Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-24-2016 02:04 PM
Is anyone using these recommended settings?
set deviceconfig setting tcp urgent-data clear
set deviceconfig setting tcp drop-zero-flag yes
set deviceconfig setting application bypass-exceed-queue no
set deviceconfig setting tcp bypass-exceed-oo-queue no set deviceconfig setting ctd tcp-bypass-exceed-queue no
set deviceconfig setting ctd udp-bypass-exceed-queue no
set deviceconfig setting tcp check-timestamp-option yes
set deviceconfig setting ctd skip-block-http-range no
03-25-2016 07:04 AM
Hello,
Here is what I am running and have not had any issues:
set deviceconfig setting tcp urgent-data clear
set deviceconfig setting tcp drop-zero-flag yes
set deviceconfig setting application bypass-exceed-queue no
set deviceconfig setting tcp bypass-exceed-oo-queue no
set deviceconfig setting ctd tcp-bypass-exceed-queue no
set deviceconfig setting ctd udp-bypass-exceed-queue no
set deviceconfig setting tcp check-timestamp-option yes
Cheers!
03-25-2016 09:25 AM
where are these best practices from? can you link me please?
03-25-2016 03:52 PM
03-28-2016 05:55 AM
So what are these setting doing for you? Can you tell anything from the gui or is it all in the command line
03-28-2016 06:21 AM
Is there a way to check these settings before changing them?
03-28-2016 06:31 AM
Also is anyone using zone protection to configure some of these setting or Dos protection profile.
03-28-2016 10:29 AM - edited 03-28-2016 10:31 AM
As an aside...Back in 2014 I got my SE to provide a document "Monitoring Best Practices."
This document is 72 pages in total and describes in detail all aspects of the box. Might be worth reaching out to your SE and get this document, or perhaps a newer one if they've updated it.
The document is Palo confidential but my company has an NDA with Palo, so you may or may not be able to get this document.
03-28-2016 11:01 AM
Did he provide you with one for 2016?
03-28-2016 11:36 AM
No I've never asked for an updated one.
04-07-2016 11:24 AM
I was reading online and the person made a good comment if these setting are best practices why aren't they set that way by default?
04-07-2016 12:47 PM
So these weren't set to the best practices by default? Kinda makes you wonder why
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
