UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The A10 Networks ADC, when used for load balancing web servers, must deploy the WAF in active mode.


Overview

Finding ID Version Rule ID IA Controls Severity
V-237060 AADC-AG-000143 SV-237060r639627_rule Medium
Description
The Web Application Firewall (WAF) supports three operational modes - Learning, Passive, and Active. Active is the standard operational mode and must be used in order to drop or sanitize traffic. Learning mode is used in lab environments to initially set thresholds for certain WAF checks and should not be used in production networks. Passive mode applies enabled WAF checks, but no action is taken upon matching traffic. This mode is useful in identifying false positives for filtering. Only Active mode filters web traffic.
STIG Date
A10 Networks ADC ALG Security Technical Implementation Guide 2021-03-25

Details

Check Text ( C-40279r639625_chk )
Review the device configuration.

The following command displays the configuration and filters the output on the WAF template section:
show run | sec slb template waf

If the output contains either "deploy-mode passive" or "deploy-mode learning", this is a finding.

Note: Since deploy-mode active is the default value, it will not appear in the output.
Fix Text (F-40242r639626_fix)
The following command sets the deployment mode of the WAF template:
slb template waf [template name]
deploy-mode active