Troubleshooting
- Last Updated: August 5, 2025
- 1 minute read
- MOVEit WAF
- Documentation
Refer to the following section below for some information relating to WAF troubleshooting.
WAF Logging
All events are logged but there may be a delay in them being available for Administrator viewing. For further information on the WAF logging options, refer to the WAF Event Log and Enable WAF Debug Logging sections.
WAF Compatibility with Kerberos Constrained Delegation (KCD)
You cannot enable both WAF and KCD at the same Virtual Service level. For example:
-
If WAF is enabled in the parent Virtual Service, you cannot enable KCD as the Server Authentication Mode in the parent Virtual Service
-
If KCD is enabled in the parent Virtual Service, you cannot enable WAF
However, you can enable the Edge Security Pack (ESP)/KCD in the SubVS and then enable WAF in the parent Virtual Service.
The following combination is not supported: WAF with ESP Client Certificate authentication and KCD.
Unable to Download/Update Daily Updates
We recommend adding the Progress Licensing Server URLs as allowed URLs on your firewall to ensure all licensing features work, including the downloading and updating of WAF daily updates.
The URL to allow is licensing.kemp.ax.