Remote servers can present expired certificates. Allowing connections to servers with expired
certificates can cause a security risk.
13.
From the
Should connections to servers with untrusted certificates be allowed?
list, select one of
the two options to determine what happens with connections to servers with untrusted certificates:
• Use
Yes, allow connections to servers with untrusted certificates
to allow connections to the
servers that have untrusted certificates.
• Use
No, forbid connections to servers with untrusted certificates
to prevent connections to
servers that have untrusted certificates.
Remote servers can present untrusted certificates. Allowing connections to servers with untrusted
certificates can cause a security risk.
14.
If strict updates should protect the configuration, select the check box for
Should strict updates be
enforced for this application?
.
If you select this option, you cannot manually modify any settings produced by the application. Once
you disable this option, you can manually change your configuration. You should enable this setting
to avoid misconfigurations that can cause an unusable application.
F5 recommends you enable this setting to avoid misconfigurations that could result in an unusable
application and F5's ability to support your product.
15.
Click
Save
.
You have provided the basic configuration the system requires for Herculon SSL Orchestrator.
You can now set up ingress and egress devices, configure transparent or explicit proxies for the system,
and create services, service chains, and classifier rules.
Configuring logging
Before configuring logging for F5
®
Herculon
™
SSL Orchestrator
™
, complete all areas in General
Properties. Refer to the
Configuring general properties
section of this document for more information.
You can generate log messages to help you monitor (and optionally debug) system activity. And you can
choose the level of logging you want the system to perform. Log messages may be sent to one or more
external log servers (preferred) and/or stored on the BIG-IP
®
device (less desirable because BIG-IP
devices have limited log storage capacity).
1.
On the Main tab, click
SSL Orchestrator
>
Configuration
.
The General Properties screen opens.
2.
Scroll down to the Logging Confguration area to the
What SSL Intercept logging level do you want
to enable?
list, and select the level of logging you want the system to perform.
• Use
Errors. Log only functional errors
to log errors related to how Herculon SSL Orchestrator
functions.
• Use
Normal. Log connection data as well as errors
to log per-connection data in addition to
functional errors.
• Use
Debug. Log debug data as well as normal level data
to log debug data as well as
connection data and functional errors. Because this logging level consumes more resources on the
BIG-IP system, use this mode only during setup or troubleshooting.
3.
From the
Which Log Publisher will process the log messages?
list, select whether an existing log
publisher object processes the log messages or does not process the log messages and sends the
messages to syslog-ng.
• Use
None (Send log messages to syslog-ng)
to send log messages to the system management
plane syslog-ng subsystem. This option is not recommended for use in production systems.
F5 Herculon SSL Orchestrator: Setup
15
Summary of Contents for Herculon SSL Orchestrator
Page 1: ...F5 Herculon SSL Orchestrator Setup Version 13 1 3 0 ...
Page 2: ......
Page 6: ...What is F5 Herculon SSL Orchestrator 6 ...
Page 26: ...Setting Up a Basic Configuration 26 ...
Page 38: ...Importing and Exporting Configurations for Deployment 38 ...
Page 54: ...Using Herculon SSL Orchestrator Analytics 54 ...