Forum Discussion

kohli9harjeev's avatar
kohli9harjeev
Icon for Nimbostratus rankNimbostratus
Nov 25, 2015

Disable TCP Timestamp Response on GTM

In a recent scan report , TCP Timestamp Response vulnerability was found as a risk. We can disable "Extensions for High Performance" in tcp profile but according to another thread https://devcentral.f5.com/questions/how-can-i-disable-tcp_timestamp-response-from-f5 this doesnt work.

 

Can someone help me with disabling ONLY TCP Timestamp Response.

 

Also,suppose,if we disabled this option,will it also affect GTM sync and iquery connections as each BIG-IP GTM system sends the timestamps of its configuration files to all other BIG-IP GTM systems in the sync group by default, as part of the heartbeat message.

 

application delivery
BIG-IP

1 Reply

Sort By
  • Andy_McGrath's avatar
    Andy_McGrath
    Icon for Cumulonimbus rankCumulonimbus
    Nov 25, 2015

    Need to be clear on which part of the F5 is marked as a vulnerability risk, the management or load balanced traffic?

     

    If management then updating any TCP profile will not have any impact and also based on F5 sol8072 changing this behaviour could have an impact on the F5 system, one of which could be iQuery to/from GTM systems. I would personally ensure management access is restricted and isolated from production traffic (always good practise) and accept the vulnerabilty risk from your scan.

     

    If it is impacting load balanced traffic then update the TCP profiles associated with the at risk Virtual Servers to disable "Extensions for High Performance" option. This will not have any impact on BIP-IP to BIG-IP connection such as iQuery to/from GTM and only affect load balanced traffic for Virtual Servers with updated TCP profiles.