Lab 2.1: Inbound Interception Rules

Task 1 - Create a new Interception Rule

  1. Navigate to SSL Orchestrator ‣ Deployment ‣ Interception Rules


  2. In the top, right hand corner, click Create Inbound Rule...


Task 2 - Create Wildcard Listener

In this step we will create a listener to intercept all inbound HTTPS traffic. After the configuration steps, this will be saved as a wildcard virtual server listening on port 443.

  1. Under the General Properties section, configure the following values:

    Property Value
    Name ssl_inbound_listener
    Destination Address/Mask
    Service Port 443


  2. Under the Security Policy section, select Create New.


    The configuration GUI will redirect to the SSL settings configuration page.

  3. In the General Settings section of the Security Policy, set the name to ssloT_inbound_ssl.


    For Inbound configurations the Forward Proxy option should be disabled


  4. Under the Client-side SSL section, choose and from the respective drop-down menus and click Add.


  5. Under the section Server-side SSL, configure the following values:

    Property Value
    Expire Certificate Response Control ignore
    Untrusted Certificate Response Control ignore


  6. Review the settings and click Finished. This will redirect back to the original Inbound Listener configuration screen.

Task 3 - Configure VLAN Settings

In this step, we will define which VLAN interface that our listener will accept connections.


Since we are configuring only for inbound traffic, it is important that the wildcard listener only accept connections on the incoming interface. In this case, the VLAN labeled outbound.

  1. In the VLANs section, choose the /Common/outbound VLAN from the Available List and click the left arrow to move it into Selected.


  2. Under the Security Policy section, configure these values:

    Property Value
    L7 Profile Type HTTP
    L7 Profile /Common/http
    Access Profile /Common/
    Per Request Policy Create New


  3. Once redirected to the New Inbound Rule configuration:

    1. Create a name for the rule
    2. Add ICAP, TAP, and L2 services to the Intercept Chain section
    3. Repeat step (ii) for the Non Intercept Chain
    4. Click Finished


  4. Verify the settings under Security Policy.


  5. Click Finish