Using SSL Persistence for E-Banking and Other Secure Websites

Knowledgebase Tips and Tricks
1

Outbound Custom Rules with Persistence algorithm, available with Peplink Balance, is a solution for stable, secure (SSL) website transactions.

Background For security, many e-banking and other secure websites terminate the session when the client computer’s Internet IP address changes mid-session.In general, different Internet IP addresses represent different computers. The security concern is that an IP address change during a session may be the result of an unauthorized intrusion attempt. Therefore, to prevent damages from the potential intrusion, the session is terminated upon the detection of an IP address change.

Peplink Balance distributes data traffic across multiple WAN links. Also, the Internet IP depends on the WAN links over which communication actually takes place. As a result, a client computer behind Peplink Balance may communicate using multiple Internet IP addresses.

Persistence Custom Rules

Outbound Custom Rules with Persistence algorithm can be configured to enable client computers to persistently utilize the same WAN links for e-banking and other secure websites. As a result, a client computer will communicate using one IP address and eliminate the issues.

To configure a Persistence outbound traffic rule:

  • In Web Administration Interface, navigate to Network > Outbound Policy.
  • Select Managed by Custom Rules from the Outbound Policy drop-down menu
  • Add a new rule via the Add New button
  • Configure the settings for the new rule as follows:
  • Service Name: SecureWeb
  • Source & Destination IP: Any
  • Protocol: TCP 443 (The Protocol Selection Tool drop-down menu can be used simplify the configuration steps)
  • Algorithm: Persistence
  • Persistence Mode: By Source

Persistence Custom Rules with non-standard port number

Besides IP address changes, some secure websites may require to access with non-standard port number (i.e. https://secure-website.com:7443). In this case, users should manually ADD an additional Persistence rule for that particular TCP port (It is port 7443 for the above example) in the Outbound Policy section. Below is the configuration example:
  • Service Name: SecureWebPort
  • Source & Destination IP: ANY
  • Protocol / Port: TCP / 7443
  • Algorithm: Persistence
  • Persistence Mode: By Source

1 Like