Learn how to set up and operate BIG-IP Access Policy Manager to protect your enterprise network and your data center using remote access methods such as SSL VPN, per-application layer 4 and reverse proxy layer 7 access methods as well as remote desktop access using Microsoft, Citrix and VMware protocols. Learn how to protect applications by adding Access Policies to BIG-IP LTM virtual servers that allow or deny user access based on a set of conditions, such as user authentication using Active Directory or RADIUS or by determining if the client is running up-to-date anti-virus or firewall software.

Discover how to configure multiple resources using the aforementioned remote access methods, to provide applications such as SSH or Windows desktop to remote servers. With multiple resources created, dynamically assign resources based on the level of trust determined by conditions such as a user’s group membership, the client IP address geolocation information, the status of applications running on the client, and other available information. See how to craft complicated policies using easy-to-learn graphical flowcharting techniques that are quick to update and simple to propagate.

Learn how to use SSO techniques to make applications more accessible and more secure using credential reuse or federated single sign-on such as SAML – including both SP and IdP use cases. Review underlying technology and discuss typical use cases. Complete hands-on labs to reinforce each new topic as well as instill confidence for using the BIG-IP system in a production environment.

This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of BIG-IP Access Policy Manager.

Students must complete one of the following F5 prerequisites before attending this course:
• Administering BIG-IP (ILT)
• F5 Certified BIG-IP Administrator

Suggested Prework

The following free Self-Directed Training (SDT) courses, although optional, are helpful for any student with limited BIG-IP administration and configuration experience:
• Getting Started with BIG-IP
• Getting Started with Local Traffic Manager (LTM)
• Getting Started with BIG-IP Access Policy Manager (APM)
General network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course, including OSI model encapsulation, routing and switching, Ethernet and ARP, TCP/IP concepts, IP addressing and subnetting, NAT and private IP addressing, NAT and private IP addressing, default gateway, network firewalls, and LAN vs. WAN. The following course-specific knowledge and experience is suggested before attending this course:
• Hands-on experience with BIG-IP
• Basic web application delivery (BIG-IP LTM)
• HTML, HTTP, HTTPS as well as some CSS and JavaScript
• Telnet, SSH and TLS/SSL
• VPN or tunnel encapsulation, Layer 4 NAT and Access Control Lists

Chapter 1: Setting Up the BIG-IP System
• Introducing the BIG-IP System
• Initially Setting Up the BIG-IP System
• Archiving the BIG-IP Configuration
• Leveraging F5 Support Resources and Tools
Chapter 2: Configuring Web Application Access
• Review of BIG-IP LTM
• Introduction to the Access Policy
• Web Access Application Configuration Overview
• Web Application Access Configuration in Detail
Chapter 3: Exploring the Access Policy
• Navigating the Access Policy
Chapter 4: Managing BIG-IP APM
• BIG-IP APM Sessions and Access Licenses
• Session Variables and sessiondump
• Session Cookies
• Access Policy General Purpose Agents List
Chapter 5: Using Authentication
• Introduction to Access Policy Authentication
• Active Directory AAA Server
• RADIUS
• One-Time Password
• Local User Database
Chapter 6: Understanding Assignment Agents
• List of Assignment Agents
Chapter 7: Configuring Portal Access
• Introduction to Portal Access
• Portal Access Configuration Overview
• Portal Access Configuration
• Portal Access in Action
Chapter 8: Configuring Network Access
• Concurrent User Licensing
• VPN Concepts
• Network Access Configuration Overview
• Network Access Configuration
• Network Access in Action
Chapter 9: Deploying Macros
• Access Policy Macros
• Configuring Macros
• An Access Policy is a Flowchart
• Access Policy Logon Agents
• Configuring Logon Agents
Chapter 10: Exploring Client-Side Checks
• Client-Side Endpoint Security
Chapter 11: Exploring Server-Side Checks
• Server-Side Endpoint Security Agents List
• Server-Side and Client-Side Checks Differences

Chapter 12: Using Authorization
• Active Directory Query
• Active Directory Nested Groups
• Configuration in Detail
Chapter 13: Configuring App Tunnels
• Application Access
• Remote Desktop
• Network Access Optimized Tunnels
• Landing Page Bookmarks
Chapter 14: Deploying Access Control Lists
• Introduction to Access Control Lists
• Configuration Overview
• Dynamic ACLs
• Portal Access ACLs
Chapter 15: Signing On with SSO
• Remote Desktop Single Sign-On
• Portal Access Single Sign-On
Chapter 16: Using iRules
• iRules Introduction
• Basic TCL Syntax
• iRules and Advanced Access Policy Rules
Chapter 17: Customizing BIG-IP APM
• Customization Overview
• BIG-IP Edge Client
• Advanced Edit Mode Customization
• Landing Page Sections
Chapter 18: Deploying SAML
• SAML Conceptual Overview
• SAML Configuration Overview
Chapter 19: Exploring Webtops and Wizards
• Webtops
• Wizards
Chapter 20: Using BIG-IP Edge Client
• BIG-IP Edge Client for Windows Installation
• BIG-IP Edge Client in Action
Chapter 21: Configuration Project
Chapter 22: Additional Training and Certification
• Getting Started Series Web-Based Training
• F5 Instructor Led Training Curriculum
• F5 Professional Certification Program