Forum Discussion
NimbostratusPer-Request Policies with SSL Orchestrator
Hi all, I've set up SSL Orchestrator as an explicit proxy to send decrypted traffic through a layer 2 security device and that's all working perfectly. The issue I'm trying to work around now is how to apply some SWG-Explicit proxy features such as authentication, category blocks, custom block pages etc to the SSL Orchestrator proxy.
Has anyone managed to achieve this yet or have any ideas on how it might be done?
Thanks.
1 Reply
dragonflymrCirrostratus
Hi,
I have exactly same question :-) Just started to play around with this function on v13. Seems to be nice tool to making easy service chain implementation. Still it would be even nicer if there would be some way to use APM in the mix (along with SWG). Considering that SSL Orchestrator is based on iApp and just gives nice customized interface it is creating standard BIG-IP objects - means that it should be possible to apply APM polices to VS objects. However as with all iApps objects are by default locked for modification. I can off course disable this lock but question is if modified configuration will not break functionality? Looking at how its implemented via extensive usage of quite complicated iRules I am quite afraid what could be result. Sure I can try to do that in the lab but would be nice to know official F5 statement if it's supported or rather it should work but there is no guarantee it will.
After a bit more thinking and considering that in v13 Forward proxy solution has proxy chaining implemented I thing it might be possible to create separate APM controlled proxy (explicit or transparent) and point it to proxy created by SSL Orchestrator (probably transparent would be good choice). I think it should work even if this is not the most elegant solution ;-)
Piotr
