Service Chain Management Process With F5 SSLO

19 Launches
Solution Overview

Dynamically orchestrating security infrastructure is needed when an organization needs to seamlessly move traffic from one active security solution to another, and then change or update the first security solution. This process is performed without interrupting traffic flow or allowing encrypted traffic to bypass without a security check. When swapping out a security solution there may be a need to bypass that solution entirely. When updating a security solution, customers may only want to bypass the solution temporarily without interrupting the traffic flow, traffic decryption and inspection for the rest of the solutions in your security stack. Customers may want to direct traffic streams to new security solutions in a dynamic service chain to try them out.

F5's SSL orchestrater simplifies many security solution changes while reducing time, cost and impact. It also alleviates potential traffic bypass and potential exploitation. By orchestrating the security stack, customers can streamline and minimize the often time-consuming and inefficient security change-management process, reducing the risk of time-consuming negative consequences. In the following lab you will be utilizing the following solutions:

  • F5 SSLO
  • F5 Adv-WAF
  • F5 BIG-IP

Goals & Objectives

This lab is divided into 3 modules as follows.

Module 1

In this module we will walk you through the SSL Orchestrator Guided Configuration which covers the following:

  • Inbound L3 Topology creation
  • Certificate and Key used for SSL Decryption
  • Adding the Advanced WAF devices
  • Creating a Security Policy
  • Creating an Interception Policy

Module 2

This module is divided into the following high level sections:

  • Advanced WAF Network Configuration
  • Attach Virtual Servers to an Advanced WAF Policy

Module 3

This module allows to test the following high-level sections:

  • Monitor server statistics
  • change the weight ratio
  • check server stats again.
  • Remove a single Advanced WAF device from the service.
  • Perform maintenance on the Advanced WAF device.
  • Add Advanced WAF device back to the original topology
  • Test functionality again
  • Repeat to perform maintenance on the other Advanced WAF device

Hardware & Software

As part of the lab, The lab provided contains the following components:

  • 3 x Ubuntu Virtual Machines (v18.0.4)
  • 1 x F5 SSLO (v16.0.1)
  • 2 x F5 Adv-WAF (v16.0.1)