F5 BIG-IP SSL Orchestrator Training Lab > All SSL Orchestrator Lab Guides > [Archived] SSL Orchestrator v8 (Agility 2021) Training Labs > [v8] SSLO 201: Advanced Use Cases with SSL Orchestrator (Agility 2021 | 2 hours) > 2. Managing Security Services and Service Chains Source | Edit on

2.3. Pre-existing environment validation¶

Attention

A Microsoft Remote Desktop Protocol (RDP) client is required to connect to the client machines in this lab.

Start an RDP session to the Ubuntu18.04 Client (Components > Ubuntu18.04 Client > ACCESS > XRDP)

../../../_images/udf-ubuntu-client-rdp.png

When prompted, save the RDP file to your local machine and then open it to connect.
At the Ubuntu Login prompt, click on the OK button to continue.

../../../_images/udf-ubuntu-client-rdp2.png

Tip

If the RDP session times out later, refer to User Credentials for the student user password.

Open the Firefox browser
Browse to https://www.example.com/
Click on the padlock icon in the address bar
Click the arrow to the right of Connection secure

Confirm that the connection/certificate is signed/verified by DigiCert Inc

Modify the client's proxy settings to point to F5 SSL Orchestrator
- In Firefox, click on the menu () in the top right of the window
- Select Preferences on the menu
- In the Find in Preferences search field at the top, type proxy
- Click the Settings... button under Network Settings
- Select the Manual proxy configuration radio button. Ensure the proxy settings appear as follows:

Click the OK button
Close and relaunch the web browser
Browse to https://www.example.com/ once again
Confirm that the connection/certificate is now verified by f5labs.com

Confirm that the explicit proxy service is seeing decrypted traffic:
- Start a Web Shell to Ubuntu18.04 Services (Components > Ubuntu18.04 Services > ACCESS > Web Shell)
- Enter the following commands in the Web Shell:
```
clear
tail -f -n 0 /var/log/squid/access.log
```
- Visit a few secure (HTTPS) websites (non-banking) using Firefox on the Ubuntu18.04 Client machine and confirm that access is being logged even though we are visiting a secure website. You should see log entries of the sites and URLs visited, similar to the example below:
- Visit a financial web site such as https://www.bankofamerica.com and verify that SSL Orchestrator is not intercepting TLS traffic. Confirm that the browser receives a server certificate that was issued by a trusted public CA. You should not see Verified by: f5labs.com because we are bypassing Financial Data and Services URLs in the SSL Orchestrator Security Policy.
- Confirm that the explicit proxy service is not seeing the bypassed (encrypted) traffic. There should be no log entries for the financial web site itself in the access.log file.
  
  Note
  
  You may still see log entries for analytics web sites that are associated with the financial web site.
- Press <CTRL+C> to stop the tail tool.

Previous Next