F5 BIG-IP SSL Orchestrator Training Lab > Class 1: SSL Orchestration v4 (Agility) > Module 3: Service Policies Source | Edit on

Lab 3.1: Reviewing the Policies

Task 1 - View the Per-Request Policies

  1. Login to the BIG-IP with Firefox

  2. Navigate to SSL Orchestrator ‣ Policies ‣ Access Per-Request Policies


  3. Click the plus sign next to Show all for the ssloP_outbound_ssl row

  4. Select the ssloP_outbound_ssl_prpTcp Per-Request policy


  5. Review the general flow from categorization through Intercept policy to Service Chain


  6. Expand the Macro: Categorization macro by clicking on Categorization in the boxed area or the plus symbol in the macro section.


  7. Explore the SSL Check advanced Action Properties

    image61 image62

  8. Expand the SSL Intercept Policy macro. Notice that the Not Intercepted and Intercepted terminal endings differ based on the category and setting interception.


  9. Explore the Category Branching Action Property


  10. Expand the macros Service Chain Intercepted and Service Chain Not Intercepted


  11. Explore the Action Properties in the Service Chains and notice the Connector Profiles


Task 2 - Modify the Intercept Policy

  1. Expand the macro SSL Intercept Policy and click the Intercepted terminal ending


  2. Select the Not Intercepted radio button, then Save



    Notice that now all traffic is bypassed and therefore not decrypted


  3. Repeat the test from Lab 1.8 and notice that traffic is not decrypted. Notice that this had the impact of all traffic bypassing inspection zone.

  4. Undo the change by setting the terminal ending back to Intercepted and repeat test.

Task 3 - Modify Service Chain

  1. Expand the macro named Service Chain Not Intercepted and remove the HTTP Service node by selecting the X in the corner. The X will turn red when you hover over it.


  2. Click the Delete button in the Item delete confirmation dialogue box


  3. View your results


  4. Add the HTTP Service node back by selecting the plus key between TAP and L3 services


  5. Select the Traffic Management tab, then the Service Connect item and click Add Item


  6. Change the Name to HTTP Service, choose the HTTP Service item from the Connector Profile drop down menu named /Common/ssloS_HTTP_server.app/ssloS_HTTP_service-t-connector and then click Save at the bottom