Manual Chapter : Services

Applies To:

Show Versions Show Versions

F5 SSL Orchestrator

  • 17.1.0
Manual Chapter

Services

The Service screen allows you to create services such as HTTP, ICAP, Layer 2 and Layer 3 inline, receive only TAP, and F5 services.
  • Inline HTTP
    : You can configure inline HTTP explicit or transparent proxy settings with SSL Orchestrator configured as either an explicit or transparent proxy for extended SSL visibility and existing or new deployments. Using SSL Orchestrator, you can support multiple explicit and transparent proxy configurations such as: SSLO Explicit proxy with in-line explicit proxy as a service (EP-EP); SSLO Transparent proxy with in-line explicit proxy as a service (TP-EP); SSLO Explicit proxy with in-line transparent proxy as a service (EP-TP); SSLO Transparent proxy with in-line transparent proxy as a service (TP-TP).
  • ICAP
    : Each ICAP service uses the Internet Content Adaptation Protocol (ICAP) RFC3507 protocol to refer HTTP traffic to one or more Content Adaptation devices for inspection and possible modification. You can configure the ICAP services that are a part of this configuration.
  • Layer 2 and Layer 3 inline
    : Inline services pass traffic through one or more service devices at Layer 2 (LAN) or Layer 3 (IP). Each service device communicates with the BIG-IP device on the ingress side over two VLANs called Inward and Outward that carry traffic toward the intranet and the Internet, respectively.
  • TAP
    : TAP services only receive traffic for inspection, and do not send it back to the BIG-IP system. Each receive-only service provides a packet-by-packet copy of the traffic (for example, plaintext), passing through it to an inspection device.
  • F5
    : F5 tab lists F5's internal products as services. Deploy these services to suit your categorization, classification, and content inspection needs for encrypted traffic. The available services are F5 Secure Web Gateway, F5 Office 365 Tenant Restrictions, and F5 Advanced Web Application Firewall.
    The F5 Secure Web Gateway (SWG) service allows you to take an existing F5 SWG solution and migrate or move it to the same BIG-IP as SSL Orchestrator. Selecting this service helps provide visibility, orchestration, categorization, and classification for, all encrypted traffic traversing your network, both inbound and outbound. You can manage web access across your organization with URL categorization. This allows you to enforce organizational policies against access to specific content, prevent access to potentially malware-laden websites and apps, or stop bandwidth chokers, among other uses. On configuring the F5 SWG service you can add the newly created SWGaaS to an existing Service Chain or create a new one.
    The F5 Office 365 Tenant Restrictions service provides a mechanism to allow or deny access to O365 resources based on organizational requirements. You will require your organization's
    Restrict-Access-To-Tenants
    and
    Restrict-Access-Context
    values to be inserted into HTTP headers. You can obtain the Tenant Domain and Tenant ID values from the Microsoft Azure portal by signing in as the Administrator. Click Office 365 Tenant Restrictions for detailed information on Tenant Restrictions.
    The F5 Advanced Web Application Firewall (On-Box) service allows you to configure and deploy Advanced Web Application Firewall profiles through the SSL Orchestrator interface for all topologies. The Advanced WAF service and SSL Orchestrator run on the same device. On configuring the service, you can validate it as a service chain object. For this configuration, you should have Application Security Manager (ASM), and Advanced Web Application Firewall (WAF) profile(s) configured, licensed, and provisioned on BIG-IP.
To use a previously created service, select the check box next to the name of the desired service type and click
Save & Next
. You can edit any previously created service by clicking directly on the name. To create a new service, click
Add Service
.
Only the services created as part of this workflow can be deleted.