I am trying a few things with my home UTM and the WAF feature. Although I manage over 35 devices from our customers, only one UTM has WAF enabled and that's only for the active sync/OWA connection - at least that works fine!
Now I was trying to eliminate the NAT rules on my home UTM to enable access through the WAF. My way was staying in the WAF log and writing down all errors and warnings and have them excluded from my WAF firewall profile for that host. But is that approach after all a good way or asking the other way round: how safe is a WAF configuration with dozens of exceptions really?
The IDs I excluded are:
981001
981204
981173
981176
981243
981245
981246
960024
981240
960010
981247
981318
981257
973347
The synology NAS webinterface was working with less IDs excepted but the WAF still logged them in background.
My firewall profile looks like this:
Hardening & Signing is completely de-selected because I wasn't able to get it running with any of that activated... Common Threats is completely enabled.
This thread was automatically locked due to age.
