Lightboard Lessons: The Problem Of TLS Visibility

Internet traffic today is encrypted at a rate of almost 90%.  Our F5 Labs team wrote a TLS Telemetry Report last year that outlines several Internet-related encryption statistics.  Also, Google serve...
Published Nov 28, 2018
Version 1.0
BIG-IP
lbl
security
tls
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Dec 03, 2018

Hi John,

 

Nice introduction! You mentioned that another Lightboard Lesson is on the way. No to hard to figure out it will be about SSLO :-)

 

If I may ask to include some info about this topics:

 

  1. Is that mandatory to use two separate physical interfaces for each L2 service
  2. Is there a way to easily add AWAF/DDoS L7 policies if Inbound SSLO is configured
  3. Is there a way to add APM pre-authentication in case of Inbound SSLO
  4. What is best practice to modify already configured Service Chains
  5. When it makes sense to include any service in Non Intercept Chain - as far as I understand the idea, traffic processed by this chain is not decrypted so it seems to not make sense to include any service here?

Piotr