STIGQter: STIG Summary: A10 Networks ADC ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The A10 Networks ADC, when used to load balance web applications, must enable external logging for accessing Web Application Firewall data event messages.

DISA Rule

SV-237033r639546_rule

Vulnerability Number

V-237033

Group Title

SRG-NET-000077-ALG-000046

Rule Version

AADC-AG-000023

Severity

CAT III

CCI(s)

• CCI-000133 - The information system generates audit records containing information that establishes the source of the event.

Weight

10

Fix Recommendation

If the device is used to load balance web servers, configure external logging for WAF data event messages.

Create a server configuration for each log server.
The following command adds a server:
slb server [server-name] [ipaddr]

The following command specifies the TCP or UDP port number on which the server will listen for log traffic:
port [port-num] [tcp | udp]

If multiple log servers are used, add the log servers to a service group. Use the round-robin load-balancing method, which is the default method.

The following command creates the service group:
slb service-group [group-name] [tcp | udp]

The following command adds each log server and its TCP or UDP port to the service group:
member [server-name:portnum]

The following command creates a logging template:
slb template logging [template-name]

The following command adds the service group containing the log servers to the logging template:
service-group [group-name]

The following commands bind the logging template to the WAF template:
slb template waf [template-name]
template logging [template-name]

Check Contents

If the device is not used to load balance web servers, this is not applicable.

Review the device configuration and ask the device Administrator which templates are used.

If no SLB instance for the log server(s) is configured, this is a finding.

If there is no service group with assigned members for the log servers or the service group is not included in the logging template, this is a finding.

If no logging template is configured and bound to the WAF template, this is a finding.

Vulnerability Number

V-237033

Documentable

False

Rule Version

AADC-AG-000023

Severity Override Guidance

If the device is not used to load balance web servers, this is not applicable.

Review the device configuration and ask the device Administrator which templates are used.

If no SLB instance for the log server(s) is configured, this is a finding.

If there is no service group with assigned members for the log servers or the service group is not included in the logging template, this is a finding.

If no logging template is configured and bound to the WAF template, this is a finding.

Check Content Reference

M

Target Key

5285

Comments