F5 SSL-O service chaining issue

Hello,

You provided to little information as even an expert can't say what exactly is the case as for example there is no picture of your per-request policy or guided config rules that show if there is service attached for the proxy bypass rule and the service that is asigned can't be of type "HTTP services" as when doing bypass you need to aqssign layer2/3 service type that works without decryption.

Still you can check the link below as I suspect that when you bypass the traffic there is no attached service to which the the per-request policy to send data:

--------

The easiest way to get started with SSL Orchestrator security policies is to first understand your goals. For example:

• Do you need to block any type of traffic, and if so, under what condition? For example, you may want to block traffic for known TOR Proxy exit nodes which you can detect with the IP Intelligence subscription.

   

• Do you need to bypass decryption for any type of traffic, and if so, under what condition? For example, you may need to bypass decryption for sites that typically contain personally identifiable information (PII) like Financial and Healthcare related sites. You can achieve this with the URL Category subscription.

   

• Do you need to send different types of traffic to different service chains, and if so, under what condition? For example, it may be optimal to bypass some traffic types but still send to a subset of security products for additional encrypted analysis.

  ------

   

  https://clouddocs.f5.com/sslo-deployment-guide/chapter4/page4.3.html

   

    

   

  Also for the SSLO issue now there are great articles and even a guide:

   

  https://community.f5.com/t5/technical-articles/implementing-ssl-orchestrator-high-level-considerations/ta-p/285866

  https://support.f5.com/csp/article/K26520133

  https://clouddocs.f5.com/sslo-troubleshooting-guide/main/

  https://clouddocs.f5.com/sslo-deployment-guide/chapter5/page5.2.html

   

•  
•  
•  

•  

  
•  
•