To set up your system for decrypting and encrypting outbound SSL/TLS traffic, you need to use the SSL Orchestrator Setup Wizard which initially guides you through basic minimal setup configuration. When you have completed the basic setup using the Setup Wizard, the SSL Orchestrator configuration utility will assist you with the rest of your configuration.

1. On the Welcome screen, click Next.
2. On the License screen, click Activate.
3. On the EULA screen, click Accept.
   The license activates and the system reboots for the configuration changes to take effect.
4. After the system reboots, click Continue.
5. On the Device Certificates screen, click Next.
6. On the Platform screen, for the Management Port Configuration setting, click Manual.
   The Management Port setting should include the management interface details that were previously created.
7. In the Host Name field, type the name of this system.
   The Host Name must be a fully qualified domain name.
   For example, www.siterequest.com.
8. In the User Administration area, type and confirm the Root Account and Admin Account passwords, and click Next.
   The Root Account provides access to the command line, while the Admin Account accesses the user interface.
   The system notifies you to log out and then log back in with your username and new password.
9. Click OK.
   The system reboots.
10. Optional: On the Network Time Protocol (NTP) screen, in the Address field, type the IP address of the NTP server to synchronize the system clock with an NTP server, and click Add.
11. Click Next.
    The Domain Name Server (DNS) screen opens.
12. Optional: To resolve host names on the system, set up the DNS and associated servers:
    1. For the DNS Lookup Server List, in the Address field, type the IP address of the DNS server and click Add.
    2. If you use BIND servers, add them in the BIND Forwarder Server List.
    3. For local domain lookups to resolve local host names, add them in the DNS Search Domain List.
    4. Click Next.
    The Internal VLAN screen opens.

    Note: If you plan to later use the DNSSEC option in the iApp template, you must set up DNS using the SSL Orchestrator Setup Wizard. Otherwise, this step is optional.
13. Specify the Self IP settings for the internal network:
    1. In the Address field, type a self IP address.
    2. In the Netmask field, type a network mask for the self IP address.
    3. For the Port Lockdown setting, retain the default value.
14. For the VLAN Tag ID setting, retain the recommended default value, auto.
15. For the Interfaces setting:
    1. From the VLAN Interfaces list, select an interface number.
    2. From the Tagging list, select Tagged or Untagged.
       Select Tagged when you want traffic for that interface to be tagged with a VLAN ID.
    3. Click Add.
16. Click Next.
    This completes the configuration of the internal self IP addresses and VLAN, and the External VLAN screen opens.
17. Specify the Self IP setting for the external network:
    1. In the Address field, type a self IP address.
    2. In the Netmask field, type a network mask for the self IP address.
    3. For the Port Lockdown setting, retain the default value.
18. In the Default Gateway field, type the IP address that you want to use as the default gateway to the external VLAN.
19. For the VLAN Tag ID setting, retain the recommended default value, auto.
20. Click Next.
    This completes the configuration of the external self IP addresses and VLAN.
21. On the Forward Proxy Certificate screen, do the following:
    1. In the Certificate Name field, select Create New and type a certificate name.
    2. In the Certificate Source field, select either Upload File and click Choose File, or select Paste Text and copy and paste your certificate source.
    3. In the Key Source field, select either Upload File and click Choose File, or select Paste Text and copy and paste your key source.
    4. From the Security Type list, select either Normal or Password.
22. Click Next.
23. On the Logging screen, under Publisher Type, select either local or splunk.
    • If you select local as your Publisher Type, specify the Destination as either local-db or local-syslog and click Next.
      Note: This determines the destination of your logs as being either a local database or a local syslog server.
    • If you select splunk as your Publisher Type:
    1. For Protocol, select either TCP or UDP.
    2. Type the IP address and the Port of the splunk server.
    3. Click Next.
    You are now ready to proceed to the second part of the configuration where you follow additional instructions to finalize your system for SSL Orchestrator. Refer to the F5^® Herculon SSL Orchestrator™: Setup document for instructions.

1. Open a web browser and go to downloads.F5.com
   You will need your credentials to login
2. Click Find a Download.
   The Select a Product Line screen opens.
3. In the Herculon F5 Product Family section, select SSL Orchestrator.
4. If necessary, select your BIG-IP^® version from the list, and then click a product container from the list.
5. Accept the End User License agreement.
   The Select a Download screen opens.
6. From the list, select and download the latest version of the SSL Orchestrator zip file on to a location accessible from your system, and continue to follow the prompts to download the zip file.
7. Return to your SSL Orchestrator configuration utility.
8. Select SSL Orchestrator > Updates .
9. In the File Name field, click Browse and navigate to the file you saved onto your system and click Open to select it.
10. Click Install.
    The latest version of the SSL Orchestrator configuration utility is now installed. You system may reboot for change to take effect.

1. On your system, click System > Archives .
2. To initiate the process of creating a new UCS archive (back up), click Create.
3. In the File Name box, type a name for the file. This name must be a unique name.
4. Click Finished.
5. To restore the configuration from a UCS archive, go to System > Archives.
6. Select the name of the UCS file you want to restore and click Restore.

1. On the Main tab, click SSL Orchestrator > Configuration .
   A screen opens showing the network diagram and listing general properties.
2. Modify your configuration and then click Deploy.

1. On the Main tab, click SSL Orchestrator > Configuration .
   A screen opens showing the network diagram and listing general properties.
2. Click Undeploy.