Arrow Electronics, Inc.

Configuring BIG-IP APM: Access Policy Manager v16.1

CODE: F5N_BIG-EGW-APM

LENGTH: 24 Hours (3 days)

PRICE: €2.995,00

Description

This 3-day course gives network administrators, network operators, and network engineers a functional understanding of BIG-IP Access Policy Manager as it is commonly deployed in both application delivery network and remote access settings.

The course introduces students to BIG-IP Access Policy Manager, its configuration objects, how it commonly deployed, and how typical administrative and operational activities are performed.

The course includes lecture, hands-on labs, interactive demonstrations, and discussions.

Course Topics

  • Getting started with the BIG-IP system
  • APM Traffic Processing and APM Configuration Wizards
  • APM Access Policies, Access Profiles
  • Visual Policy Editor, Branches and Endings
  • APM Portal Access and Rewrite Profiles
  • Single Sign-On and Credential Caching
  • APM Network Access and BIG-IP Edge Client
  • Layer 4 and Layer 7 Access Control Lists
  • APM Application Access and Webtop Types
  • Remote Desktop, Optimized Tunnels and Webtop Links
  • LTM Concepts including Virtual Servers, Pools, Monitors and SNAT'ing
  • APM + LTM Use Case for Web Applications
  • Visual Policy Editor Macros
  • AAA Servers and Authentication and Authorization with Active Directory and RADIUS
  • Endpoint Security with Windows Process Checking, Protected Workspace and Firewalls
  • iRules, Customization and SAML
  • Objectives

    At the end of this course, the student will be able to:

    • Configure remote access methods Network Access, Portal Access and Application Access and understand the differences and use cases for each
    • Configure APM and LTM to work together for advanced application delivery as well as understand the APM + LTM use case versus the remote access use case
    • Configure advanced policies using the Visual Policy Editor with all of its features such as macros, branches and multiple endings
    • Understand the role of iRules and how they work together with BIG-IP in general and APM in specific
    • Understand the role of Federated Single Sign-On using SAML and deploy a basic configuration
    • Configure multiple authentication methods and understand how they can work together in a single access policy
    • Set up, license, and provision the BIG-IP system out-of-the-box
    • Create, restore from, and manage BIG-IP archives
    • Use profiles to manipulate the way the BIG-IP system processes traffic through a virtual server

    Audience

    This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of BIG-IP Access Policy Manager.

    Prerequisites

    Students must complete one of the following F5 prerequisites before attending this course:

    • Administering BIG-IP instructor-led course

    or-

    • F5 Certified BIG-IP Administrator

    The following free web-based courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience.

    • Getting Started with BIG-IP web-based training
    • Getting Started with Local Traffic Manager (LTM) web-based training
    • Getting Started with BIG-IP Access Policy Manager (APM) web-based training

    The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

    • OSI model encapsulation
    • Routing and switching
    • Ethernet and ARP
    • TCP/IP concepts
    • IP addressing and subnetting
    • NAT and private IP addressing
    • Network firewalls Default gateway
    • LAN vs. WAN

    The following course-specific knowledge and experience is suggested before attending this course:

    • Hands-on experience with BIG-IP
    • Basic web application delivery (BIG-IP LTM)
    • HTML, HTTP, HTTPS as well as some CSS and JavaScript
    • Telnet, SSH and TLS/SSL
    • VPN or tunnel encapsulation, Layer 4 NAT and Access Control Lists

    Programme

    Chapter 1: Setting Up the BIG-IP System

    • Introducing the BIG-IP System
    • Initially Setting Up the BIG-IP System
    • Archiving the BIG-IP Configuration
    • Leveraging F5 Support Resources and Tools

    Chapter 2: Configuring Web Application Access

    • Review of BIG-IP LTM
    • Introduction to the Access Policy
    • Web Access Application Configuration Overview
    • Web Application Access Configuration in Detail

    Chapter 3: Exploring the Access Policy

    • Navigating the Access Policy

    Chapter 4: Managing BIG-IP APM

    • BIG-IP APM Sessions and Access Licenses
    • Session Variables and sessiondump
    • Session Cookies
    • Access Policy General Purpose Agents List

    Chapter 5: Using Authentication

    • Introduction to Access Policy Authentication
    • Active Directory AAA Server
    • RADIUS
    • One-Time Password
    • Local User Database

    Chapter 6: Understanding Assignment Agents

    • List of Assignment Agents

    Chapter 7: Configuring Portal Access

    • Introduction to Portal Access
    • Portal Access Configuration Overview
    • Portal Access Configuration
    • Portal Access in Action

    Chapter 8: Configuring Network Access

    • Concurrent User Licensing
    • VPN Concepts
    • Network Access Configuration Overview
    • Network Access Configuration
    • Network Access in Action

    Chapter 9: Deploying Macros

    • Access Policy Macros
    • Configuring Macros
    • An Access Policy is a Flowchart
    • Access Policy Logon Agents
    • Configuring Logon Agents

    Chapter 10: Exploring Client-Side Checks

    • Client-Side Endpoint Security

    Chapter 11: Exploring Server-Side Checks

    • Server-Side Endpoint Security Agents List
    • Server-Side and Client-Side Checks Differences

    Chapter 12: Using Authorization

    • Active Directory Query
    • Active Directory Nested Groups
    • Configuration in Detail

    Chapter 13: Configuring App Tunnels

    • Application Access
    • Remote Desktop
    • Network Access Optimized Tunnels
    • Landing Page Bookmarks

    Chapter 14: Deploying Access Control Lists

    • Introduction to Access Control Lists
    • Configuration Overview
    • Dynamic ACLs
    • Portal Access ACLs

    Chapter 15: Signing On with SSO

    • Remote Desktop Single Sign-On
    • Portal Access Single Sign-On

    Chapter 16: Using iRules

    • iRules Introduction
    • Basic TCL Syntax
    • iRules and Advanced Access Policy Rules

    Chapter 17: Customizing BIG-IP APM

    • Customization Overview
    • BIG-IP Edge Client
    • Advanced Edit Mode Customization
    • Landing Page Sections

    Chapter 18: Deploying SAML

    • SAML Conceptual Overview
    • SAML Configuration Overview

    Chapter 19: Exploring Webtops and Wizards

    • Webtops
    • Wizards

    Chapter 20: Using BIG-IP Edge Client

    • BIG-IP Edge Client for Windows Installation
    • BIG-IP Edge Client in Action

    Chapter 21: Configuration Project

    Chapter 22: Additional Training and Certification

    • Getting Started Series Web-Based Training
    • F5 Instructor Led Training Curriculum
    • F5 Professional Certification Program

    Follow on courses

    F5N_BIG-LTM-CFG-3, Configuring BIG-IP LTM: Local Traffic Manager v.16.1

    F5N_BIG-DNS-I, Configuring BIG-IP DNS (formerly GTM) v.16.1

    F5N_BIG-AWF-CFG, Configuring F5 Advanced WAF (previously licensed as ASM) v16.1

    Test and Certification

    Exam 304 - BIG-IP APM Specialist

    Prerequisites: Valid F5-CA, BIG-IP Certification

    In passing Exam 304, candidates receive the F5 Certified! Technology Specialist, Access Policy Manager certification.

    Individuals who receive this certification have demonstrated that they have the skills and understanding necessary for day-to-day management of Application Delivery Networks that incorporate technologies based on TMOS operation system, and to implement, troubleshoot, and maintain BIG-IP APM in a variety of application environments, with special emphasis on different types of authentication, authorization, and accounting resources.

    Receiving the BIG-IP APM Specialist certification is a prerequisite for the Security Solutions Expert certification track.

    Exam vouchers can be purchased from Arrow ECS at an additional charge. Vouchers can be used at

    www.vue.com/f5 to schedule exams at a time and location convenient to the attendee.

    Further Information

    Course Changes since v15

    Configuring BIG-IP APM did not change significantly with version 16.1. Minor changes were made to remove out of date features and show the improved VPN split tunnelling configuration.

     

    Session Dates

    We also offer sessions in other countries