The F5 BIG-IP platform is as a gateway to applications deployed in the network, with visibility into all the traffic flowing from the clients to the application services and servers. Capturing data at the F5 BIG-IP platform enables Cequence to gather all the client-server traffic (requests and responses) necessary to discover and detect APIs for compliance and sensitive data exposure, as well as to monitor that traffic for malicious attacks. High Speed Logging (HSL) allows the F5 BIG-IP platform to capture and log data at high volumes to remote log servers at high speeds and with minimal overhead.
You can integrate the Cequence platform with a F5 HSL workflow by using a Cequence Bridge that connects to the Cequence Unified API Protection (UAP) platform. The Cequence Bridge is a high speed service capable of reading the F5 HSL data, transforming the data for consumption by the Cequence UAP platform for analysis, and transferring the required metadata from the HSL data to the Cequence UAP platform.
Cequence supports F5 HSL logging using TCP over TLS connections. A high-level flow diagram of the integration is shown below.
Prerequisites
Before you begin to set up the Cequence integration with F5 BIG-IP, confirm that your environment meets the following prerequisites.
Cequence UAP platform
Confirm that the Cequence UAP platform is installed and working properly before proceeding with the integration with a F5 BIG-IP. On a new install, a member of the Cequence Customer Success team can confirm that the Cequence UAP platform is working properly.
Confirm that you have access to the credentials for a user account on the Cequence UAP platform that has the privileges to create a client token for traffic ingestion using the User Management menu.
Cequence Bridge
Confirm that you have a Cequence Bridge installed in your network and that Cequence Bridge is accessible from BIG-IP. Keep the latency between the Cequence Bridge and the F5 BIG-IP instance as low as possible to take advantage of the near real-time detection capabilities of the Cequence platform.
You can install the Cequence Bridge in Kubernetes using Helm, or as a Docker container directly on the host machine.
Network communication
The Cequence UAP platform and the Cequence Bridge communicate over HTTPS. Confirm that this communication has been enabled.
The F5 BIG-IP and the Cequence Bridge communicate over TCP using TLS. Confirm that the ports required for TCP communications are open.
F5 privileges
Confirm that you have access to the credentials for an account on the F5 BIG-IP twith privileges required to create iRules, Pools and Virtual Servers.
Configuring the F5 BIG-IP instance
Use an iRule that incorporates HSL in conjunction with an existing virtual server to send a copy of the traffic the virtual server receives to the Cequence UAP platform.
The procedure in this section creates a pool for the Cequence Bridge on the F5 BIG-IP instance, enables TLS transport between the F5 BIG-IP and the Cequence Bridge, creates an HSL iRule that uses the Cequence Bridge pool, and attaches the HSL iRule to the appropriate application Virtual Server.
Before you start
Download the F5 iRule. The following procedure uses this iRule during configuration.
- In the F5 BIG-IP console, navigate to Local Traffic > Pools > Pool List.
The Pool List page appears. - Click Create.
- In the Name field of the Configuration section, provide a name for the Pool.
For example, CQ-Bridge-Pool. - In the Health Monitors field, select tcp_half_open.
- In the Resources section, type the following information.
- In the Address/Mask field, the IP address of the Cequence Bridge.
- In the Service Port field, the port that the Cequence Bridge listens on.
- Click Add, then click Finished.
The Pool List page closes. - Navigate to Local Traffic > Virtual Servers > Virtual Server List.
The Virtual Server List page appears. - Click Create.
- In the General Properties section, type the following information.
- In the Name field, a name for the Virtual Server, such as CQ-Bridge-VS.
- In the Destination Address/Mask field, the IP address of the Cequence Bridge.
- In the Service Port field, the port that the Cequence Bridge listens on.
- In the Configuration section, select serverssl as the value for the SSL Profile (server) field.
- In the Resources section, select the pool created earlier in this procedure, then click Finished.
The Virtual Server List page closes. - Navigate to Local Traffic > iRules > iRule List.
The iRule List page appears. - Click Create.
- In the Name field, type a name for the iRule.
- In the Definition field, paste the iRule script.
A link to download the F5 iRule is available in the F5 iRule section of this article. - Edit the following variables in the iRule script.
- In set static::group_id "f5-us-west-2", replace f5-us-west-2 with a value that uniquely identifies the F5 instance in use.
- In set static::hsl_pool "f5-test", replace f5-test with the name of the pool configured for the use of the Cequence Bridge earlier in this procedure.
- Click Finished.
The iRule List page closes. - Navigate to Local Traffic > Virtual Servers > Virtual Server List.
- Select the virtual server whose traffic you want to send to Cequence for inspection.
- Select the Resource tab.
- In the iRules section, click Manage.
The Resource Management page appears. - In the Resource Management page, move the iRule created in Step 3 from the Available list to the Enabled list.
- Click Finished.
The F5 BIG-IP instance is now integrated with the Cequence Bridge.