Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Implementing SSL Orchestrator - Decryption Bypass by Category

KevinGallaugher
F5 Employee
F5 Employee

on ‎20-Jan-2020 09:37

Introduction

This article is part of a series on implementing BIG-IP SSL Orchestrator. It includes high availability and central management with BIG-IQ.

Implementing SSL/TLS Decryption is not a trivial task. There are many factors to keep in mind and account for, from the network topology and insertion point, to SSL/TLS keyrings, certificates, ciphersuites and on and on. This article covers creating policy to bypass SSL Decryption by web site Category.

Please forgive me for using SSL and TLS interchangeably in this article.

Software versions used in this article:

BIG-IP Version: 14.1.2

SSL Orchestrator Version: 5.5

BIG-IQ Version: 7.0.1

Policy Creation

Using the URL Categorization database, add sensitive categories to bypass decryption. 

From the Configuration screen click on the Topology Name.

0151T000003lMBPQA2.png

Click the Pencil icon to edit the Security Policy.

0151T000003lMBUQA2.png

Edit the Pinners_Rule to add the following categories to the bypass list:

Financial Data and Services

Health and Medicine

Online Brokerage and Trading

0151T000003lMBZQA2.png

Click OK, Save & Next then Deploy.

Summary

In this article you learned how to specify URL Categories to bypass SSL decryption.

Next Steps

Click Next to proceed to the next article in the series.

Labels:
0 Kudos
Version history
Last update:
‎20-Jan-2020 09:37
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC