2.2.7. Setting up Server Policy

By combining a virtual server and a real server, you can create necessary settings for connections such as protection profile and server certificate.
For object name setting, please refer to Suggestions for object name creation.

2.2.7.1. Server Policy default value

In the default settings, the WAF feature's server policy is not created.
With the object, policy and profile that have been prepared in advance, please create and configure a relevant one for your environment.

2.2.7.2. Server policy setting items

The following items are required for server policy settings.

Item

Value

Description

Name

(half-width alphanumeric)

Enter the policy name.
2-byte character such as Japanese and symbols shown below are not accepted.
< > ( ) # ' " or space/blank
Virtual Server

( Select from the List )

Select a relevant one from Virtual Server options, which you have prepared in advance.
Policy using the same combination of a Virtual Server and Service cannot be created more than one.
Real Server

( Select from the List )

Select a relevant one from Real Server options, which you have prepared in advance.

HTTP Service

( Select from the List )

Select Predefined Service or a relevant Non-SSL/TLS service from Service options, which you have prepared in advance.

HTTPS Service

( Select from the List )

Select Predefined Service or a relevant SSL/TLS service from Service options, which you have prepared in advance.

Protection Profile

( Select from the List )

Select a relevant one from Protection Profile options, which you have prepared in advance.

Certificate

( Select from the List )

When HTTPS Service is selected, this will appear.
Select a relevant one from Certificate options, which you have prepared in advance.
Intermediate CA Group

( Select from the List )

When HTTPS Service is selected, this will appear.
Select a relevant one from Group options, which you have prepared in advance.
SSL/TLS (Version)

☐ or ☑

When HTTPS Service is selected, this will appear.
Check a version which you want to be valid. SSL 3.0 is deprecated.
SSL/TLS Encryption Level

( Select from the List )

When HTTPS Service is selected, this will appear.
Select encryption level either Medium or High. As a custom service, Cipher (encryption suite) is also available.
For available encryption suites at each level, please refer to Cipher (encryption suite) list .
Redirect HTTP to HTTPS

☐ or ☑

When HTTPS Service is selected, this will appear.
If checking the box when both of HTTP Service and HTTP Service are selected, redirect from HTTP to HTTPS becomes valid.
Monitor Mode

☐ or ☑

By checking, Monitor Mode will be on.
Monitor Mode will make detections only and it won't make blocking whatever the settings of Protection Profile are.
Comments

(half-width alphanumeric)

Enter comments if necessary.
2-byte character such as Japanese are not accepted.

Important

  • When you add a server policy, please make sure to select either HTTP Service or HTTPS Service or both of them and select Protection Profile.

  • The number of HTTP Services (Non-SSL/TLS) and HTTPS Services (SSL/TLS) that you can select for a server policy is one each. Any settings using the same service more than one such as a combination of Non-SSL/TLS No.80 and Non-SSL/TLS No.8080 is not available.

  • Policy using the same combination of a Virtual Server and Service cannot be created more than one. If you try saving the setting, an error would occur.

表示の更新
  • Monitor Mode will make detections only and it won't make blocking whatever the settings of Protection Profile are.


2.2.7.3. Adding Server Policy

  1. Click [ |rp_left_selection| ] from the object screen shown at the left-side of the screen.
    Object ‣ Policy ‣ Server Policy

    Click [ Add ] from the Server Policy section shown at the right-side of the screen.

    Click Add


  1. Enter the setting value and click [ Save ].
    For the details of the setting items, please refer to Server policy setting items .

    Save Object


  1. Click [ Save Change ] to apply the settings to your device.

    Save Config


2.2.7.4. Server Policy modification: (edit/copy/delete)

  1. Click [ |rp_left_selection| ] from the object screen shown at the left-side of the screen.
    Object ‣ Policy ‣ Server Policy

    Select an edit target line at the section of Server Policy shown at the right-side of the screen, and click the relevant action button.

    Click Change


    The table below shows descriptions of each button used at Server Policy .

    Button

    Description

    Edit

    This button allows you to edit the Server Policy value which have already set.

    Copy

    This button allows you to copy the existing Server Policy and open the object setting screen which contains the same values.
    This is useful for you to define the another Server Policy with a same value.
    Name must be changed.

    Delete

    This button allows you to delete a Server Policy .


    For deleting an item, a confirmation message will be shown. Click [ OK ] to delete.

    Confirm Delete Object


  1. Click [ Save Change ] to apply the settings to your device.

    Save Config