F5 integration

The F5 Application Security Manager (ASM) is a component of F5’s broader Application Delivery Controller (ADC) platform that specializes in providing advanced security features for web applications. ASM functions as a Web Application Firewall (WAF) and offers a range of capabilities to protect web applications from various attacks and vulnerabilities. ASM protects against common threats and employs a positive security model. It also does behavioral profiling along with SSL/TLS inspection.

Traceable’s integration with F5’s ASMI supports the following two types of rules:

• IP range rules

• Threat actor

The following is a high-level integration diagram:

Make a note of the following points regarding threat actor and IP range blocking:

• Threat actor - Any status change of the threat actor on the Traceable Platform is propagated to F5. For example, if Traceable detects a threat actor and changes it to a deny state, then the requests from this threat actor can be blocked using F5. Moreover, if you make any changes, for example, adding a threat actor to allowlist or resolving the status, then such changes are reflected in F5 in a few minutes.

• IP-range blocking - If you configure any custom rules to enforce blocking or allow action to be executed through F5.

Traceable recommends reviewing allow list conditions before creating IP-range rules. For more information, see IP address allowlist.

Configuration

Traceable requires a pre-configured F5 security policy to complete the integration with F5. If you do not have a pre-configured policy, complete the following steps to create a security policy in F5.

Note

Make sure that you have configured only HTTPS F5 server URL. A HTTP URL is not supported.

1. Navigate to Security → Application security → Security policies. Click on the + icon to create a new policy.

   

2. Provide the required information to configure the policy.

   

Configuration in Traceable

After you have created a security policy in F5, you need to complete a few configurations in Traceable Platform to integrate with F5. Complete the following steps:

1. Navigate to Integrations → WAF → F5 and click on Configure.

   

2. Configure the following:

   1. Integration name — Give a meaningful name to the integration.

   2. Description — Describe the integration. This is an optional field.

   3. Environments — Select the environment for which you wish to configure the integration. You can configure the integration for all environments or specific environments.

   4. F5 server URL — Provide your F5 server URL to log in.

   5. F5 security policy name — Provide the exact security policy name you have in F5. Traceable adds its rules to this security policy.

   6. F5 login credentials — Provide the username and password to log in to your F5 account.

Click on Test Connection to validate the connection between Traceable and F5. Only if the connection is successful is the Save button enabled.

Note

Make a note of the following:

• If any Traceable rule contains more than one IP address, then multiple rules are created in F5 security policy.

• If in Traceable IP range is given in CIDR format with network mask, then in F5 it is separated into IP address and network mask.

• Make sure that that Trust XFF header is enabled when you create a security policy in F5. This is required for x-forwarded-for request header.

• When you delete the integration configuration in Traceable, the security policy is also deleted in F5.

• At present, F5 does not support IP range rules with condition BLOCK_ALL_EXCEPT.

Verification

To verify a successful integration, send traffic through F5 and, after a while, verify in F5 by navigating to the Application security → IP addresses → IP address exception. You would see the rules for a specific policy. Make sure to choose the security policy from the drop-down list that you have configured in Traceable.