DESCRIPTION

To disallow a response code, configuration is done in "app fw" object.

In logs, the message "Disallowed Response Code" is seen in an event type "Service Policy" in the UI or "sec_event_type": "svc_policy_sec_event" in JSON log (see attached log file).

Could we be consistent?

For example set this event type as WAF?

IMPACT

After viewing the log, the admin user look in Service Policies to resolve the issue and then open a case because it didn't find it.