Forum Discussion

Blue_whale's avatar
Blue_whale
Icon for Cirrocumulus rankCirrocumulus
Sep 19, 2024

What is the use of epsec-package file in APM ?

Hello Team , 

What is the use of epsec-package file in APM ?

How EPSEC works in APM ?

 


apm epsec epsec-package epsec-1.0.0-1622.0.iso {
    create-time 2024-09-19:12:50:37
    last-update-time 2024-03-21:11:07:38
    mode 33188
    oesis-version 4.3.3969.0
    revision 1
    size 301641728
    system-package true
    updated-by root
    version 1.0.0-1622.0
}

  • F5 client side controls rely on software developed by a 3rd party provider called OPSWAT (you can look for their website), and the EPSEC package is their software included with APM. 

    You rarely need to interact directly with these settings. F5 APM, if the client side agent is added to the VPE, will manage the interaction between epsec and user's machine on your behalf

  • it's plugin/addons to allow apm client software to read antivirus signature status, windows update status, ad domain membership etc.,
    so those parameters can be used in apm filters, e.g. prevent clients with non up to date av signatures to establish vpn session.

  • Hi Blue_Whale,

     

    EPSEC packages are used to support APM AV(Anti-Virus) features for Endpoint clients and their installed AV related policy checks.

    The BIG-IP APM Endpoint Security client-side checks use software libraries from a software development kit (SDK) created by OPSWAT, Inc. OPSWAT periodically issues new versions of the SDK libraries to support new security products and resolve bugs in the software. F5 distributes these updates in the form of an Endpoint Security (EPSEC) update ISO image file, such as epsec-1.0.0-]1000.0.iso

     

    EPSEC files (EndPoint Security) are files used by APM to understand supported endpoint vendors for things like AV(Anti-Virus)  and firewall checking on the client. They are periodically updated so APM can support the newer updates to these products e.g. when a new version of McAfee or Sophos comes out.

    If you have a APM policies that require to check the Antivirus stuff then this package/packages are required to keep installed, else not.

    So analyze if the EPSEC files are in active use or they are just installed and not in Active use.

    Please be informed having EPSEC files can cause to have a UCS file that may go over 1GB for a single F5 . I have face many time similar issues, and observed we do not have APM module provisioned and in that case we go for removal/deleting the files for EPSEC without casing and negative impact.

    In many cases to keep the UCS file to less than 100 MB you may need to follow the process of deleting EPSEC images that are no longer needed. This process helps to free up disk space on the system. The BIG-IP system also includes EPSEC images in the user configuration set (UCS) archives, so deleting EPSEC images will reduce the size of UCS files as well.

     

    Please remember that Deleting OPSWAT/Epsec packages from GUI does not delete files from disk causing UCS packages to bloat, so always use a CLI option or use a WINSCP Software to access the EPSEC files location to delete them in case if they are not used/refer in APM policies actively, else they may cause a negative impact.

    Let me know for more discussions.

    Please mark it as solution in case if you feel your query has been responded and saved your time and giving pointers toward resolving your issue, as it will help other to use your query scenario to solve their similar issue.

    Best Regards,

    F5 Design Engineer