2.5. Create a new Cisco Firepower Threat Defense TAP serviceΒΆ
Select SSL Orchestrator from the left-hand menu and then click on Configuration
Select the Services tab in the middle of the main display area. Notice that the already configured HTTP Service, ssloS_Squid_Proxy, is already present.
Click the Add button above the list of services
Type firepower in the Search box
Select Cisco Firepower Threat Defense TAP and click the Add button
On the Service Properties screen enter the following values:
Name - provide a unique name to this service (ex. CiscoFP).
Description - provide a description as needed (ex. Cisco Firepower TAP).
MAC Address - for a TAP service that is not directly connected to F5 SSLO, enter the device's actual MAC address. For a TAP service that is directly connected to F5 SSLO, the MAC address does not matter and can be arbitrarily defined. For this lab, enter 12:12:12:12:12:12
VLAN - this defines the interface connecting F5 SSLO to the TAP service. Select Create New and provide a unique name (ex. TAP_in).
Interface - select the 1.7 interface.
Tag - this is the 802.1q VLAN tag for service. Leave it empty since this service is connected to an untagged interface.
Enable Port Remap - this setting allows SSLO to remap the port of HTTPS traffic flowing to this service. For this lab, leave the option disabled (unchecked).