Manual Chapter : Configuring System Settings

Applies To:

F5 SSL Orchestrator

  • 21.0.0
back-action Additional Configuration Tools

Configuring System Settings

In addition to the SSL Orchestrator topologies, you can configure your deployment settings using System Settings. When configuring a topology, after clicking Add from the Configuration screen, select System Settings at the top right of the screen. The System Settings screen allows you to provide general information the system needs, such as IP Family settings to specify whether you want this configuration to support IPv4 addresses, IPv6 addresses, or both.

You can specify the DNS Query resolution. This solution uses DNS extensively. You can either permit the system to send DNS queries directly out to the Internet, or specify one or more local forwarding nameservers to process all DNS queries from SSL Intercept. Direct resolution can be more reliable than using forwarders but requires outbound UDP+TCP port 53 access to the Internet.

You can select DNSSec Validation to specify whether you want to use DNSSec to validate the DNS information. Using DNSSec to validate DNS information improves security.

You can also specify in Gateways Configuration whether you want the system to let all SSL intercept traffic use the default route, or specify Internet gateways (routers) depending on the IP family selection:

  • IPv4 and/or IPv6 Outbound Gateways: You may specify one or more Internet gateways (routers) to handle outbound SSL intercept traffic (plus control the share of traffic each is given).
  • Non-public IPv6 Networks: You may specify route connections to any non-public IPv6 networks via the IPv6 gateways by entering the prefix/mask-length (CIDR). Non-public IPv6 networks are those outside the 2000::/3 block, such as ULA networks in the fc00::/7 block. Your organization and your VPN-linked business partners likely have some non-public IPv6 networks.

Note: By default, during the F5 SSL Orchestrator deployment process, the system database value for Traffic Management Microkernel (TMM) fast forward is automatically disabled (set to false) so that client connections do not disconnect prematurely. To ensure your F5 SSL Orchestrator deployment works properly, make sure the system database value for TMM fast forward remains disabled throughout the deployment. If you are not using F5 SSL Orchestrator and need the system database value for TMM fast forward enabled, it must be manually changed.

Parent topic: Additional Configuration Tools