Bump in the wire

A SSLO layer 2 topology where the BIG-IP does not have to expose any IP addressing to the external network. In such a virtual wire configuration a device can be transparently added to the network without having to create self-IP addresses or change the configuration of other network devices already connected to the BIG-IP device. A virtual wire logically connects two interfaces or trunks, in any combination, to each other, thereby enabling the BIG-IP system to forward traffic from one interface to the other bi-directionally. It is typically used for security monitoring, where the BIG-IP system inspects ingress packets without modifying them in any way.

REST Block

A block is part of the logic used to take a set of inputs and create the appropriate configuration. A block will target the device where the configuration will be created. Deleting the block should also delete any configuration that it created.

REST Storage

Rest Storage is a mechanism used within the BIG-IP by different components to store various data for device configuration, maintenance, etc. It is a key/value based with a hierarchical naming convention.


F5® BIG-IP SSL Orchestrator™ (SSLO) is a dedicated offering that centralizes encryption, dynamically steers decrypted traffic to policy-based security service chains while intelligently bypassing sensitive encrypted data, and secures the balance and health of security services. SSLO lowers security total cost of ownership (TCO) while enhancing security, control, and visibility into today’s encrypted threats.

SSLO Gateway mode

Consolidates multiple inbound SSLO configurations into a single SSLO topology which can be configured as an SNI-switching gateway, thereby significantly reducing the total number of LTM objects required. SSLO can then forward client traffic to the correct server by examining the unencrypted Server Name Indication hostname seen in the initial TLS/SSL handshake.

SSLO Inbound Topology

Typically used to provide external users access to internal applications, normally when the organisation owns the application resources and SSL keys.

SSLO Outbound Topology

Typically used to give internal users’ access to external remote resources, normally when the organisation does not own the application resources and SSL keys.


SSL/TLS Inspection Proxy (STIP) refers to a category of network devices that perform SSL visibility/interception functions. Common Criteria defines STIP as a Protection Profile (PP) on top of NDcPP (ND stands for Network Devices). F5 is a member of the technical committee (amongst other vendors BlueCoat/Symantec, Gigamon, Palo Alto, Cisco) who participated in the drafting of STIP PP. Version 1.0 of the STIP PP was published in August 2019. Think of the BIG-IP as the Network Device and SSLO as the STIP. Some of these new STIP features are included and enabled within SSLO by default whereas others can only be enabled by activating a special “CC Mode” of operation in the BIG-IP (tmsh ccmode)