Login
- Table of Contents
-
- H3C SecPath Security Products FAQ(V7)-6W101
- 00-Preface
- 01-AFT FAQ
- 02-Anti-virus FAQ
- 03-Application audit and management FAQ
- 04-APR FAQ
- 05-ASPF FAQ
- 06-Attack detection and prevention FAQ
- 07-Bandwidth management FAQ
- 08-Data analysis center FAQ
- 09-Data filtering FAQ
- 10-Device forwarding FAQ
- 11-DPI FAQ
- 12-FAQ on Intranet security comprehensive scoring (Security overview)
- 13-File filtering FAQ
- 14-IPsec FAQ
- 15-IPS FAQ
- 16-IRF FAQ
- 17-License management FAQ
- 18-Load balancing FAQ
- 19-Mirroring FAQ
- 20-NAT FAQ
- 21-NetShare control FAQ
- 22-PKI FAQ
- 23-RBM-based hot backup FAQ
- 24-Security zone FAQ
- 25-Security policy FAQ
- 26-SSL decryption FAQ
- 27-SSL VPN FAQ
- 28-System management and maintenance FAQ
- 29-URL filtering FAQ
- 30-User access and authentication FAQ
- 31-WAF FAQ
- 32-Web operations FAQ
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 31-WAF FAQ | 24.52 KB |
WAF FAQ
Q. What’s difference between WAF and IPS?
WAF defends against Web attacks and also protects the device against other abnormal operations including frequent logins. In summary, WAF and IPS functions overlap with each other but also have distinct differences. If both IPS and WAF policies are applied, some attacks might match both.
Q. Why a WAF policy does not match any packets after I apply it to a DPI application profile and use the DPI application profile in a security policy rule or object policy rule?
Possible reasons are as follows:
· The device might not be installed with a license as required. The WAF module requires a license to run on the device.
· The packet matching rules in WAF policies might have not been deployed to the detection engine kernel of the application layer. When the device receives attack packets but no packet matching rules exist, these attack packets cannot be matched.
Q. Why no threat logs are generated when WAF policies are applied and the device are attacked?
At present, WAF does not support viewing the corresponding log messages from the Web interface.
To view WAF log messages:
1. On the System > Log Settings > WAF Log page, select Output WAF logs through fast log output.
2. On the System > Log Settings > Basic Settings > Fast Log Output page, configure log hosts and select WAF logs. Then, you can view WAF log messages on the log hosts.
Q. What the device will do if an attack matches both WAF policy and IPS policy?
If an attack packet matches both WAF policy and IPS policy, log messages are generated on both matches. The device will take the action of the highest priority among the actions for the WAF policy and IPS policy. The actions in descending order of priority are drop > reset > redirect > permit.
