4.
In the Explicit Proxy Configuration area, from the
On which VLAN(s) should the explicit proxy
listen?
field, select one or more BIG-IP
®
VLANs where the explicit proxy listens.
5.
Options to provide the outbound gateway addresses will vary, whether you selected
Support IPv4
only
,
Support IPv6 only
, or
Both IPv4 and IPv6
. Type the IP address and port that the BIG-IP
system should use for the explicit proxy virtual server using one of these options.
• In the
What IPv4 address and port should the explicit proxy use?
field, type the IPv4 address
and port.
• In the
What IPv6 address and port should the explicit proxy use?
field, type the IPv6 address
and port.
• In both the
What IPv4 address and port should the explicit proxy use?
and
What IPv6
address and port should the explicit proxy use?
fields, type both the IPv4 and IPv6 address and
port information.
6.
Click
Save
.
You have now configured Herculon SSL Orchestrator to work in explicit proxy mode.
This describes only the fields, lists, and areas needed to configure Herculon SSL Orchestrator to work in
explicit proxy mode. You should also complete the other areas in General Properties before moving on to
create services and service chains.
Configuring the system for both transparent and explicit proxies
Explicit proxy in Herculon
™
SSL Orchestrator requires manual configuration of the client and supports
only HTTP(S) based on RFC2616.
You can configure Herculon SSL Orchestrator to operate in transparent and explicit proxy mode. A
transparent proxy
intercepts normal communication without requiring any special client configuration, so
clients are unaware of the proxy in the network.
1.
On the Main tab, click
SSL Orchestrator
>
Configuration
.
The General Properties screen opens.
2.
Scroll down to the
Which IP address families do you want to support?
list, and select whether you
want this configuration to
Support IPv4 only
,
Support IPv6 only
, or
Both IPv4 and IPv6
.
If you do not choose to support both address families, you must configure IP addresses in the family
you select for all IP address fields in this application. If you choose
Both IPv4 and IPv6
, you can
send intercepted IPv6 traffic through an IPv4 Layer 3 service device.
3.
From the
Which proxy schemes do you want to implement?
list, select
Implement both
transparent and explicit proxies
.
4.
From the
Do you want to pass UDP traffic through the transparent proxy unexamined?
list,
select one of the options:
• Use
Yes, pass all UDP traffic unexamined
to pass UDP traffic through without inspecting it.
• Use
No, manage UDP traffic by classification
to configure specific service chain classifier rules
for UDP traffic.
5.
From the
Do you want to pass non-TCP, non-UDP traffic through the transparent proxy?
list,
select one of the options:
• Use
Yes, pass non-TCP, non-UDP traffic
(such as IPsec, SCTP, OSPF, and so on) if you want
the system to pass all traffic that is not TCP or UDP through the transparent proxy. If you choose
this option, this traffic will not be classified or processed by any service chain.
• Use
No, block all non-TCP, non-UDP traffic
(such as IPsec, SCTP, OSPF, and so on) for the
system to block all non-TCP and non-UDP traffic.
6.
In the Explicit Proxy Configuration area, from the
On which VLAN(s) should the explicit proxy
listen?
field, select one or more BIG-IP
®
VLANs where the explicit proxy listens.
Setting Up a Basic Configuration
24
Summary of Contents for Herculon SSL Orchestrator
Page 1: ...F5 Herculon SSL Orchestrator Setup Version 13 1 3 0 ...
Page 2: ......
Page 6: ...What is F5 Herculon SSL Orchestrator 6 ...
Page 26: ...Setting Up a Basic Configuration 26 ...
Page 38: ...Importing and Exporting Configurations for Deployment 38 ...
Page 54: ...Using Herculon SSL Orchestrator Analytics 54 ...