Security policies

Security Policies allow defining a set of rules that govern how traffic is processed in SSL Orchestrator and the actions a rule can take. The SSL Orchestrator uses a visual per-request policy engine, or Visual Policy Editor (VPE), to define traffic flows through the security services. The per-request security policies are available within the VPE with each element, or box, representing a corresponding macro whose information (and output) influences the next element and its macro until the traffic is allowed or blocked.

When configuring a per-request security policy, the SSL Orchestrator maintains the policy in the Access module, viewable in the Visual Policy Editor. By default, SSL Orchestrator provides

Pinners_Rule

and

All Traffic

rules.

Pinners_Rule

consists of domain names of some TLS- (SSL-) based services from well-known businesses that support software which may not work well when their connections are intercepted and decrypted by the SSL Orchestrator solution. You can also use the

All Traffic

default rule that allows the interception of all traffic.

Starting SSL Orchestrator 11.0, for L3 Inbound/Application topology, you can render a security policy from either a per-request or an LTM policy to associate it with your virtual server. When configuring an LTM security policy, by default, the

All Traffic

rule is available to allow the interception of all traffic. The SSL Orchestrator maintains the LTM policy in the

Local Traffic

Policies

Policy List

. For a new policy, the system auto-generates the policy with the naming convention "ssloP_XXXX_ltm_pol".