Forum Discussion

jjones618's avatar
jjones618
Icon for Altostratus rankAltostratus
Dec 30, 2019

APM Endpoint Inspector

I configured a VPN using APM that requires the end client to have their AV updated in the last 15 days and scanned in the last 8 days. A user is trying to connect and has the latest version of Kaspersky installed on their device and has had a recent full scan. Their device is not being allowed on the network. The version of Kaspersky on their desktop is 20.0.14.10875 and latest version in the EPSEC file is 19.0.0.1088. When their desktop was on 19.0.0.1088 they were able to connect. Is their end client not connecting because their AV version is not in the EPSEC file? (The F5 currently has the latest version of the EPSEC file installed.) If this is the case what is the best way to require updated AV and still allow them to access the network when their AV version is more recent than what is in the latest EPSEC file? Thanks!

APM
Endpoint Inspector
security

2 Replies

Sort By
  • Dave_W's avatar
    Dave_W
    Icon for Employee rankEmployee
    Jan 03, 2020

    Hello, if you login to the Admin GUI and go to the about Tab and click on the "OPSWAT Application Security Integration Support Charts" link. Look for the version and type of AV to make sure that version and features are supported.

     

    In addition you can run the OESIS Diagnose tool locally on the PC or Mac. This will create a diag file you can look at to see if OPSWAT recognizes the AV and features:

     

    https://support.f5.com/csp/article/K11643

     

  • jjones618's avatar
    jjones618
    Icon for Altostratus rankAltostratus
    Jan 02, 2020

    My F5 is currently on 14.1.0.3. Looks like the EPSEC file for this version of BIG IP was last updated on 7/9/2019. BIG IP version 14.1.2.x has an EPSEC file that was last updated on 12/5/2019. Looks like 14.0.1.x and 14.0.0.x also have a more recent EPSEC file than 14.1.0.x. Does anyone know why F5 does not update all EPSEC files for BIG IP versions that are still supported?