Implementing SSL Orchestrator with OPSWAT MetaDefender

Introduction

The Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS), are being widely adopted by organizations to secure IP communications. While SSL/TLS provides data privacy and secure communications, it also creates challenges to inspection devices in the security stack. What if attackers are hiding malware inside the encrypted traffic?

An integrated F5 and OPSWAT MetaDefender solution solves the SSL/TLS challenges. F5 BIG-IP SSL Orchestrator centralizes SSL/TLS inspection. The decrypted traffic is then inspected by one or more OPSWAT MetaDefender ICAP Servers, which can prevent previously hidden threats and block zero-day exploits. This solution eliminates the blind spots introduced by SSL/TLS.

This article assumes you have SSL Orchestrator configured with a Topology and Service Chain.

A video demo of this integration is available HERE

OPSWAT MetaDefender Configuration

Install and configure:

OPSWAT MetaDefender Core

OPSWAT MetaDefender ICAP Server

Refer to OPSWAT Product Documentation for detailed instructions:

OPSWAT MetaDefender Core

OPSWAT MetaDefender ICAP Server

When done your Dashboard should look something like this:

BIG-IP SSL Orchestrator Configuration

An OPSWAT MetaDefender ICAP Server is configured as an ICAP Server Service in BIG-IP SSL Orchestrator. BIG-IP SSL Orchestrator steers the decrypted web traffic through the OPSWAT ICAP Server(s), which are part of one or more Service Chains.

Create the OPSWAT MetaDefender Service

Under Services, click Add Service.

In the service catalog, double click OPSWAT MetaDefender ICAP service. (If the version of BIG-IP SSL Orchestrator you’re using doesn’t have this option, then use the generic ICAP service.) This option is available from the ICAP tab in newer versions. 

Give it a name, OPSWAT in this example.  Under ICAP Devices click Add.

Enter the IP address of the MetaData ICAP Server, 10.1.60.4 in this example. Click Done.

Specify the URI Path for Request and Response Modification.  Click Save and Next at the bottom.

From the Services Chain List select the Chain you want to add OPSWAT to, Services_Chain in this example.

Move OPSWAT to the Selected field

Click Save when done

Deploy when done

Testing the Configuration

To check that you configuration is working as expected try to download an eicar testfile over HTTPS here. If everything was setup properly you should see a blocking page similar to this:

Conclusion

This completes configuration of BIG-IP SSL Orchestrator with OPSWAT MetaDefender. At this point traffic that flows through SSL orchestrator will be decrypted and sent to the OPSWAT ICAP Service and inspected for malicious payloads.