Integrating SSL Orchestrator from F5 with NETSCOUT's nGenuisONE service assurance and cybersecurity platform
In this article
This ATC Insight was created and contributed by NETSCOUT.
Maintaining security and delivering high-quality technology based digital services has never been more important or more challenging as the world has emerged from the recent pandemic and continues its transition to a multicloud world. NETSCOUT and F5 have had a technology alliance partnership for nearly a decade and the resulting innovations have proved to be invaluable to our customers. The latest F5 and NETSCOUT integration eliminates the blind spots introduced by SSL/TLS encrypted content, eliminates the need for additional packet acquisition hardware and increases the visibility of application performance while reducing ever-increasing cybersecurity risks.
The SSL Orchestrator from F5 centralizes and manages decryption of SSL/TLS traffic. This enables security and monitoring tools to view the decrypted content and analyze it for performance analysis and threat detection while providing deep visibility into a variety of issues that can impact digital services. The SSL Orchestrator removes the burden of decrypting content within packets, so your security and monitoring tools perform better while becoming far more scalable. The nGenuisONE Platform from NETSCOUT utilizes its patented AI-based network packet analysis to monitor and measure the performance and reliability of digital services while being able to identify cybersecurity related anomalies and their impact.
Test Environment
Integration testing was conducted over a two-week period in WWT's Advanced Technology Center (ATC) utilizing the following configuration:
- F5 BIG-IP version 17.1
- SSL Orchestrator version 11.0
- NETSCOUT vStream version 6.3.4
- NETSCOUT nGeniusONE version 6.3.4
VMware ESX Configuration
Create the following 3 Port Groups:
internal-north
internal-south
netscout-tap
Attach them to a vSwitch shown in this example:
Configure the BIG-IP virtual settings as follows:
NOTE:
- VM Network is used for Management
- internal-north is used for connectivity to the North side of the network
- internal-south is used for connectivity to the South side of the network
- netscout-tap is used for decrypted connections from BIG-IP to NETSCOUT vStream
Configure the Netscout vStream virtual settings as follows:
NOTE:
- VM Network is used for Management
Netscout-tap is used for decrypted connections from BIG-IP to Netscout vStream
NETSCOUT Configuration
Use a web browser connect to the nGeniousONE management console. Click Device Configuration.
You should have at least one vStream device configured here.
At this point NETSCOUT nGenuisONE should be configured properly and ready to accept decrypted content from SSL Orchestrator.
F5 BIG-IP SSL Orchestrator Configuration
The BIG-IP VLAN settings should look like the following:
Internal-north is used for network connectivity from the BIG-IP to the North
Internal-south is used for network connectivity from the BIG-IP to the South
Netscout-tap is used for decrypted connections from BIG-IP to NETSCOUT vStream
This article assumes you have SSL Orchestrator configured with a Topology and Service Chain.
Navigate to SSL Orchestrator > Configuration.
Create the NETSCOUT Service
Under Services, click Add.
In the Service Catalog select the TAP tab then double click on NETSCOUT TAP
Give it a name, NETSCOUT in this example. Enter the MAC Address of the vStream network adapter connected to the netscout-tap port group.
NOTE: You can find the MAC Address in the vStream VM network settings.
For the VLAN select Use Existing then netscout-tap
Enable Port Remap. Set the Remap Port to 80
Click Save and Next.
Click the name of the Service Chain.
Select the NETSCOUT Service from the left and click the arrow to move it to the right. Click Save.
Click OK
Click Save & Next at the bottom.
Click Deploy
Click OK to the Success message.
When done it should look like the following:
Testing the Configuration
In this example there is a Windows client that connects through the SSL Orchestrator to a Windows server running the following web site:
Test this connection now and it should look like the following:
We'll use tcpdump on the BIG-IP to verify connectivity.
The capture from the internal-south VLAN shows the encrypted HTTPS request
The capture from the netscout-tap vlan shows plain text HTTP content being sent to NETSCOUT for Inspection
NETSCOUT nGeniusONE Monitors
Check the Traffic Monitor to view statistics:
Zoom into the HTTP request that has been decrypted by SSL Orchestrator
You can also see the server response in clear text
Conclusion
This completes configuration of BIG-IP SSL Orchestrator with vStream and nGenuisONE. At this point traffic that flows through SSL Orchestrator will be decrypted and sent to the NETSCOUT service and inspected.