2.8. Update Service Chains on existing Security Policy rules

Update the existing Security Policy rules to use the new Service Chains you just created.

From the SSL Orchestrator Configuration screen:

  • Click on Security Policies from the horizontal menu.

  • Click the Security Policy named ssloP_f5labs_explicit.

    Security Policy Overview


  • Click on the pencil icon (pencil) next to the Pinners_Rule to modify this rule.

  • In the properties section that appears, select ssloSC_CiscoFP_TAP from the Service Chain dropdown.

  • Click the OK button to accept the change.

    Policy rule for Cisco Firepower TAP service


  • Now edit the Finance_Bypass rule. Click on the pencil icon (pencil) to modify this rule.

  • In the properties section that appears, select ssloSC_CiscoFP_TAP from the Service Chain dropdown.

  • Click the OK button to accept the change.


  • Now edit the All Traffic. Click on the pencil icon (pencil) to modify this rule.

  • In the properties section that appears, select ssloSC_All_Services from the Service Chain dropdown.

  • Click the OK button to accept the change.


  • The Security Policy rules should now look like this:

    Updated security policy

  • Click the Deploy button.

  • On the pop-up dialog, click the OK button to confirm that you want to make the changes.

  • When successfully deployed, click the OK button to return to the SSL Orchestrator Configuration screen.