Configuring F5 SSL Orchestrator

Configuring F5 SSL OrchestratorSSLOF5F5 NetworksF5-SSLO1.0<ul> <li>Understand basic use cases for decryption and re-encryption of inbound and outbound SSL/TLS network traffic</li><li>Create dynamic service chains of multiple security services</li><li>Configure security policies to enable policy-based traffic steering</li><li>Add SSL visibility to existing applications</li><li>Deploy SSL Orchestrator configurations based on topology templates</li><li>Troubleshoot an SSL Orchestrator deployment</li></ul><p>The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:</p> <ul> <li>OSI model encapsulation</li><li>Routing and switching</li><li>Ethernet and ARP</li><li>TCP/IP concepts</li><li>IP addressing and subnetting</li><li>NAT and private IP addressing</li><li>Default gateway</li></ul><p>The following course-specific knowledge and experience is suggested before attending this course:</p> <ul> <li>HTTP, HTTPS protocols</li><li>TLS/SSL</li><li>Security services such as malware detection, data loss/leak prevention (DLP), next-generation firewalls (NGFW), intrusion prevention systems (IPS), and Internet Content Adaptation Protocol (ICAP)</li></ul><ul> <li>Compare F5 SSL Orchestration to manual “daisy chaining” of security services</li><li>Learn essentials of PKI and certificates, how to create a certificate signing request, and how to import certificates and private keys into BIG-IP</li><li>Implement certificate forging in an SSL Forward Proxy deployment</li><li>Understand HTTP, ICAP, L3/L2, and TAP security services</li><li>Configure traffic classification and URL bypass within a security policy</li><li>Define security services to include in a dynamic service chain</li><li>Use the Guided Configuration to deploy an outbound Layer 3 transparent forward proxy</li><li>Use the Guided Configuration to deploy an outbound Layer 3 explicit forward proxy</li><li>Use the Guided Configuration to deploy an inbound Layer 3 reverse proxy</li><li>Use the Guided Configuration to deploy an SSL Orchestration for an existing application</li><li>Configure High Availability for SSLO devices</li><li>Troubleshoot SSLO and traffic flow issues</li></ul><h5>Chapter 1: Introducing SSL Orchestrator </h5><ul> <li>Why is SSL Visibility Needed?</li><li>SSL Visibility without SSL Orchestrator</li><li>The SSL Orchestrator Solution</li><li>SSLO Placement on the Network</li><li>Platform and Licensing Requirements</li><li>Leveraging F5 Support Resources and Tools</li></ul><h5>Chapter 2: Reviewing Local Traffic Configuration</h5><ul> <li>Reviewing Nodes, Pools, and Virtual Servers</li><li>Reviewing Address and Port Translation</li><li>Reviewing Routing Assumptions</li><li>Reviewing Application Health Monitoring</li><li>Reviewing Traffic Behavior Modification with Profiles</li><li>Reviewing the TMOS Shell (TMSH)</li><li>Reviewing Managing BIG-IP Configuration Data</li></ul><h5>Chapter 3: Certificate Fundamentals</h5><ul> <li>Overview of Internet Security Model</li><li>Understanding how Certificates are Used</li><li>Using a Certificate in Profiles</li><li>SSL Forward Proxy</li><li>SSLdump</li></ul><h5>Chapter 4: SSLO Traffic Flow</h5><ul> <li>SSL Orchestration is more than Visibility</li><li>Inbound/Outbound Inspection</li><li>Flow Support and Cipher Diversity</li><li>Broad Topology and Device Support</li><li>Dynamic Service Chaining and Policy-based Traffic Steering</li><li>Advanced Monitoring</li><li>Dynamic Scaling</li><li>Dynamic Evaluation</li><li>Selecting the Appropriate Topology</li></ul><h5>Chapter 5: Using SSLO Guided Configuration</h5><ul> <li>Introducing Guided Configuration</li><li>Reviewing the Landing Page</li><li>Differentiating Topologies</li><li>SSL Configuration</li><li>Services and Service Handling</li><li>Constructing Service Chains</li><li>Creating a Security Policy</li><li>Defining an Interception Rule</li><li>Examining Egress</li><li>Applying Log Settings</li><li>Summary page and Deployment</li><li>Exploring the Dashboard</li></ul><h5>Chapter 6: SSLO Deployment Scenarios</h5><ul> <li>Transparent Forward Proxy</li><li>Explicit Forward Proxy</li><li>Classroom Lab Environment</li><li>Gateway Reverse Proxy (L3 Inbound)</li><li>Existing Application</li></ul><h5>Chapter 7: Managing the SSLO Security Policy</h5><ul> <li>Review creating Security Policies</li><li>View Security Policies</li><li>Viewing Per-Request Policies</li></ul><h5>Chapter 8: Troubleshooting SSLO</h5><ul> <li>Solving Traffic Flow Issues</li><li>Solving Guided Configration(UI) and iAppLX issues</li><li>Determining SSLO Version</li><li>Troubleshooting using cURL</li><li>Viewing Log Files</li><li>Capturing Traffic using tcpdump</li><li>Backing up SSLO</li><li>Deleting a SSLO Configuration</li></ul><h5>Chapter 9: SSLO High Availability</h5><ul> <li>Deploying BIG-IP Systems to Achieve High Availability</li><li>Establishing Device Trust</li><li>Establishing a Sync-Failover Device Group</li><li>Synchronizing Configuration Data</li><li>SSLO High Availability (HA) Requirements</li><li>Installation and Upgrade Cautions</li><li>Troubleshooting HA</li></ul>- Understand basic use cases for decryption and re-encryption of inbound and outbound SSL/TLS network traffic - Create dynamic service chains of multiple security services - Configure security policies to enable policy-based traffic steering - Add SSL visibility to existing applications - Deploy SSL Orchestrator configurations based on topology templates - Troubleshoot an SSL Orchestrator deploymentThe following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course: - OSI model encapsulation - Routing and switching - Ethernet and ARP - TCP/IP concepts - IP addressing and subnetting - NAT and private IP addressing - Default gateway The following course-specific knowledge and experience is suggested before attending this course: - HTTP, HTTPS protocols - TLS/SSL - Security services such as malware detection, data loss/leak prevention (DLP), next-generation firewalls (NGFW), intrusion prevention systems (IPS), and Internet Content Adaptation Protocol (ICAP)- Compare F5 SSL Orchestration to manual “daisy chaining” of security services - Learn essentials of PKI and certificates, how to create a certificate signing request, and how to import certificates and private keys into BIG-IP - Implement certificate forging in an SSL Forward Proxy deployment - Understand HTTP, ICAP, L3/L2, and TAP security services - Configure traffic classification and URL bypass within a security policy - Define security services to include in a dynamic service chain - Use the Guided Configuration to deploy an outbound Layer 3 transparent forward proxy - Use the Guided Configuration to deploy an outbound Layer 3 explicit forward proxy - Use the Guided Configuration to deploy an inbound Layer 3 reverse proxy - Use the Guided Configuration to deploy an SSL Orchestration for an existing application - Configure High Availability for SSLO devices - Troubleshoot SSLO and traffic flow issuesChapter 1: Introducing SSL Orchestrator - Why is SSL Visibility Needed? - SSL Visibility without SSL Orchestrator - The SSL Orchestrator Solution - SSLO Placement on the Network - Platform and Licensing Requirements - Leveraging F5 Support Resources and Tools Chapter 2: Reviewing Local Traffic Configuration - Reviewing Nodes, Pools, and Virtual Servers - Reviewing Address and Port Translation - Reviewing Routing Assumptions - Reviewing Application Health Monitoring - Reviewing Traffic Behavior Modification with Profiles - Reviewing the TMOS Shell (TMSH) - Reviewing Managing BIG-IP Configuration Data Chapter 3: Certificate Fundamentals - Overview of Internet Security Model - Understanding how Certificates are Used - Using a Certificate in Profiles - SSL Forward Proxy - SSLdump Chapter 4: SSLO Traffic Flow - SSL Orchestration is more than Visibility - Inbound/Outbound Inspection - Flow Support and Cipher Diversity - Broad Topology and Device Support - Dynamic Service Chaining and Policy-based Traffic Steering - Advanced Monitoring - Dynamic Scaling - Dynamic Evaluation - Selecting the Appropriate Topology Chapter 5: Using SSLO Guided Configuration - Introducing Guided Configuration - Reviewing the Landing Page - Differentiating Topologies - SSL Configuration - Services and Service Handling - Constructing Service Chains - Creating a Security Policy - Defining an Interception Rule - Examining Egress - Applying Log Settings - Summary page and Deployment - Exploring the Dashboard Chapter 6: SSLO Deployment Scenarios - Transparent Forward Proxy - Explicit Forward Proxy - Classroom Lab Environment - Gateway Reverse Proxy (L3 Inbound) - Existing Application Chapter 7: Managing the SSLO Security Policy - Review creating Security Policies - View Security Policies - Viewing Per-Request Policies Chapter 8: Troubleshooting SSLO - Solving Traffic Flow Issues - Solving Guided Configration(UI) and iAppLX issues - Determining SSLO Version - Troubleshooting using cURL - Viewing Log Files - Capturing Traffic using tcpdump - Backing up SSLO - Deleting a SSLO Configuration Chapter 9: SSLO High Availability - Deploying BIG-IP Systems to Achieve High Availability - Establishing Device Trust - Establishing a Sync-Failover Device Group - Synchronizing Configuration Data - SSLO High Availability (HA) Requirements - Installation and Upgrade Cautions - Troubleshooting HA2 jours1900.001900.001900.001900.002200.002420.002640.002640.002640.00