Applies To:Show Versions
BIG-IQ Centralized Management
Monitoring SSL Orchestrator Activity
Monitoring SSL Orchestrator Data
Displays the total number of topologies configured (deployed or in draft). Each health status lists the current number of topologies with that health status.
Displays the total number of devices managing SSLO configurations. Each health status lists the current number of devices with that health status. The
TOP CPU USAGEdisplays BIG-IP devices with the highest percent CPU usage.
BIG-IP Host Names
BIG-IP Blade Numbers
For Device CPU data, go to
Displays the total number of services (deployed or in draft). Each health status lists the current number of services with that health status.
Displays the distribution of encrypted traffic that passed through the topologies.
TOP COUNTRIES MAP
Displays a map that highlights the countries with the most requests that passed through the topologies. This information is view-only.
Displays the destination countries with the most client-side new connections to your topologies.
TOP URLs CATEGORIES
Displays the URL categories with the most client-side new connections. You configure these categories when you provision APM policies with secure web gateway (SWG).
TOP IPI CATEGORIES
Displays the top IP Intelligence categories with the most client-side new connections. IP reputation is an addition subscription of IP Intelligence to your provisioned ASM.
TOP SERVER CIPHERS
Displays the SSL server-side cipher names with the most client-side new connections to your topologies.
Server Cipher Versions
Service Cipher Names
TOP CLIENT CIPHERS
Displays the SSL client-side cipher names with the most client-side new connections to your topologies.
Client Cipher Versions
Client Cipher Names
DEVICES: TOP MEMORY USAGE
Displays the BIG-IP device host names with the highest percent CPU usage.
For Device CPU data, go to
Customizing the View
Identifying SSLO health issues
- You configure SSL Orchestrator topologies to support your various network routing needs. These topologies support your configured service chains and security inspection settings for an network's inbound and outbound traffic. Topology health issues arise when either the BIG-IP device, service, or both, report health issues. The health of the topology reflects the most severe health status of any of its BIG-IP devices or services. By identifying topology health issues, you can then further isolate issues affecting services and devices
- Services process traffic connections based on the contexts provided by the security policy. These services are assigned to a pool that belongs to a virtual server within the BIG-IP device. The health of the service is based on the status of its connected pool. The system sends alerts for both pools and virtual servers regarding the health status of the service's connected pool:
- Pool alerts (service alerts)
- The system monitors the pool status based on the pool member responses to the server. When one or more pool members becomes unresponsive, the health of the service is reduced to moderate. If all pool members within the service pool are unresponsive, the health becomes critical.
- The BIG-IP devices that manage the traffic to your SSLO configuration might also manage other application services, aside from SSLO. The health of your devices isbased on configured thresholds for CPU, memory, and traffic throughput. Once these thresholds are passed, the BIG-IP device's health is reduced to moderate or critical.
Identify SSLO health issues
- A BIG-IQ data collection device configured for the BIG-IQ device
- The BIG-IP device located in your network and running a compatible software version
- Statistics collection enabled for managed BIG-IP devices
- AVR provisioned on your BIG-IP devices
- Go to.The overview screen displays tiles with current information about your SSLO configurations.
- Use theTOPOLOGIES,DEVICES, orSERVICEStiles to evaluate whether any of your SSLO objects have critical or moderate health status.Topology health reflects the most severe health status of its connected devices and services.
- Click one of the health-related tiles to view a list of the selected SSLO objects.The screen lists the objects, and provides data regarding current traffic and health status. Data in the summary bar reflects the average of all listed objects for the past five minutes.
- To filter the list to display objects with health alerts, clickCriticalorModeratein the HEALTH area of the summary bar.
- To further evaluate an object's data, click the chart button ( ) to the left of the object's name and health.The screen displays a dashboard with data based on your selection.
- In the charts, evaluate whether data reflects significant changes over time.If you observe significant changes, enableEvents( ) to display system notifications that might provide more information about why traffic experienced significant changes. You can click one of the numbered icons in the chart to display the list of events that occurred at that time.
- To isolate details about active alerts, clickSee Allin the ACTIVE ALERTS area at the top right of the summary bar.This displays a list of the recent, and active, alerts relating to your selected object's health. If there are no active alerts, the health issue was either resolved, or the object was deleted. For more information about the object's alert history, return to the previous screen and clickSee Allin the ALERT HISTORY area in the summary bar.
- From the active alerts list, select the row of the most recent alert, to display the alert's details a the bottom of the screen.
SSLO topology dashboard data
- The SSLO topology health is measured based on the health status of the pool managing the services in the service chain, and BIG-IP devices hosting the topology. Topology health reflects the most severe status of at least one of connected objects' health.
- SSL HIT COUNT OVER TIME
- The SSL hit count over time is the average number of SSL new client connections to the topology, distributed by their security outcome.
- TOP CIPHER ACTIVITY
- This is the most commonly detected SSL cipher names with new client connections to the topology's host device.
- THROUGHPUT IN
- This shows the number of transactions (in BPS) that were detected by topology.
- The ALERT HISTORY and ACTIVE ALERTS display the topology-related alerts, which indicate changes in the topology health status. Active alerts are listed when an alert is raised and has not been cleared.
- Connections by Decryption Action
- Displays the number of new client connections initiated with any of the topology's host BIG-IP devices. Data in this chart is distributed by whether the connection required decryption or not. See the data in the dimensionDecryption Statusto evaluate data per decryption action.
- Bytes per Second
- Displays the average number of bytes (per second) that passed through one of the topology's host BIG-IP devices. Data is displayed by the part of the transaction to and from the BIG-IP devices.
SSLO analytics data
- Bytes in from client
- Bytes in from server
- Bytes out to client
- Bytes out to server
- Client-side new connections
- Connection Duration
- BIG-IP Host Names-The host name of the BIG-IP devices over which the topology was deployed.
- BIG-IP Blade Numbers--The blade number for the BIG-IP devices over which the topology was deployed.
- Applications--The name of the container for the application services in the BIG-IQ user interface.
- Application Services--The categorization of the application services contained within the application.
- Virtual Servers--The virtual servers reporting the topology's traffic data.
- Actions--The service chain classification based on the SSLO action:
- Allowed--SSLO allowed the connection to go to its destination
- Bypassed--Based on the service chain classification, SSLO allowed the connection to go to its destination without traversing any service chain.
- Rejected--Based on the service chain classification, or network error, SSLO terminated the connection.
- Intercepted--Based on the service chain classification, SSLO stripped the TLS armor from a connection and sent the decrypted contents of the connection through a service chain.
- Destination Countries--The countries listed as the destination in the payload of the client requests.
- Client Cipher Versions--The cipher version used the client request.
- Server Cipher Names--The server cipher names used in reported transactions.
- Client Cipher Names--The client cipher names used in reported transactions.
- Server Cipher Versions--The cipher version used in the server response.
- Decryption Status--The traffic based on the need for decryption:
- Plain Text (requires no decryption)
- Service Paths--The names of the service chains.
- Traffic Types--The network protocol used in the transaction.
- URL Categories--The URL categories configured for secure web gateway (SWG). This dimension is relevant to users who have configured an APM policy with a SWG.
- Serving Applications IPs--IP addresses of applications connected to a topology.
- IP Reputation--The IP categories configured for IP Intelligence. This dimension is relevant to users whohave configured an AFM policy with IP Intelligence.
- Topologies (not relevant to single topology)--The names of the deployed topologies processing traffic.
SSLO device dashboard data
- The SSLO device health is measured based on metric thresholds configured for centrally managed BIG-IP devices. To review the health thresholds for your device, go toand select the default device health rules.
- CPU USAGE
- The average percent of CPU usage for the selected device. The chart displays a different color for the metric thresholds that have been surpassed.
- MEMORY USAGE
- The average percent of memory usage for the selected device. The chart displays a different color for the metric thresholds that have been surpassed.
- SSL DECRYPTION
- The average number of connections distributed by the decryption status. Connections that do not require decryption are labeled as either Unencrypted or Plain Text.
- CIPHER ACTIVITY
- The most commonly detected client, or server, SSL cipher names with new client connections to the selected device.
- The number of transactions (in average BPS) that were detected by the device from the client or server (throughput in) or from the device to the client or server (throughput out).
- The ACTIVE ALERTS area displays the device-related alerts that indicate changes in the health status. Active alerts are listed when an alert is raised and has not been cleared.
- The average CPU percent usage of the device over the selected period of time. The chart displays data based on which activities required the most CPU, and the overall usage of each CPU core.
- The average percent of memory usage of the device over the selected period of time. The charts display data based on which activities required memory usage.
- The average disk data, based on read and write activities.
- Disk Usage
- The average disk usage (bot read and write) based on the configured partitions for the BIG-IP device.
- Interface Health
- The average number of traffic errors and dropped packets detected by the BIG-IP device for incoming and outgoing traffic.
SSLO service dashboard data
- The SSLO service health is measured based on the availability of the pool members in the pool associated with the service. When a pool member is detected as offline or disabled, the health status of the service is reduced.
- The average number of transactions detected to and from the BIG-IP device to the virtual server (in average BPS).
- CONCURRENT CONNECTIONS
- The number of sustained connections between the virtual server and the BIG-IP device.
- The ALERT HISTORY and ACTIVE ALERTS display the pool alerts, which indicate changes in the service's health status. Active alerts are listed when an alert is raised and has not been cleared.
- New Connections
- The average number of new connections per second to the virtual server over time from either the client side or server side.
- Concurrent Connections
- The number of ongoing connections to the virtual server from either the client side or the server side.
- Throughput Bytes
- The average number of bytes per second processed to and from the virtual server over the course of the transaction.
- Throughput Packets
- The average number of packets per second processed to and from the virtual server over the course of the transaction.
- The average number of round trip request to response cycles, per second, to the virtual server.