Forum Discussion
jckstn73_322934
Nimbostratus
NimbostratusHow does the URL database download work?
We are implementing URL filtering on the Big-IP (12.1.2) using APM/SWG and want to run URL updates through the management interface.
So far I've gone through the configuration information for AP...
In case anyone wants to know:
What ports do I need to open to allow this traffic through our firewalls?
Port 443/SSL
How is my subscription authorized when making the connection?
The BigIP passes the license ID / subscription ID)
I'm assuming the BigIP does a site validation when connecting to download.websense.com, does anyone have more information about what is going on during this connection?
This is the interesting part. The connection between the BigIP and the websense site is confirmed with the use of SSL pinning. SSL Pinning is a mechanism to ensure that the Big IP host checks the F5/Websense server's certificate against a know copy of that certificate. This check requires an exact match to the one originally supplied on the BigIP. The pinning mechanism guards against processes that inspect SSL traffic by breaking the encryption, thus resisting impersonation by man in the middle efforts. Were you able to successfully decrypt the tunnel, the actual data is compressed and also encrypted.
Lastly, how does the BigIP validate the downloaded db?
There is a PFM module that decrypts, decompresses, validates and imports the updates.
Does anyone know what the updates file extension is?
Chris_Grant
Employee
EmployeeYour best option to get answers to these questions is to talk to your account team. Be aware that there may well be Non-disclosure agreements involved. This information is not available publicly on our website.