Kernel Page Table Isolation

By default, Traffic Manager appliance variants are protected against the “Meltdown” attack, CVE-2017-5754, by the Kernel Page Table Isolation (KPTI) feature. KPTI provides protection to prevent unprivileged software from being potentially able to read arbitrary memory from the kernel; however, this protection incurs a general system performance penalty.

To avoid introducing a potential security risk to your Traffic Manager infrastructure, Ivanti strongly recommends that you leave KPTI enabled. However, if you are running only trusted software and the trade-off between performance at the cost of defense in depth is acceptable, disable KPTI on your appliance.

To disable KPTI, click System > Traffic Managers, unfold “Advanced Settings”, and set appliance!disable_kpti to “Yes”. Click Update to apply your change.