This tech doc addresses the said question. The question raises up before network admin implement policies for WAF(Web Application Firewalls), like Radware brand Cloud WAF, for service management applications.
Release : 14.1, 17.1, 17.2, 17.3
Component : SDM - Tomcat
Service Management is not certified for WAF(Web Application Firewalls), though it could work with proper policy settings in WAF. This means Broadcom does not test and does not document any specific policy settings. This also means QA or test environment should be tested first with WAF if a site would like to implement WAF in production. If you believe this is a good feature in the future releases please submit an idea on community web site