Disallowed Response Code - Service Policy or App Fw policy, need consistency?


To disallow a response code, configuration is done in "app fw" object.

In logs, the message "Disallowed Response Code" is seen in an event type "Service Policy" in the UI or "sec_event_type": "svc_policy_sec_event" in JSON log (see attached log file).

Could we be consistent?

For example set this event type as WAF?


After viewing the log, the admin user look in Service Policies to resolve the issue and then open a case because it didn't find it.

  • Alexis DA COSTA
  • May 16 2023
  • Attach files