BIG-IP SSL Orchestrator

Maximize infrastructure and security investments with dynamic, policy-based decryption, encryption, and traffic steering through security inspection devices.

See buying optionsRead the data sheet

What You Can’t See Can Still Hurt You

Protect against encrypted threats

Bad actors take advantage of SSL/TLS encryption to hide malicious payloads to outsmart and bypass security controls. Don’t leave your organization vulnerable to attack with security solutions that can’t inspect encrypted traffic efficiently at scale. BIG-IP SSL Orchestrator delivers high-performance decryption of inbound and outbound SSL/TLS traffic, enabling security inspection that exposes threats and stops attacks before they happen.

  • Outbound Traffic Visibility - Protect against outbound traffic dispersing malware, exfiltrating data, or reaching out to a command-and-control server to trigger attacks.
  • Inbound Traffic Visibility - Decrypt incoming encrypted traffic to ensure it’s not hiding ransomware, malware, or other threats that lead to attacks, infections, and data breaches.
  • Next-Gen Encryption Protocol Inspection - Prevent new security blind spots by enabling greater flexibility without requiring architectural changes through full-proxy and diverse cipher support.
Encrypted threat protection
Intelligently Manage Encrypted Traffic

Intelligently manage encrypted traffic

You need orchestration to be on top of your security game. Visibility into and inspection of SSL/TLS traffic is a start, but it only scratches the surface. Daisy-chaining or manually configuring security solutions to support inspection across your security stack’s not scalable and ineffective. BIG-IP SSL Orchestrator intelligently manages the decrypted traffic flow across your entire security stack.

  • Centralize Control - Unify decryption across multiple inspection devices to stop unsupported cipher use, fake SSL/TLS connections, and infrastructure complexity.
  • Policy-Based Steering - Group, monitor, and steer traffic with a flexible context engine—regardless of network topology, protocol, and cipher.
  • Dynamic Service Chaining - Create dynamic, logical security service chains with existing security solutions based on the type of incoming traffic, ensuring optimal security and availability.

Detect Shadow AI

Shadow AI—the unsanctioned use of AI tools—introduces critical blind spots and can expose your organization to vulnerabilities. Simply blocking tools like generative AI might seem like an easy solution, but for most, it’s impractical. With BIG-IP SSL Orchestrator, you gain the visibility and control needed to easily address the risks of Shadow AI without compromising innovation.

  • Real-Time Traffic Decryption - Expose GenAI activity hidden in encrypted traffic through proactive detection.

  • Dynamic Traffic Routing - Use service chaining to direct high-risk actions through DLP, WAF, or other inspection tools based on risk levels.

  • Programmable User Coaching - Deliver customized, in-the-moment alerts to guide users and prevent security policy violations.
mitigate-ransomware
mitigate-ransomware

Mitigate Ransomware

Ransomware is one of the fastest growing cybersecurity threats. What once was an uncommon threat now makes up almost half of all attacks. Unfortunately, ransomware shows no signs of slowing down. It’s critical you protect your organization from ransomware sneaking in through encrypted payloads. BIG-IP SSL Orchestrator maximizes your ability to block these attacks by creating a comprehensive ransomware defense.

  • Inspect Outgoing Traffic - Fend off ransomware attacks and data exfiltration to “drop zones” by inspecting outbound traffic.
  • Restrict Tenant Access - Ensure users only access known and used domains to block inadvertent redirection or accidental access to attacker domains, ending credential theft.
  • Mitigate Phishing Attacks - Prevent ransomware by stopping access to malicious phishing sites and infections from malignant attachments.

Product Overview

Diagram illustrating F5’s Aspen Service Mesh

F5 dynamic traffic steering

BIG-IP SSL Orchestrator enhances SSL/TLS infrastructure, makes encrypted traffic visible to security solutions, and optimizes existing security investments. It delivers dynamic service chaining and policy-based traffic steering—applying context-based intelligence to encrypted traffic handling to intelligently manage the flow of encrypted traffic across the security stack—and ensures optimal availability and security.

Hardware

Deploy high-performance hardware in your on-premises data center or collocation facility.

See hardware options ›

Software (virtual edition)

Deploy on any hypervisor within your data center, collocation facility, or in AWS, Azure, or Google Cloud.

Core Capabilities

If you’re not inspecting SSL/TLS traffic, you’ll miss attacks and leave your organization vulnerable. BIG-IP SSL Orchestrator provides robust decryption/re-encryption and orchestration of encrypted traffic.

SSL/TLS visibility

Provides SSL/TLS decryption and encryption, strong cipher support, and flexible deployment.

Dynamic service chaining

Provides service insertion, service resiliency, service monitoring, and load balancing.

Context-based intelligence

Supports geolocation, IP reputation, URL categorization, and third-party ICAP integration.

Granular control

Header changes, support for port translation, and control over ciphers and protocols.

Supports various inspection devices

Supports inline layer 2 and 3, HTTP proxy, ICAP, and passive/receive-only inspection services.

Supports many deployment modes

Standalone, cluster, and separate ingress/egress tiers.

Transparent and explicit proxy

Intercepts and inspects traffic without requiring any special client configuration.

Scales security services

Scales with high availability, F5’s best-in-class load balancing, health monitoring, and SSL/TLS offload capabilities.

Platform Support and Integrations

Partner security tools integrations

While BIG-IP SSL Orchestrator is vendor and product agnostic, it’s optimized to easily integrate with the world’s leading security devices to create a powerhouse solution that’s ready to tackle any of your encrypted threat challenges.

Resources

Featured
trinity cyber

Trinity Cyber Stops Bad Guys with Help from F5

Trinity Cyber protects customers with a unique cybersecurity service line delivering deep content inspection with decryption by BIG-IP SSL Orchestrator.

Read the story

Solution overviews

Control Shadow AI Risks with F5 BIG-IP SSL Orchestrator ›

Protecting Against Encrypted Threats ›

Protect Against Ransomware with AWS and F5 ›

BIG-IP Advanced WAF as a BIG-IP SSL Orchestrator Service ›

F5 Secure Web Gateway Services as a BIG-IP SSL Orchestrator Service ›

Data sheets

BIG-IP SSL Orchestrator Data Sheet ›

Integration guides

Cisco Firepower Threat Defense ›

Cisco Web Security Appliance ›

Menlo Security Remote Browser Isolation ›

Palo Alto Networks Next-Generation Firewall ›

Symantec Data Loss Prevention ›

Trellix Data Loss Prevention ›

Trellix Network Security ›

View all integration guides ›

Next Steps

Request a demo
See BIG-IP SSL Orchestrator in action.
Have questions?
Talk to an F5 sales representative today.
Find a reseller
We’re dedicated to building partnerships that move your business forward.
Deliver and Secure Every App
F5 application delivery and security solutions are built to ensure that every app and API deployed anywhere is fast, available, and secure. Learn how we can partner to deliver exceptional experiences every time.
Connect With Us