Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Best practiecs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Best practiecs

L4 Transporter

Is anyone using these recommended settings?

 

set deviceconfig setting tcp urgent-data clear

set deviceconfig setting tcp drop-zero-flag yes

set deviceconfig setting application bypass-exceed-queue no

set deviceconfig setting tcp bypass-exceed-oo-queue no set deviceconfig setting ctd tcp-bypass-exceed-queue no

set deviceconfig setting ctd udp-bypass-exceed-queue no

set deviceconfig setting tcp check-timestamp-option yes

set deviceconfig setting ctd skip-block-http-range no

11 REPLIES 11

Cyber Elite
Cyber Elite

Hello,

Here is what I am running and have not had any issues:

 

 

set deviceconfig setting tcp urgent-data clear

set deviceconfig setting tcp drop-zero-flag yes

set deviceconfig setting application bypass-exceed-queue no

set deviceconfig setting tcp bypass-exceed-oo-queue no

set deviceconfig setting ctd tcp-bypass-exceed-queue no

set deviceconfig setting ctd udp-bypass-exceed-queue no

set deviceconfig setting tcp check-timestamp-option yes

 

Cheers!

 

where are these best practices from? can you link me please?

So what are these setting doing for you? Can you tell anything from the gui or is it all in the command line

Is there a way to check these settings before changing them?

Also is anyone using zone protection to configure some of these setting or Dos protection profile.

As an aside...Back in 2014 I got my SE to provide a document "Monitoring Best Practices."  

 

This document is 72 pages in total and describes in detail all aspects of the box.  Might be worth reaching out to your SE and get this document, or perhaps a newer one if they've updated it.

 

The document is Palo confidential but my company has an NDA with Palo, so you may or may not be able to get this document.

Did he provide you with one for 2016?

No I've never asked for an updated one.

I was reading online and the person made a good comment if these setting are best practices why aren't they set that way by default?

So these weren't set to the best practices by default?  Kinda makes you wonder why

  • 5530 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!