Manual Chapter : What is F5 Guided Configuration for SSL Orchestrator?

Applies To:

Show Versions Show Versions
Manual Chapter

What is F5 Guided Configuration for SSL Orchestrator?

What is F5 Guided Configuration for SSL Orchestrator?

F5 Guided Configuration for SSL Orchestrator provides an all-in-one appliance solution designed to optimize the SSL infrastructure, provide security devices with visibility of SSL/TLS encrypted traffic, and maximize the efficient use of that existing security investment. This solution centralizes and consolidates SSL inspection across complex security architectures, allowing you flexible deployment options to decrypt and re-encrypt user traffic. It supports policy-based management and steering of traffic flows to third-party security devices, intrusion prevention systems (IPS), anti-malware, data loss prevention (DLP), and many other forensics tools. It provides a wide range of SSL orchestration analytics that you can easily customize based on your preferences you set and manage.
Guided Configuration for SSL Orchestrator is meant to guide you through setting up a particular use case on the SSL Orchestrator system. Each template requests minimal input and provides contextual help to assist users during setup.
When using Guided Configuration for SSL Orchestrator, you can configure SSL Orchestrator in an array of topologies that define the type of traffic (transparent or explicit) and the direction of traffic flow (inbound or outbound) you wish to inspect. These deployment settings, which can be modified as needed without un-deploying a configuration, are complimented by SSL management settings that assist you in defining inbound decryption and outbound decryption, setting your service types (such as HTTP, ICAP, Layer 2/Layer 3 inline, and receive-only/TAP services), and creating your service policies by defining per-request and per-session policy settings that can be managed through a virtual policy editor.
Some of the key functions include:
  • Updated setup utility with resource provisioning capabilities for licensed and unlicensed modules
  • Inspection of all traffic for malware and data exfiltration with a multi-layered approach
  • New Access per-request policy based creation with virtual policy editor management and expanded creation capabilities within SSL Orchestrator
  • Flexible deployment modes to easily integrate the latest encryption technologies across your entire security infrastructure
  • Expanded SSL Orchestrator analytics and enhanced logging settings and categories for more detailed insight to your deployments and performance tracking
  • L7 application protocol settings allowing you to select a protocol to listen for specific traffic (IMAP, SMTPS, POP3, FTP, HTTP)
  • Virtual Clustered Multiprocessing (vCMP) support so to provision and manage multiple hosted instances of the BIG-IP software on a single hardware platform
  • SSL Orchestrator license for virtual edition support (Standalone or LTM + SSL Forward Proxy Add-On licenses) on the following platforms: VMware, KVM, and Hyper-V
  • High availability with best-in-class load-balancing, health monitoring, and SSL offload capabilities