F5 Logo MyF5
Search
  1. MyF5 Home
  2. Managing SSL Orchestrator Using BIG-IQ
  3. Manage SSLO device configurations
  4. Configure device specific SSLO settings
Manual Chapter : Configure device specific SSLO settings

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Configure device specific SSLO settings

From BIG-IQ, you can modify the device configuration for a managed BIG-IP device and view the status of services deployed to a device, and deploy changes to this device.
  1. At the top of the page, view your services deployed in a topology on this device. To make any edits to security service configuration, select the name of the service and you will be directed to a page where you can make edits.
  2. From BIG-IQ, navigate to
    Configuration
    SSL Orchestrator
    Devices
    .
  3. Select a managed BIG-IP device from the
    Devices
     list.
    You will be directed to a page where you may configure SSLO BIG-IP device settings.
  4. Under
    Device Settings
    , specify whether you want this configuration to support IPv4 addresses or IPv6 addresses from the dropdown menu.
    You must configure IP addresses in the family you select for all IP address fields in this application.
  5. Under the
    DNS
     section, select either
    Internet Authoritative Nameserver
     to permit the system to send DNS queries directly out to the Internet, you can select
    Local Forwarding Nameserver
    .
    Direct resolution can be more reliable than using forwarders but requires outbound UDP+TCP port 53 access to the Internet.
  6. Click the DNSSec Validation checkbox to specify whether you want to use DNSSEC to validate the DNS information.
    F5 reccomends using DNSSEC to validate DNS information as it improves security.
  7. If you selected
    Local Forwarding Nameserver
     in the above section, add one or more
    Local DNS Nameserver
     in the section
    Local Forwarding NameServer(s)
    .
  8. Under
    Routing
    , select
    Default
     to allow the system to let all SSL intercept traffic use the default route, or select
    Create New
     to route the traffic through a custom Internet gateway. Add an
    Address
     and specify the
    Ratio
     to define the ratio of traffic sent to each device.
  9. Under the
    Logging Configuration
     section, select a logging level for this device from the dropdown menu. You may select from Errors, Normal, or Debug.
  10. You may enable the default log configuration by selecting the checkbox. For
    Per-Request Policy
    ,
    FTP
    ,
    IMAP
    ,
    POP3
    ,
    SMTPS
    , and
    SSL Orchestrator Generic
     (generic logs for the SSL Orchestrator configuration), select the level of severity that you would like to log for this data.
  11. Select
    Deploy
     to push changes to this managed device.
Your configuration changes will be deployed to the managed BIG-IP device.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information