SMA100:After upgrading to 10.2.1.7, began receiving nonstop alert emails stating "WAF threat prevented:

Description

After upgrading to 10.2.1.7, began receiving nonstop alert emails stating "WAF threat prevented:

Cause

After upgrading to 10.2.1.7, began receiving nonstop alert emails stating "WAF threat prevented:

Log Snippets

Mar 11 23:26:55 xrXXX SSLXXX: id=sslvpn sn=xxxxxxxxxxx0 time="2023-03-11 23:26:55" vp_time="2023-03-12 05:26:55 UTC" fw=10.2.0.2 pri=2 m=34 c=402 src=xx.xxx.8.20 dst="xx.xx.xx8.104" user="Unknown" usr="Unknown" msg="WAF threat prevented: SQL Injection Attack"


Resolution

WAF Protection is enabled by default to protect only the SMA OS and requires no license. 

However, if you want to protect the offloaded web applications, you will need a WAF license.

Follow the steps to adjust the log level of Alert. 

Image


Related Articles

  • SMA100 End of Support No-Charge Replacement FAQ
    Read More
  • SMA1000: Post upgrade to 12.5.0 on AWS and Azure, we show the error Could not retrieve the DNS settings once we log in to AMC/CMS console
    Read More
  • Firmware version required to upgrade to version 12.5.0.
    Read More

Categories

Secure Mobile Access
SMA 100 Series
Logging
Secure Mobile Access
SMA 100 Series
Vulnerabilities
not finding your answers?
Ask the Community