Check: AADC-AG-000143
A10 Networks ADC ALG STIG:
AADC-AG-000143
(in versions v2 r1 through v1 r1)
Title
The A10 Networks ADC, when used for load balancing web servers, must deploy the WAF in active mode. (Cat II impact)
Discussion
The Web Application Firewall (WAF) supports three operational modes - Learning, Passive, and Active. Active is the standard operational mode and must be used in order to drop or sanitize traffic. Learning mode is used in lab environments to initially set thresholds for certain WAF checks and should not be used in production networks. Passive mode applies enabled WAF checks, but no action is taken upon matching traffic. This mode is useful in identifying false positives for filtering. Only Active mode filters web traffic.
Check Content
Review the device configuration. The following command displays the configuration and filters the output on the WAF template section: show run | sec slb template waf If the output contains either "deploy-mode passive" or "deploy-mode learning", this is a finding. Note: Since deploy-mode active is the default value, it will not appear in the output.
Fix Text
The following command sets the deployment mode of the WAF template: slb template waf [template name] deploy-mode active
Additional Identifiers
Rule ID: SV-237060r639627_rule
Vulnerability ID: V-237060
Group Title: SRG-NET-000512-ALG-000062
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |