Forum Discussion

Henk_Oostland's avatar
Henk_Oostland
Icon for Nimbostratus rankNimbostratus
Jan 04, 2016

Does anyone know the PeSIT protocol?

Hi,

 

PeSIT is an "open" file transfer protocol, used by Axway. There are Axway boxes planned in our datacenter, and they want to use them for file transfer. We use a "scrubbing center" at the edge of our network, with a Bigip with LTM, ASM an APM. They want to use Pesit for file transfer over HTTPS to the Axway boxes, we want to offload SSL, inspect the traffic by ASM and inspect the sent files via ASM and an ICAP box on our BigIP's.

 

Because PeSIT encrypts files end-to-end while transferring them, i assume inspecting the files in our scrubbing center wil not work.

 

IMHO: You shouldn't want to do this and i think it's not going to work properly.

 

Anyway: Does anyone have any experience with this kind of configuration?

 

Thanks in advance,

 

Henk.

 

application delivery
ASM Advanced WAF
BIG-IP

3 Replies

Sort By
  • BinaryCanary_19's avatar
    BinaryCanary_19
    Historic F5 Account
    Jan 15, 2016

    ASM can only handle HTTP at this time, with some sensible fallback behaviours for Websockets. I've tried to look for and take a quick look at the PeSIT protocol specs but can't find any document suitable for quick skimming.

     

    You can generally offload the SSL on bigip, because SSL is standardized, but the HTTP Profile which is required by ASM will choke if it receives non HTTP traffic.

     

    Since you mentioned HTTPS as opposed to SSL, are you guys encapsulating the protocol over HTTP? or did you just mean SSL when you said HTTPS? If you encapsulate the protocol in HTTP, then you may be able to get somewhere with using ASM, provided the encapsulation can be broken down into standard http stuff, like predictable URLs, parameters, and parameter values.

     

  • Henk_Oostland's avatar
    Henk_Oostland
    Icon for Nimbostratus rankNimbostratus
    Jan 15, 2016

    Hi,

     

    Thanks for your reaction!

     

    They have suggested to encapsulate PeSIT in HTTPS, so we will offload SSl en and transit Pesit over HTTP, scanned by ASM. Personally i think you shouldn't do this, as you mentioned, i also assume that ASM will choke.