The Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS), are being widely adopted by organizations to secure IP communications. While SSL/TLS provides data privacy and secure communications, it also creates challenges to inspection devices in the security stack. What if attackers are hiding malware inside the encrypted traffic?
An integrated F5 and OPSWAT MetaDefender solution solves the SSL/TLS challenges. F5 BIG-IP SSL Orchestrator centralizes SSL/TLS inspection. The decrypted traffic is then inspected by one or more OPSWAT MetaDefender ICAP Servers, which can prevent previously hidden threats and block zero-day exploits. This solution eliminates the blind spots introduced by SSL/TLS.
This article assumes you have SSL Orchestrator configured with a Topology and Service Chain.
A video demo of this integration is available HERE
OPSWAT MetaDefender Configuration
Install and configure:
OPSWAT MetaDefender Core
OPSWAT MetaDefender ICAP Server
Refer to OPSWAT Product Documentation for detailed instructions:
When done your Dashboard should look something like this:
BIG-IP SSL Orchestrator Configuration
An OPSWAT MetaDefender ICAP Server is configured as an ICAP Server Service in BIG-IP SSL Orchestrator. BIG-IP SSL Orchestrator steers the decrypted web traffic through the OPSWAT ICAP Server(s), which are part of one or more Service Chains.
Create the OPSWAT MetaDefender Service
Under Services, click Add Service.
In the service catalog, double click OPSWAT MetaDefender ICAP service. (If the version of BIG-IP SSL Orchestrator you’re using doesn’t have this option, then use the generic ICAP service.) This option is available from the ICAP tab in newer versions.
Give it a name, OPSWAT in this example. Under ICAP Devices click Add.
Enter the IP address of the MetaData ICAP Server, 10.1.60.4 in this example. Click Done.
Specify the URI Path for Request and Response Modification. Click Save and Next at the bottom.
From the Services Chain List select the Chain you want to add OPSWAT to, Services_Chain in this example.
Move OPSWAT to the Selected field
Click Save when done
Deploy when done
Testing the Configuration
To check that you configuration is working as expected try to download an eicar testfile over HTTPS here. If everything was setup properly you should see a blocking page similar to this:
This completes configuration of BIG-IP SSL Orchestrator with OPSWAT MetaDefender. At this point traffic that flows through SSL orchestrator will be decrypted and sent to the OPSWAT ICAP Service and inspected for malicious payloads.