STIGQter: STIG Summary: A10 Networks ADC ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The A10 Networks ADC, when used for load balancing web servers, must deploy the WAF in active mode.

DISA Rule

SV-237060r639627_rule

Vulnerability Number

V-237060

Group Title

SRG-NET-000512-ALG-000062

Rule Version

AADC-AG-000143

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

The following command sets the deployment mode of the WAF template:
slb template waf [template name]
deploy-mode active

Check Contents

Review the device configuration.

The following command displays the configuration and filters the output on the WAF template section:
show run | sec slb template waf

If the output contains either "deploy-mode passive" or "deploy-mode learning", this is a finding.

Note: Since deploy-mode active is the default value, it will not appear in the output.

Vulnerability Number

V-237060

Documentable

False

Rule Version

AADC-AG-000143

Severity Override Guidance

Review the device configuration.

The following command displays the configuration and filters the output on the WAF template section:
show run | sec slb template waf

If the output contains either "deploy-mode passive" or "deploy-mode learning", this is a finding.

Note: Since deploy-mode active is the default value, it will not appear in the output.

Check Content Reference

M

Target Key

5285

Comments