STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to A10 Networks ADC ALG Security Technical Implementation Guide

V-237060

CAT II (Medium)

The A10 Networks ADC, when used for load balancing web servers, must deploy the WAF in active mode.

Rule ID

SV-237060r639627_rule

STIG

A10 Networks ADC ALG Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000366

Discussion

The Web Application Firewall (WAF) supports three operational modes - Learning, Passive, and Active. Active is the standard operational mode and must be used in order to drop or sanitize traffic. Learning mode is used in lab environments to initially set thresholds for certain WAF checks and should not be used in production networks. Passive mode applies enabled WAF checks, but no action is taken upon matching traffic. This mode is useful in identifying false positives for filtering. Only Active mode filters web traffic.

Check Content

Review the device configuration.

The following command displays the configuration and filters the output on the WAF template section:
show run | sec slb template waf

If the output contains either "deploy-mode passive" or "deploy-mode learning", this is a finding.

Note: Since deploy-mode active is the default value, it will not appear in the output.

Fix Text

The following command sets the deployment mode of the WAF template:
slb template waf [template name]
deploy-mode active