Lab 1.4: Review the security policy

Note

Estimated time to complete: 5 minutes

Lab environment access

If you have not yet visited the page Getting Started, please do so.

Tasks

• Click on Configuration > SSL Orchestrator > Security Policies
• Click on ssloP_transparent and then edit the service (click on the pencil icon)

Note

You can notice both SSLo are selected. It means, this security policy will be deploy on both SSLo.

It is important to understand the demo policy expected in this lab.

• If traffic goes to a pinner destination –> bypass (do not decrypt) - This is the default rule in any SSLo policy.
• If traffic goes to Finance or Health website –> bypass (do not decrypt) –> send anyway to TAP_only (Trend Micro)
• For the rest of the traffic –> intercept (decrypt) –> send traffic to All All_Services

Note

Gent reminder, All Services (Service chain) are different between Paris and Seattle (lab 1.3). In Seattle “Rest of the traffic” will go to PaloAlto and Trend, in Paris “Rest of the traffic” will go to Trend only.

Click Cancel.