Manual Chapter :
What is F5 Guided
Configuration for SSL Orchestrator?
Applies To:
Show VersionsF5 SSL Orchestrator
- 17.1.0
What is F5 Guided
Configuration for SSL Orchestrator?
What is F5 Guided
Configuration for SSL Orchestrator?
F5®Guided Configuration for SSL Orchestrator™ provides
an all-in-one appliance solution designed to optimize the SSL infrastructure,
provide security devices with visibility of SSL/TLS encrypted traffic, and
maximize the efficient use of that existing security investment. This solution
centralizes and consolidates SSL inspection across complex security architectures,
allowing you flexible deployment options to decrypt and re-encrypt user traffic.
It supports policy-based management and steering of traffic flows to third-party
security devices, intrusion prevention systems (IPS), anti-malware, data loss
prevention (DLP), and many other forensics tools. It provides a wide range of SSL
orchestration analytics that you can easily customize based on your preferences
you set and manage.
Guided Configuration for SSL Orchestrator is meant to guide you through setting up a
particular use case on the SSL Orchestrator system. Each template requests minimal
input and provides contextual help to assist users during setup.
When using Guided Configuration for SSL Orchestrator, you can configure SSL
Orchestrator in an array of topologies that define the type of traffic
(transparent or explicit) and the direction of traffic flow (inbound or outbound)
you wish to inspect. These deployment settings, which can be modified as needed
without un-deploying a configuration, are complimented by SSL management settings
that assist you in defining inbound decryption and outbound decryption, setting
your service types (such as HTTP, ICAP, Layer 2/Layer 3 inline, and
receive-only/TAP services), and creating your service policies by defining
per-request and per-session policy settings that can be managed through a virtual
policy editor.
Some of the key functions include:
- Guided Configuration for SSL Orchestrator to guide you through a configuration for deployment
- Guided Configuration for SSL Orchestrator TLS 1.3 support
- Inspection of all traffic for malware and data exfiltration with a multi-layered approach
- New Access per-request policy based creation with virtual policy editor management and expanded creation capabilities within SSL Orchestrator
- Flexible deployment modes to easily integrate the latest encryption technologies across your entire security infrastructure
- High Availability Status (HA-Status) screen providing detailed information on the status of HA devices with detailed warning and error messages indicating issues with system status, HA network status, and device groups with detailed options on how to fix
- SSL Orchestrator Dashboard screen providing various methods to review and analyze the status and trends of your SSL Orchestrator environment and systems
- Multi-Layered Security to solve specific security challenges security administrators usually have to manually chain together like multiple point products and creating bare-bones security chains consisting of multiple services
- Expanded SSL Orchestrator analytics and enhanced logging settings and categories for more detailed insight to your deployments and performance tracking
- L7 application protocol settings allowing you to select a protocol to listen for specific traffic (IMAP, SMTPS, POP3, FTP, HTTP)
- Preview Merge step available to manage previously deployed SSL Orchestrator configurations after a configuration is moved into the Unprotected Configuration mode. Once a configuration is unprotected, changes made in certain configuration topologies (steps) are available for review and merge configuration options
- System Settings screen providing general information and settings the system needs such as IP Family settings, DNS Query resolution, DNSSec Validation specification, and Gateways Configuration details
- Virtual Clustered Multiprocessing (vCMP) support so to provision and manage multiple hosted instances of the BIG-IP software on a single hardware platform
- SSL Orchestrator license for virtual edition support (Standalone or LTM + SSL Forward Proxy Add-On licenses) on the following platforms: VMware, KVM, and Hyper-V
- High availability with best-in-class load-balancing, health monitoring, and SSL offload capabilities