Follow

On-Prem BIG-IP Optional Settings

Possible Recommended Practices for CPE BIG-IPs: 

BIG-IP Response Behavior

By default, the BIG-IP responds to traffic per spec.  However, when AFM detects a DoS attack, it stops responding (good).  There are mechanisms outside of AFM that can be utilized to limit or disable default BIG-IP behavior.  Shown here:

  1. Response messages were larger than the DoS packets themselves...
  2. Configuring the rate at which the BIG-IP system issues TCP RSTs or ICMP unreachable packets (11.x)
    • tmsh modify sys db tm.maxrejectrate value 200

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request