A10 WAF fine-tuning

ins007ins007 Member
edited September 20 in CFW - Convergent Firewall
Hi,

Is there any whitepapers, recommendation or detailed guide for A10 WAF fine-tuning?

From my current knowledge...compared with F5 ASM, there's no case id for each blocking

Also there's no easy/quick wizard for common webapp specs deployment (Language, OS, Database type etc)


So how you guys do about it? Turn all feature then check each blocked action while in passive mode?

Comments

  • pinla11pinla11 Member
    edited August 2018
    Hello,

    I have the same problem...did you found a solution?

    Thanks in advance,

    Laura
  • hkohn72hkohn72 Member
    edited August 2018
    Hello ins007 and pinla11,

    a white-paper to optimize it is not existing until now.
    If you want to we can do a workshop for this topic.

    To make it clear in front the A10 ACOS has no database to store every bad request. We are logging this in a single syslog server externaly.

    Out of this syslog messages you see exactly in what topic and why this special request is blocked or will be blocked.
    I do it on a linux syslog host and filter with different commands like uniq, sort and so. In this way it took me far less time to optimize the WAF from A10 then i did the optimization at the F5 boxes.

    Let me know if i can support you on this topic.


    CU hkohn!
  • ins007ins007 Member
    edited December 2018
    Hi @hkohn

    I've checked around, even FortiWeb has case/incident id

    I still believe still should be a de-facto standard, very difficult to fine-tune environment which has no dedicated syslog


    The blocked user (end-user/website user) can't keep track since there's no reference number....it's not user 'friendly as per say...
Sign In or Register to comment.