SSL Orchestrator and ASM application policy om BigIP
Hello. I met a problem while trying combine SSL Orcestrator and ASM application policy together. Is anyone met the same? Or have any ideas about such deployment. I need to inspect unencrypted HTTP trafiic on inline antivirus and same time I need provide web application security on F5 Big IP. Thank you in advance.
Where are the F5 SSL Orchestrator (SSLO) SplitSession Client/SplitSession Server profiles used?
I have seen this profiles but there is not a lot of info about their use cases. From the article below I think that they are only important when two F5 sslo devices are used ingress and egress traffic: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-13-1-0/39.html From what I gather if a single SSLO is used the settings will be "Local Peer" enabled and "Lookup Type" set to "Flow" but when is "Session Flow" or "HTTP Header" used ? Is session flow for layer2/3 services and when there are 2 SSLO for ingress and egress traffic and "HTTP Header" for transparent/explicit proxy services again with two SSLO for ingress and egress traffic?Can the F5 SSL Orchestrator(SSLO) send traffic to a not directly attached Layer 3 device?
I was playing with the SSLO wizards/guided configurations and when I tried to configure layer3 or http service with an IP address that is not directly attached to the a Vlan/Self IP on the F5 I got the error message " This is not a valid IP address for selected selfip for 'To Service' subnet.". For ICAP services there is no problem to send the traffic to a not directly attached device but I have to ask if I can do the same for HTTP/Layer 3 inline service in some way?
