Configuring the system for transparent proxy
You can configure Herculon SSL Orchestrator to operate in transparent proxy mode only. A
transparent
proxy
intercepts normal communication without requiring any special client configuration, so clients are
unaware of the proxy in the network.
1.
On the Main tab, click
SSL Orchestrator
>
Configuration
.
The General Properties screen opens.
2.
From the
Which IP address families do you want to support?
list, select whether you want this
configuration to
Support IPv4 only
,
Support IPv6 only
, or
Both IPv4 and IPv6
.
If you do not choose to support both address families, you must configure IP addresses in the family
you select for all IP address fields in this application. If you choose
Both IPv4 and IPv6
, you can
send intercepted IPv6 traffic through an IPv4 Layer 3 service device.
3.
From the
Which proxy schemes do you want to implement?
list, select
Implement transparent
proxy only
.
4.
From the
Do you want to pass UDP traffic through the transparent proxy unexamined?
list,
select one of the options:
• Use
Yes, pass all UDP traffic unexamined
to pass UDP traffic through without inspecting it.
• Use
No, manage UDP traffic by classification
to configure specific service chain classifier rules
for UDP traffic.
5.
From the
Do you want to pass non-TCP, non-UDP traffic through the transparent proxy?
list,
select one of the options:
• Use
Yes, pass non-TCP, non-UDP traffic
(such as IPsec, SCTP, OSPF, and so on) if you want
the system to pass all traffic that is not TCP or UDP through the transparent proxy. If you choose
this option, this traffic will not be classified or processed by any service chain.
• Use
No, block all non-TCP, non-UDP traffic
(such as IPsec, SCTP, OSPF, and so on) for the
system to block all non-TCP and non-UDP traffic.
6.
Click
Save
.
You have now configured Herculon SSL Orchestrator to work in transparent proxy mode.
This describes only the fields, lists, and areas needed to configure Herculon SSL Orchestrator to work in
transparent proxy mode. You should also complete the other areas in General Properties before moving
on to create services and service chains.
Configuring the system for explicit proxy
You can configure Herculon SSL Orchestrator to operate in explicit proxy mode only. Explicit proxy in
Herculon SSL Orchestrator requires manual configuration of the client and supports only HTTP(S) based
on RFC2616.
1.
On the Main tab, click
SSL Orchestrator
>
Configuration
.
The General Properties screen opens.
2.
From the
Which IP address families do you want to support?
list, select whether you want this
configuration to
Support IPv4 only
,
Support IPv6 only
, or
Both IPv4 and IPv6
.
If you do not choose to support both address families, you must configure IP addresses in the family
you select for all IP address fields in this application. If you choose
Both IPv4 and IPv6
, you can
send intercepted IPv6 traffic through an IPv4 Layer 3 service device.
3.
From the
Which proxy schemes do you want to implement?
list, select
Implement explicit proxy
only
.
F5 Herculon SSL Orchestrator: Setup
23
Summary of Contents for Herculon SSL Orchestrator
Page 1: ...F5 Herculon SSL Orchestrator Setup Version 13 1 3 0 ...
Page 2: ......
Page 6: ...What is F5 Herculon SSL Orchestrator 6 ...
Page 26: ...Setting Up a Basic Configuration 26 ...
Page 38: ...Importing and Exporting Configurations for Deployment 38 ...
Page 54: ...Using Herculon SSL Orchestrator Analytics 54 ...