Forum Discussion

raghav_rao_2526's avatar
raghav_rao_2526
Icon for Nimbostratus rankNimbostratus
May 17, 2016

Best practice value to have

Hi Folks!

 

We want to enforce session timeout and acceptable intensity rate in our WAF for couple of applications. Kindly let us know what are the best practice value which needs to be set for "Session timeout" & "Acceptable intensity rate". The application in question are Banking Applications.

 

Kindly let me know what are your thoughts on this.

 

Cheers, Rao

 

ASM Advanced WAF
security

6 Replies

Sort By
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Icon for Nacreous rankNacreous
    May 17, 2016

    "Session idle timeout" - 15 mins is common for internet banking front-ends.

     

    "Acceptable intensity rate" - I'm not sure what it is. Are you talking about ASM/L7 DOS protection profile configuration? Where did you find this 'acceptable intensity rate' setting?

     

    • raghav_rao_2526's avatar
      raghav_rao_2526
      Icon for Nimbostratus rankNimbostratus
      May 18, 2016
      Hi Hannes, Yes, the intensity rate is for L7-DOS. I'm new to F5, I remember having this setting in Barracuda, hence I thought it will in F5 as well but with a different name. Cheers, Rao
    • Hannes_Rapp_162's avatar
      Hannes_Rapp_162
      Icon for Nacreous rankNacreous
      May 18, 2016
      In F5 there are L7 DOS protection thresholds. I'd recommend working with the defaults at start. You can set the profile to Transparent operation mode initially so that you can evaluate if you need to fine-tune the settings at all. I do not know your environment but most likely, anything below 300% is going to be too low, anything above 600% too high.
  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    May 17, 2016

    "Session idle timeout" - 15 mins is common for internet banking front-ends.

     

    "Acceptable intensity rate" - I'm not sure what it is. Are you talking about ASM/L7 DOS protection profile configuration? Where did you find this 'acceptable intensity rate' setting?

     

    • raghav_rao_2526's avatar
      raghav_rao_2526
      Icon for Nimbostratus rankNimbostratus
      May 18, 2016
      Hi Hannes, Yes, the intensity rate is for L7-DOS. I'm new to F5, I remember having this setting in Barracuda, hence I thought it will in F5 as well but with a different name. Cheers, Rao
    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus
      May 18, 2016
      In F5 there are L7 DOS protection thresholds. I'd recommend working with the defaults at start. You can set the profile to Transparent operation mode initially so that you can evaluate if you need to fine-tune the settings at all. I do not know your environment but most likely, anything below 300% is going to be too low, anything above 600% too high.