F5 BIG-IP SSL Orchestrator Training Lab > Class 1: SSL Orchestration > Module 1: Outbound SSLO Source | Edit on

Lab 1.7: Outbound Interception Rules

Task 1 - Interception Rules

  1. Login to the BIG-IP with Firefox

  2. Navigate to SSL Orchestrator ‣ Deployment ‣ Interception Rules and click:

    image29

  3. Click Install Default Rules…

    image30

  4. Under Proxy Settings, configure these options:

    Property Value
    Proxy Scheme Transparent and Explicit
    Proxy Server : Port 10.20.0.150 : 3128

    image31

  5. Under Security ‣ SSL, select Create New. This will redirect to a separate page for configuring SSL settings.

    image32

  6. Name the configuration ssloT_ob_ssl

    image33

  7. In the Client section, for Certificate Key Chains, select default.crt and default.key, and then click Add

    image35

  8. Under CA Certificate Key Chains, select subca.f5demolabs.com.cer and subca.f5demolabs.com.key, and then click Add.

    image36

  9. In the Server section, select ca-bundle.crt for Trusted Certificate Authority. Leave all other settings at the defaults. Click Finished.

    image37

  10. The screen should have returned to the original Install Default Rules page. Under the Security section, from the Per Request Policy drop-down select Create New

    image38

  11. Name the policy ssloP_ob_pol

    image39

  12. Under TCP Service Chain, add and order the available services to both the Intercept Chain and Non Intercept Chain:

    image40

  13. Repeat step (12) for UDP Service Chain

  14. Click Finish.

  15. Under Ingress Network ‣ VLANs, choose /Common/client-net from the Available VLANs and add to the Selected section.

    image41

  16. Click Finish.