Forum Discussion

emarmonti's avatar
emarmonti
Copper Contributor
Jun 24, 2021

Disabling TCP Timestamps on application gateways

Hello,

 

We use Application Gatways for a number of apps.  Our 3rd party vulnerability scanner discovered the AGW exposes the uptime of the system.  Is there a way to disable this on the AGW?  I found this post in UserVoice from 2017 where someone asked for the same option: https://feedback.azure.com/forums/217313-networking/suggestions/32683267-need-a-function-to-disable-the-timestamp-in-tcp-op.

 

If it's not possible, it's not possible.  I haven't found documentation on it, so my guess is there's currently no way to disable it.  I get this is low risk, I just need to do a little more digging until I write this one off as a known issue / accepted risk.

 

 

Thank you

1 Reply

  • As of now, Azure Application Gateway does not provide a configurable option to disable TCP timestamps. This includes both Standard and WAF SKUs. The TCP stack used by the underlying infrastructure is managed by Azure and does not expose granular control over TCP options like timestamps.

     

    In this case, would suggest to consider placing a reverse proxy or firewall in front of the Application Gateway that allows TCP stack customization.

     

     

Resources