F5 - Attack Signature Update

Aus Laub-Home.de Wiki
Zur Navigation springen Zur Suche springen

AskF5 HowTo

Allowing signature updates through a firewall

Host servers

  • callhome.f5.com port 443
  • activate.f5.com port 443

DNS servers

  • The firewall should allow port 53 access for the DNS name server(s) configured for use by the BIG-IP ASM system.
  • Additionally, if the BIG-IP ASM has not been configured with a reachable DNS name server, it will attempt to use an F5 DNS nameserver configured in the /var/ts/etc/services.ini file. The firewall should allow port 53 access for the IP addresses listed for the prod_dns_server= setting in this file.


Attack signature update using a scheduled update mode

  1. Log in to the Configuration utility.
  2. On the Main tab of the Application Security navigation pane, click Options.
  3. From the Attack Signatures menu, select Attack Signatures Update.
  4. In the Attack Signature Updates section, select Scheduled.
  5. From the Update Interval menu, select an update interval.
  6. Click Save Settings.


Attack signature update files using a manual update mode

Note: When you select Manual for the Update Mode, you update the attack signatures on your own schedule by clicking Update Signatures.

  1. Log in to the Configuration utility.
  2. On the Main tab of the Application Security navigation pane, click Options.
  3. From the Attack Signatures menu, select Attack Signatures Update.
  4. In the Attack Signature Updates section, select Manual.
  5. In the Delivery Mode section, select Automatic.
  6. Click Save Settings.
  7. When you are ready to update the attack signatures, click Check for Updates, and if an update is available, click Update Signatures to download and install the updates.


Manual updates for system-supplied attack signatures

Note: Use this option if your BIG-IP ASM system does not have direct Internet access.

  1. Browse to https://downloads.f5.com.
  2. Manually download the latest signature file to your local workstation.
  3. Log in to the Configuration utility.
  4. On the Main tab of the Application Security navigation pane, click Options.
  5. From the Attack Signatures menu, select Attack Signatures Update.
  6. In the Update Mode setting, click Manual.
  7. For the Delivery Mode setting, select Manual.
  8. Click Save Settings.
  9. If you want to update the system-supplied signatures now, click Browse and locate the previously-saved signature file, so that the path to the file appears in the Upload File box.
  10. Click Update Signatures to upload and apply the signature update.


Configuring signature file updates through an HTTPS proxy

1. Log in to the command line.
2. Change directories to the /ts/etc/ directory by typing the following command:

cd /ts/etc/

3. Create a backup of the services.ini file by typing the following command:

cp services.ini /var/tmp/services.ini.bak

4. Using a text editor, edit the services.ini file.
5. Add the following section to the end of the file:

[proxy]
https_proxy=https://<IP address of your HTTPS proxy server>:<HTTPS proxy server port>

For example:

[proxy]
https_proxy=https://172.16.10.100:33750

6. Save the changes you made to the services.ini file.

Note: This change must be made manually on both systems in redundant pair configurations. The services.ini file is not copied to the peer system during ConfigSync operations.