COURSE OBJECTIVE:
Not available. Please contact.
TARGET AUDIENCE:
This course is intended for network administrators and Security Operations responsible for installation, setup, configuration, and administration of the F5 SSL Orchestrator system.
COURSE PREREQUISITES:
The following free Self-Directed Training (SDT) courses, although optional, are helpful for any student with limited BIG-IP administration and configuration experience:• Getting Started with BIG-IP• Getting Started with SSL Orchestrator (SSLO)General network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course, including OSI model encapsulation, routing and switching, Ethernet and ARP, TCP/IP concepts, IP addressing and subnetting, NAT and private IP addressing, NAT and private IP addressing, default gateway, network firewalls, and LAN vs. WAN.The following course-specific knowledge and experience is suggested before attending this course:• HTTP, HTTPS, FTP, and SSH protocols• TLS/SSL• Security services such as malware detection, data loss/leak prevention (DLP), next-generation firewalls (NGFW), intrusion prevention systems (IPS), and Internet Content Adaptation Protocol (ICAP)
COURSE CONTENT:
Chapter 1: Introducing SSL Orchestrator • Internet Security and SSL Visibility• Introducing SSL Orchestrator and its role in network security• SSL Orchestrator Placement on the Network• Platform and Licensing RequirementsChapter 2: Certificate Fundamentals• Overview of Internet Security Model• Understanding Certificate Use• Managing Certificates on SSL Orchestrator (BIG-IP)Chapter 3: Architecture Overview• Inbound and outbound inspection• Cipher diversity• Broad topology and inspection device support• Dynamic service chaining and policy-based traffic steering• Advanced monitoring• Dynamic scaling and evaluationChapter 4: Guided Configuration• Reviewing the Landing Page• Selecting a Topology• Making SSL Certificate Configurations• Creating Services and Service Handling• Constructing a Service Chain• Building a Security Policy• Defining an Interception Rule• Examining Egress settings• Reviewing the Summary Page and Deployment• Exploring the SSL Orchestrator DashboardChapter 5: Services• Relationship of devices to services• Inline layer 2, layer 3 and HTTP inspection services• ICAP and TAP passive inspection servicesChapter 6: Topologies• Selecting the appropriate topology• Benefits and limitations of topologies• Existing application integration• Layer 2 virtual wire conceptsChapter 7: Components• Initial and subsequent forward proxy flow• Flow and header based signaling• Access components• Appropriate naming of service objects• Authentication• Tee connector design and flowChapter 8: Managing Security Policy• Creating security policies• Reviewing per-request policy for an outbound topology• Navigating Visual Policy EditorChapter 9: Solving SSL Orchestrator Problems• Collecting system information• Solving traffic flow issues• Guided Configuration and iAppLX issues• Troubleshooting with cURL• Traffic captures with tcpdump• Cleanup and deleting configurationsChapter 10: SSL Orchestrator High Availability• Review BIG-IP High Availability• SSL Orchestrator High Availability (HA) Requirements• Installation and Upgrade Cautions• SSL Orchestrator in Scaled Mode• Troubleshooting SSL Orchestrator HA
FOLLOW ON COURSES:
Configuring BIG-IP LTM: Local Traffic Manager v.16.1Configuring BIG-IP DNS (formerly GTM) v.16.1Configuring F5 Advanced WAF (previously licensed as ASM) v16.1Configuring BIG-IP APM: Access Policy Manager v.16.1Developing iRules for BIG-IP v.16.1Troubleshooting BIG-IP v.16.1Configuring BIG-IP LTM: Local Traffic Manager v.16.1Configuring BIG-IP DNS (formerly GTM) v.16.1Configuring F5 Advanced WAF (previously licensed as ASM) v16.1Configuring BIG-IP APM: Access Policy Manager v.16.1Developing iRules for BIG-IP v.16.1Troubleshooting BIG-IP v.16.1