How does the URL database download work?
We are implementing URL filtering on the Big-IP (12.1.2) using APM/SWG and want to run URL updates through the management interface.
So far I've gone through the configuration information for APM/SWG and am able to implement URL filtering within our lab.
My questions before rolling this out to production and for security are:
What ports do I need to open to allow this traffic through our firewalls How is my subscription authorized when making the connection?
I'm assuming the BigIP does a site validation when connecting to download.websense.com, does anyone have more information about what is going on during this connection?
Lastly, how does the BigIP validate the downloaded db?
Thanks in advance Jack
In case anyone wants to know:
What ports do I need to open to allow this traffic through our firewalls?
Port 443/SSL
How is my subscription authorized when making the connection?
The BigIP passes the license ID / subscription ID)
I'm assuming the BigIP does a site validation when connecting to download.websense.com, does anyone have more information about what is going on during this connection?
This is the interesting part. The connection between the BigIP and the websense site is confirmed with the use of SSL pinning. SSL Pinning is a mechanism to ensure that the Big IP host checks the F5/Websense server's certificate against a know copy of that certificate. This check requires an exact match to the one originally supplied on the BigIP. The pinning mechanism guards against processes that inspect SSL traffic by breaking the encryption, thus resisting impersonation by man in the middle efforts. Were you able to successfully decrypt the tunnel, the actual data is compressed and also encrypted.
Lastly, how does the BigIP validate the downloaded db?
There is a PFM module that decrypts, decompresses, validates and imports the updates.
Does anyone know what the updates file extension is?