Manual Chapter :
What is F5 Guided
Configuration for SSL Orchestrator?
Applies To:
Show VersionsF5 SSL Orchestrator
- 15.1.9
What is F5 Guided
Configuration for SSL Orchestrator?
What is F5 Guided
Configuration for SSL Orchestrator?
F5®Guided Configuration for SSL
Orchestrator™provides an all-in-one appliance solution designed to optimize the
SSL infrastructure, provide security devices with visibility of SSL/TLS encrypted
traffic, and maximize the efficient use of that existing security investment. This
solution centralizes and consolidates SSL inspection across complex security
architectures, allowing you flexible deployment options to decrypt and re-encrypt
user traffic. It supports policy-based management and steering of traffic flows to
third-party security devices, intrusion prevention systems (IPS), anti-malware, data
loss prevention (DLP), and many other forensics tools. It provides a wide range of
SSL orchestration analytics that you can easily customize based on your preferences
you set and manage.
Guided Configuration for SSL Orchestrator is meant to guide you through setting up a
particular use case on the SSL Orchestrator system. Each template requests minimal
input and provides contextual help to assist users during setup.
When using Guided Configuration for SSL Orchestrator, you can configure SSL
Orchestrator in an array of topologies that define the type of traffic (transparent
or explicit) and the direction of traffic flow (inbound or outbound) you wish to
inspect. These deployment settings, which can be modified as needed without
un-delploying a configuration, are complimented by SSL management settings that
assist you in defining inbound decryption and outbound decryption, setting your
service types (such as HTTP, ICAP, Layer 2/Layer 3 inline, and receive-only/TAP
services), and creating your service policies by defining per-request and per-session
policy settings that can be managed through a virtual policy editor.
Some of the key functions include:
- Updated setup utility with resource provisioning capabilities for licensed and unlicensed modules
- Inspection of all traffic for malware and data exfiltration with a multi-layered approach
- New Access per-request policy based creation with virtual policy editor management and expanded creation capabilities within SSL Orchestrator
- Flexible deployment modes to easily integrate the latest encryption technologies across your entire security infrastructure
- Expanded SSL Orchestrator analytics and enhanced logging settings and categories for more detailed insight to your deployments and performance tracking
- L7 application protocol settings allowing you to select a protocol to listen for specific traffic (IMAP, SMTPS, POP3, FTP, HTTP)
- Virtual Clustered Multiprocessing (vCMP) support so to provision and manage multiple hosted instances of the BIG-IP software on a single hardware platform
- SSL Orchestrator license for virtual edition support (Standalone or LTM + SSL Forward Proxy Add-On licenses) on the following platforms: VMware, KVM, and Hyper-V
- High availability with best-in-class load-balancing, health monitoring, and SSL offload capabilities