Implementing SSL Orchestrator - Decryption Bypass by Category
This article is part of a series on implementing BIG-IP SSL Orchestrator. It includes high availability and central management with BIG-IQ.
Implementing SSL/TLS Decryption is not a trivial task. There are many factors to keep in mind and account for, from the network topology and insertion point, to SSL/TLS keyrings, certificates, ciphersuites and on and on. This article covers creating policy to bypass SSL Decryption by web site Category.
Please forgive me for using SSL and TLS interchangeably in this article.
Software versions used in this article:
BIG-IP Version: 14.1.2
SSL Orchestrator Version: 5.5
BIG-IQ Version: 7.0.1
Using the URL Categorization database, add sensitive categories to bypass decryption.
From the Configuration screen click on the Topology Name.
Click the Pencil icon to edit the Security Policy.
Edit the Pinners_Rule to add the following categories to the bypass list:
Financial Data and Services
Health and Medicine
Online Brokerage and Trading
Click OK, Save & Next then Deploy.
In this article you learned how to specify URL Categories to bypass SSL decryption.
Click Next to proceed to the next article in the series.