production networks. Passive mode applies enabled WAF checks, but no action is taken upon matching traffic. This mode is useful in identifying false positives for filtering. Only Active mode filters web traffic. |
STIG | Date |
---|---|
A10 Networks ADC ALG Security Technical Implementation Guide | 2021-03-25 |
Check Text ( C-40279r639625_chk ) |
---|
Review the device configuration. The following command displays the configuration and filters the output on the WAF template section: show run | sec slb template waf If the output contains either "deploy-mode passive" or "deploy-mode learning", this is a finding. Note: Since deploy-mode active is the default value, it will not appear in the output. |
Fix Text (F-40242r639626_fix) |
---|
The following command sets the deployment mode of the WAF template: slb template waf [template name] deploy-mode active |