Home >Documents >Security Tutorial v3.1.1 > 2. Operation > 2.4. Managed WAF Version2 >2.4.7. Server Policy settings

2.4.7. Server Policy settings

By combining a virtual server and a real server, you can create necessary settings for connections such as protection profile and server certificate.

For object name setting, please refer to Suggestions for object name creation.

2.4.7.1. Default value

In the default settings, the WAF feature's server policy is not created.

With the object, policy and profile that have been prepared in advance, please create and configure a relevant one for your environment.

2.4.7.2. Server policy setting items

The following items are required for server policy settings.

Item	Value	Description
Name	(half-width alphanumeric)	Enter the policy name. 2-byte character such as Japanese and symbols shown below are not accepted. < > ( ) # ' " or space/blank
Virtual Server	(select from the list)	Select a relevant one from Virtual Server options, which you have prepared in advance. Policy using the same combination of a Virtual Server and Service cannot be created more than one.
Real Server	(select from the list)	Select a relevant one from Real Server options, which you have prepared in advance.
HTTP Service	(select from the list)	Select Predefined Service or a relevant Non-SSL/TLS service from Service options, which you have prepared in advance.
HTTPS Service	(select from the list)	Select Predefined Service or a relevant SSL/TLS service from Service options, which you have prepared in advance.
Protection Profile	(select from the list)	Select a relevant one from Protection Profile options, which you have prepared in advance.
Certificate	(select from the list)	When HTTPS Service is selected, this will appear. Select a relevant one from Certificate options, which you have prepared in advance.
Intermediate CA Group	(select from the list)	When HTTPS Service is selected, this will appear. Select a relevant one from Group options, which you have prepared in advance.
SSL/TLS (Version)	☐ or ☑	When HTTPS Service is selected, this will appear. Check the version you want to enable.
SSL/TLS Encryption Level	(select from the list)	When HTTPS Service is selected, this will appear. Select encryption level either Medium or High. As a custom service, Cipher (encryption suite) is also available. For available encryption suites at each level, please refer to Cipher (encryption suite) list .
Redirect HTTP to HTTPS	☐ or ☑	When HTTPS Service is selected, this will appear. If checking the box when both of HTTP Service and HTTP Service are selected, redirect from HTTP to HTTPS becomes valid.
Monitor Mode	☐ or ☑	By checking, Monitor Mode will be on. Monitor Mode will only detect, no matter what the Protection Profile is set to. The security detection log is a specification that outputs the same log as when Monitor Mode is disabled. When enabled, if a value other than detection (action = Alert) is output, the content of action is not executed.
Comments	(half-width alphanumeric)	Enter comments if necessary. 2-byte character such as Japanese are not accepted.

Important

• When you add a server policy, please make sure to select either HTTP Service or HTTPS Service or both of them and select Protection Profile.

• The number of HTTP Services (Non-SSL/TLS) and HTTPS Services (SSL/TLS) that you can select for a server policy is one each. Any settings using the same service more than one such as a combination of Non-SSL/TLS No.80 and Non-SSL/TLS No.8080 is not available.

• Policy using the same combination of a Virtual Server and Service cannot be created more than one. If you try saving the setting, an error would occur.

• Monitor Mode will only detect, no matter what the Protection Profile is set to. In addition, when enabled, the same security detection log as when disabled is output, so values other than detection (action = Alert) are also output, but the content of action is not actually executed. ..

• Only one SSL server certificate can be selected on one server policy. You can not select more than one server certificate.

2.4.7.3. Adding Server Policy

1. Click Server Policy from the left side of the screen.

   Policy ‣ Server Policy

   Click [ Add ] from the Server Policy section shown at the right-side of the screen.

   

2. Enter the setting value and click [ Save ].

   For the details of the setting items, please refer to Server policy setting items .

   

3. Click [ Apply configuration ] to apply the settings to your device.

   

2.4.7.4. Server Policy Change (Edit / Duplicate / Remove)

1. Click Server Policy from the left side of the screen.

   Policy ‣ Server Policy

   Select an edit target line at the section of Server Policy shown at the right-side of the screen, and click the relevant action button.

   

   
   

   The table below shows descriptions of each button used at Server Policy .

   Button	Description
   Edit	This button allows you to edit the Server Policy value which have already set.
   Duplicate	This button allows you to copy the existing Server Policy and open the object setting screen which contains the same values. It will be useful to define another Server Policy with similar values. Name must be changed.
   Remove	This button allows you to delete a Server Policy .

   
   

   For deleting an item, a confirmation message will be shown. Click [ OK ] to delete.

   

2. Click [ Apply configuration ] to apply the settings to your device.

   

---

2.4.6.5. Web Protection Profile settings

2.4.8. Ping request response settings