Course Overview
In this 2 day course, students are provided with a functional understanding of how to deploy, test and maintain F5 SSL Orchestrator to optimize the SSL infrastructure, provide security devices with visibility of SSL/TLS encrypted traffic, and maximize efficient use of that existing security investment.
The course includes lecture, hands-on labs, and discussion about the importance of SSL visability, how F5 SSL Orchestrator supports policy-based management, steering of traffic flows to existing security devices and centralizes the SSL decrypt/encrypt function through multi-layered security, dynamic service chaining, topology selections and security policies.
Prerequisites
The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:
- OSI model encapsulation
- Routing and switching
- Ethernet and ARP
- TCP/IP concepts
- IP addressing and subnetting
- NAT and private IP addressing
- Default gateway
The following course-specific knowledge and experience is suggested before attending this course:
- HTTP, HTTPS protocols
- TLS/SSL
- Security services such as malware detection, data loss/leak prevention (DLP), next-generation firewalls (NGFW), intrusion prevention systems (IPS), and Internet Content Adaptation Protocol (ICAP)
Course Objectives
- Understand basic use cases for decryption and re-encryption of inbound and outbound SSL/TLS network traffic
- Create dynamic service chains of multiple security services
- Configure security policies to enable policy-based traffic steering
- Add SSL visibility to existing applications
- Deploy SSL Orchestrator configurations based on topology templates
- Troubleshoot an SSL Orchestrator deployment
Course Content
- Compare F5 SSL Orchestration to manual “daisy chaining” of security services
- Learn essentials of PKI and certificates, how to create a certificate signing request, and how to import certificates and private keys into BIG-IP
- Implement certificate forging in an SSL Forward Proxy deployment
- Understand HTTP, ICAP, L3/L2, and TAP security services
- Configure traffic classification and URL bypass within a security policy
- Define security services to include in a dynamic service chain
- Use the Guided Configuration to deploy an outbound Layer 3 transparent forward proxy
- Use the Guided Configuration to deploy an outbound Layer 3 explicit forward proxy
- Use the Guided Configuration to deploy an inbound Layer 3 reverse proxy
- Use the Guided Configuration to deploy an SSL Orchestration for an existing application
- Configure High Availability for SSLO devices
- Troubleshoot SSLO and traffic flow issues