SSLO Decryption policy question

Question

I am currently looking through SSLO docs for a F5 transparent proxy use case.

Unfortunately, getting the information that I need is time sensitive and I was wondering if you were willing to help.

Basically we need to put the following policy in place:

Bypass - Do NOT decrypt *.xyz.com

Inspect - Decrypt *-test.xyz.com <<For this item we could also key in on a custom HTTP header that we have.

Does anyone know if this is possible? If yes, then how?

andrew-f5 · Answer

Since SSLO configurations change significantly between versions it would be helpful to know what version you are using first; both the BigIP version and SSLO (E.g. v14.1.0 5.4.47).

Generally speaking you would create the items you noted as two separate rules within your security policy and make sure to have the inspect above the bypass in the ordered list, otherwise the bypass will match first due to the wildcard matching "-test".

Forum Discussion

SSLO Decryption policy question

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Decrypting TLS with the tcpdump sslprovider

Access policy, LTM policy and iRules

Health monitor question

F5 Connection Mirroring question

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 1 - Policy Creation)