A10 Thunder Web Application Firewall (WAF)

When you configure your A10 Thunder WAF to send log data to USM Appliance, you can use the A10 Thunder Series Web Application Firewall plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.

Plugin Information
Device Details
Vendor A10
Device Type Firewall
Connection Type Syslog
Data Source Name A10-thunder-waf
Data Source ID 1872

Integrating A10 Thunder WAF

Before you configure the A10 Thunder WAF integration, you must have the IP Address of the USM Appliance Sensor.

There are four steps to configuring A10 Thunder WAF to send Syslog messages to USM Appliance:

  • Create a server configuration for each log server.
  • Add the log servers to a service group.
  • Configure a logging template.
  • Apply the logging template to the WAF template.

Create a server configuration for each log server

  1. From the A10 Thunder WAF GUI, select Config Mode > SLB > Service > Server.
  2. Click Add.
  3. Enter a name for the server in the Name field ( for example, USM-1 ).
  4. Enter the USM Appliance IP address in the IP Address field.
  5. Select IPv4 as the IP version.
  6. In the Port section, enter 514 and select UDP; then click Add.
  7. Click OK.

Add the log servers to a service group

  1. From the A10 Thunder WAF GUI, select Config Mode > SLB > Service > Service Group.
  2. Click Add.
  3. Enter a name for the service group in the Name field.
  4. Select UDP from the Type drop-down list.
  5. In the Server section, configure the server information:
    • Select IPv4 as the IP version.
    • Select the USM Appliance server from the Server drop-down list.
    • Enter 514 in the UDP port number field.
    • Click Add.

Configure a logging template

  1. From the A10 Thunder WAF GUI, select Config Mode > SLB > Template > Application > Logging.
  2. Click Add.
  3. Enter a name for the template.
  4. Select the service group that contains the USM Appliance log server.
  5. Click OK.

Apply the logging template to the WAF template

  1. From the A10 Thunder WAF GUI, select Config Mode > Security > WAF > Template.
  2. Click on the WAF template name.
  3. Select the logging template from the Logging Template drop-down list.
  4. Click OK.

Note: External logging is activated once you bind the WAF template to a virtual port.

 

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://nettools.net.berkeley.edu/tools/docs/a10/thunder/ACOS_4_1_0/html/waf-guide-Responsive%20HTML5/waf-guide/waf-guide-config-gui/waf-guide-config-gui.htm

For troubleshooting, refer to the vendor documentation:

https://www.a10networks.com/support