Security Policies
Security Policies allow defining a set of rules that govern how traffic is processed in SSL Orchestrator and the actions a rule can take. The SSL Orchestrator uses a visual per-request policy engine, or Visual Policy Editor (VPE), to define traffic flows through the security services. The per-request security policies are available within the VPE with each element, or box, representing a corresponding macro whose information (and output) influences the next element and its macro until the traffic is allowed or blocked.
When configuring a per-request security policy, the SSL Orchestrator maintains the policy in the Access module, viewable in the Visual Policy Editor. By default, SSL Orchestrator provides Pinners_Rule and All Traffic rules. Pinners_Rule consists of domain names of some TLS- (SSL-) based services from well-known businesses that support software which may not work well when their connections are intercepted and decrypted by the SSL Orchestrator solution. You can also use the All Traffic default rule that allows the interception of all traffic.
Starting SSL Orchestrator 11.0, for L3 Inbound/Application topology, you can render a security policy from either a per-request or an LTM policy to associate it with your virtual server. When configuring an LTM security policy, by default, the All Traffic rule is available to allow the interception of all traffic. The SSL Orchestrator maintains the LTM policy in the Local Traffic > Policies > Policy List. For a new policy, the system auto-generates the policy with the naming convention “ssloP_XXXX_ltm_pol”.
Parent topic: SSL Orchestrator Guided Configuration