F5 BIG-IQ Centralized Management Lab > BIG-IQ All Labs > Class 12: BIG-IQ SSL Orchestrator > Module 1: Review the SSLo deployment Source | Edit on
Lab 1.4: Review the security policy¶
Note
Estimated time to complete: 5 minutes
Lab environment access¶
If you have not yet visited the page Getting Started, please do so.
Tasks¶
- Click on Configuration > SSL Orchestrator > Security Policies
- Click on ssloP_transparent and then edit the service (click on the pencil icon)
Note
You can notice both SSLo are selected. It means, this security policy will be deploy on both SSLo.
It is important to understand the demo policy expected in this lab.
- If traffic goes to a pinner destination –> bypass (do not decrypt) - This is the default rule in any SSLo policy.
- If traffic goes to Finance or Health website –> bypass (do not decrypt) –> send anyway to TAP_only (Trend Micro)
- For the rest of the traffic –> intercept (decrypt) –> send traffic to All All_Services
Note
Gent reminder, All Services (Service chain) are different between Paris and Seattle (lab 1.3). In Seattle “Rest of the traffic” will go to PaloAlto and Trend, in Paris “Rest of the traffic” will go to Trend only.
Click Cancel.