Login
- Table of Contents
-
- H3C SecPath Security Products FAQ(V7)-6W100
- 00-Preface
- 01-System management and maintenance FAQ
- 02-Device forwarding FAQ
- 03-License management FAQ
- 04-RBM-based hot backup FAQ
- 05-NAT FAQ
- 06-User access and authentication FAQ
- 07-Attack detection and prevention FAQ
- 08-IPS FAQ
- 09-Anti-virus FAQ
- 10-URL filtering FAQ
- 11-File filtering FAQ
- 12-Bandwidth management FAQ
- 13-SSL VPN FAQ
- 14-IPsec FAQ
- 15-Load balancing FAQ
- 16-Mirroring FAQ
- 17-IRF FAQ
- 18-Security policy FAQ
- 19-Security zone FAQ
- 20-ASPF FAQ
- 21-PKI FAQ
- 22-APR FAQ
- 23-DPI FAQ
- 24-Application audit and management FAQ
- 25-Data filtering FAQ
- 26-Data analysis center FAQ
- 27-WAF FAQ
- 28-AFT FAQ
- 29-SSL decryption FAQ
- 30-NetShare control FAQ
- 31-FAQ on Intranet security comprehensive scoring (Security overview)
- 32-Web operations FAQ
- Related Documents
-
27-WAF FAQ
WAF FAQ
Q. What’s difference between WAF and IPS?
WAF defends against Web attacks and also protects the device against other abnormal operations including frequent logins. In summary, WAF and IPS functions overlap with each other but also have distinct differences. If both IPS and WAF policies are applied, some attacks might match both.
Q. Why a WAF policy does not match any packets after I apply it to a DPI application profile and use the DPI application profile in a security policy rule or object policy rule?
Possible reasons are as follows:
· The device might not be installed with a license as required. The WAF module requires a license to run on the device.
· The packet matching rules in WAF policies might have not been deployed to the detection engine kernel of the application layer. When the device receives attack packets but no packet matching rules exist, these attack packets cannot be matched.
Q. Why no threat logs are generated when WAF policies are applied and the device are attacked?
At present, WAF does not support viewing the corresponding log messages from the Web interface.
To view WAF log messages:
1. On the System > Log Settings > WAF Log page, select Output WAF logs through fast log output.
2. On the System > Log Settings > Basic Settings > Fast Log Output page, configure log hosts and select WAF logs. Then, you can view WAF log messages on the log hosts.
Q. What the device will do if an attack matches both WAF policy and IPS policy?
If an attack packet matches both WAF policy and IPS policy, log messages are generated on both matches. The device will take the action of the highest priority among the actions for the WAF policy and IPS policy. The actions in descending order of priority are drop > reset > redirect > permit.
