Manual Chapter :
What is F5 Guided
Configuration for SSL Orchestrator?
Applies To:
Show VersionsF5 SSL Orchestrator
- 16.0.1, 16.0.0
What is F5 Guided
Configuration for SSL Orchestrator?
What is F5 Guided
Configuration for SSL Orchestrator?
F5®Guided Configuration for SSL
Orchestrator™provides an all-in-one appliance solution designed to optimize the
SSL infrastructure, provide security devices with visibility of SSL/TLS encrypted
traffic, and maximize the efficient use of that existing security investment. This
solution centralizes and consolidates SSL inspection across complex security
architectures, allowing you flexible deployment options to decrypt and re-encrypt
user traffic. It supports policy-based management and steering of traffic flows to
third-party security devices, intrusion prevention systems (IPS), anti-malware, data
loss prevention (DLP), and many other forensics tools. It provides a wide range of
SSL orchestration analytics that you can easily customize based on your preferences
you set and manage.
Guided Configuration for SSL Orchestrator is meant to guide you through setting up a
particular use case on the SSL Orchestrator system. Each template requests minimal
input and provides contextual help to assist users during setup.
When using Guided Configuration for SSL Orchestrator, you can configure SSL
Orchestrator in an array of topologies that define the type of traffic (transparent
or explicit) and the direction of traffic flow (inbound or outbound) you wish to
inspect. These deployment settings, which can be modified as needed without
un-delploying a configuration, are complimented by SSL management settings that
assist you in defining inbound decryption and outbound decryption, setting your
service types (such as HTTP, ICAP, Layer 2/Layer 3 inline, and receive-only/TAP
services), and creating your service policies by defining per-request and per-session
policy settings that can be managed through a virtual policy editor.
Some of the key functions include:
- Guided Configuration for SSL Orchestrator to guide you through a configuration for deployment
- Guided Configuration for SSL Orchestrator TLS 1.3 support
- Inspection of all traffic for malware and data exfiltration with a multi-layered approach
- New Access per-request policy based creation with virtual policy editor management and expanded creation capabilities within SSL Orchestrator
- Flexible deployment modes to easily integrate the latest encryption technologies across your entire security infrastructure
- High Availability Status (HA-Status) screen providing detailed information on the status of HA devices with detailed warning and error messages indicating issues with system status, HA network status, and device groups with detailed options on how to fix
- SSL Orchestrator Dashboard screen providing various methods to review and analyze the status and trends of your SSL Orchestrator environment and systems
- Multi-Layered Security to solve specific security challenges security administrators usually have to manually chain together like multiple point products and creating bare-bones security chains consisting of multiple services
- Expanded SSL Orchestrator analytics and enhanced logging settings and categories for more detailed insight to your deployments and performance tracking
- L7 application protocol settings allowing you to select a protocol to listen for specific traffic (IMAP, SMTPS, POP3, FTP, HTTP)
- Preview Merge step available to manage previously deployed SSL Orchestrator configurations after a configuration is moved into the Unprotected Configuration mode. Once a configuration is unprotected, changes made in certain configuration topologies (steps) are available for review and merge configuration options
- System Settings screen providing general information and settings the system needs such as IP Family settings, DNS Query resolution, DNSSec Validation specification, and Gateways Configuration details
- Virtual Clustered Multiprocessing (vCMP) support so to provision and manage multiple hosted instances of the BIG-IP software on a single hardware platform
- SSL Orchestrator license for virtual edition support (Standalone or LTM + SSL Forward Proxy Add-On licenses) on the following platforms: VMware, KVM, and Hyper-V
- High availability with best-in-class load-balancing, health monitoring, and SSL offload capabilities