3.4. Verify Outbound Topology Functionality

3.4.1. Route Client Traffic via BIG-IP SSL Orchestrator

In order to route outbound traffic through the BIG-IP SSL Orchestrator, you will need to change the default gateway on the Ubuntu-Client machine.

  1. Return to the Ubuntu-Client RDP tab (originally launched from the Ubuntu-Server > WEBRDP link).

  2. Click on the Terminal icon at the bottom of the screen to open a new Terminal shell session.

    ../../_images/ubuntu-route-1.png

  3. Enter sudo ip route change default via 10.1.10.7 to change the default route.

  4. When prompted, enter agility as the password.

  5. Enter ip route to verify that the default route has changed.

    ../../_images/ubuntu-route-2.png

  6. Close the Terminal window.


3.4.2. Test Internet Access

  1. Close the Firefox browser window and restart the application.

  2. Navigate to https://www.f5.com.

    Important

    Do not continue if you cannot browse the Internet from the Ubuntu-Client machine. If you are not able to resolve this on your own, reach out to the lab instructor/assistants to help troubleshoot.

  3. Hover the mouse pointer over the padlock icon on the address bar and verify that it displays Verified by: f5labs.com. This confirms that SSL Orchestrator is performing TLS interception (decrypt & inspect) for outbound traffic. The TLS certificate for https://www.f5.com was forged by the subrsa CA certificate, which is trusted by the client machine.

    ../../_images/l3outbound-test-1.png

  4. Now, test a generative AI web site. Navigate to https://chatgpt.com and verify that it is accessible without any restrictions.

    Note

    You will test this again after enabling the user coaching functionality.


This completes the basic L3 Outbound Topology configuration.