Manual Chapter : Security policies

Applies To:

Show Versions Show Versions

F5 SSL Orchestrator

  • 17.1.0
Manual Chapter

Security policies

Security Policies allow defining a set of rules that govern how traffic is processed in SSL Orchestrator and the actions a rule can take. The SSL Orchestrator uses a visual per-request policy engine, or Visual Policy Editor (VPE), to define traffic flows through the security services. The per-request security policies are available within the VPE with each element, or box, representing a corresponding macro whose information (and output) influences the next element and its macro until the traffic is allowed or blocked.
When configuring a per-request security policy, the SSL Orchestrator maintains the policy in the Access module, viewable in the Visual Policy Editor. By default, SSL Orchestrator provides
Pinners_Rule
and
All Traffic
rules.
Pinners_Rule
consists of domain names of some TLS- (SSL-) based services from well-known businesses that support software which may not work well when their connections are intercepted and decrypted by the SSL Orchestrator solution. You can also use the
All Traffic
default rule that allows the interception of all traffic.
Starting SSL Orchestrator 11.0, for L3 Inbound/Application topology, you can render a security policy from either a per-request or an LTM policy to associate it with your virtual server. When configuring an LTM security policy, by default, the
All Traffic
rule is available to allow the interception of all traffic. The SSL Orchestrator maintains the LTM policy in the
Local Traffic
Policies
Policy List
. For a new policy, the system auto-generates the policy with the naming convention "ssloP_XXXX_ltm_pol".