This section outlines some general hardening guidance to consider:

  • It is strongly recommended that you ensure that you are running at least the latest Long Term Support Feature (LTSF) firmware (7.2.54.x), which has the latest security fixes and updates. Refer to the following knowledge base article for help with selecting a release: Guidance for Selecting LoadMaster Releases.

  • Always ensure that you are running the Long Term Support (LTS) firmware which has the latest security fixes and updates.

  • Sign up to receive security alerts and announcements from the Progress Alert & Notifications Service.

  • Under System Configuration > Miscellaneous Options > Network Options in the LoadMaster User Interface (UI) menu, ensure that Enforce Strict IP Routing is enabled. When set, the LoadMaster only accepts IP frames from a host over the interface where the routing algorithm would route frames to the host (strict source route validation).

  • Under System Configuration > Miscellaneous Options > Network Options, ensure that Enable TCP Timestamps is disabled.

  • Under System Configuration > Miscellaneous Options > L7 Configuration, ensure that Allow Empty POSTs is disabled.

  • Under System Configuration > Miscellaneous Options > L7 Configuration, ensure that Allow Empty HTTP Headers is disabled.

  • When performing re-encrypt Virtual Services, it is recommended to enable Force Real Server Certificate Checking under System Configuration > Miscellaneous Options > Network Options. This option forces the LoadMaster to verify that the certificate (including the intermediate certificate) on the Real Server is valid, that is, the certificate authority and expiration are OK.