Forum Discussion

Nimbostratus

Nov 25, 2015

Disable TCP Timestamp Response on GTM

In a recent scan report , TCP Timestamp Response vulnerability was found as a risk. We can disable "Extensions for High Performance" in tcp profile but according to another thread https://devcentral....

application delivery

BIG-IP

Andy_McGrath

Cumulonimbus

Nov 25, 2015

Need to be clear on which part of the F5 is marked as a vulnerability risk, the management or load balanced traffic?

If management then updating any TCP profile will not have any impact and also based on F5 sol8072 changing this behaviour could have an impact on the F5 system, one of which could be iQuery to/from GTM systems. I would personally ensure management access is restricted and isolated from production traffic (always good practise) and accept the vulnerabilty risk from your scan.

If it is impacting load balanced traffic then update the TCP profiles associated with the at risk Virtual Servers to disable "Extensions for High Performance" option. This will not have any impact on BIP-IP to BIG-IP connection such as iQuery to/from GTM and only affect load balanced traffic for Virtual Servers with updated TCP profiles.

Forum Discussion

Disable TCP Timestamp Response on GTM

Recent Discussions

BWC iRule

GTM Packet Capture command

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

F5 ASM logging profile to specify source IP

Related Content

Certificate Bundle Timestamp Query

Introduction of Incident Response

F5 BIG-IP Logging API timestamp to UTC

custom response page for api

Disable ASM illegal HTTP status response logging