• Use
HTTP/1.1 only
to send only HTTP/1.1 requests to the ICAP service. Any HTTP/1.0 requests
are not inspected.
12.
Click
Finished
.
13.
Click
Save
.
You have now configured an ICAP service.
After creating more than one service, you can now create a service chain.
Creating receive-only services for traffic inspection
Before configuring receive-only services, complete all areas in General Properties. Refer to the
Configuring general properties
section of this document for more information.
Receive-only services only receive traffic for inspection and do not send the traffic back to the BIG-IP
®
system. Each receive-only service provides a packet-by-packet copy of the traffic passing through the
service to an inspection device. You can configure up to ten receive-only services using the F5
®
Herculon
™
SSL Orchestrator
™
configuration utility.
1.
On the Main tab, click
SSL Orchestrator
>
Configuration
, and on the menu bar, click
Services
>
Receive Only Services
to view receive-only services settings.
The Receive Only Services screen opens.
2.
Click
Add
.
3.
In the
Name
field, type a name for your configuration.
4.
In the
MAC Address
field, type the MAC address of the receive-only device.
5.
In the
IP Address
field, type the nominal IP address for this device.
Each receive-only device requires a nominal IP host address to identify the device in the BIG-IP
system.
6.
From the
VLAN
list, select the VLAN where the receive-only device resides.
7.
From the
Interface
list, select the associated BIG-IP system interface.
8.
Click
Finished
.
9.
Click
Save
.
You have now created a receive-only service for Herculon SSL Orchestrator.
After creating more than one service, you can now create a service chain.
Creating service chains to link services
Before you can set up service chains, you must configure multiple services such as inline, ICAP, or
receive-only.
You can create service chains using previously-created services. A
service chain
is a list of services
linked to service chain classifier rules. Service chains process specific connections based on classifier
rules that look at protocol, source, and destination addresses. Additionally, service chains can include the
following types of services, as well as any decrypt zones between separate ingress and egress devices:
• Layer 2 inline services
• Layer 3 inline services
• Receive-only services
• ICAP services
Creating Services, Service Chains, and Classifier Rules
30
Summary of Contents for Herculon SSL Orchestrator
Page 1: ...F5 Herculon SSL Orchestrator Setup Version 13 1 3 0 ...
Page 2: ......
Page 6: ...What is F5 Herculon SSL Orchestrator 6 ...
Page 26: ...Setting Up a Basic Configuration 26 ...
Page 38: ...Importing and Exporting Configurations for Deployment 38 ...
Page 54: ...Using Herculon SSL Orchestrator Analytics 54 ...