This tech doc addresses the said question. The question raises up before network admin implement policies for WAF(Web Application Firewalls), like Radware brand Cloud WAF, for service management applications.

Release : 17.x

Component : SDM - Tomcat

Service Management is not certified for WAF(Web Application Firewalls), though it could work with proper policy settings in WAF. This means Broadcom does not test and does not document any specific policy settings. This also means QA or test environment should be tested first with WAF if a site wants to implement WAF in production.