Configuring F5 SSL Orchestrator (SSLO)

 

Course Overview

In this 2 day course, students are provided with a functional understanding of how to deploy, test and maintain F5 SSL Orchestrator to optimize the SSL infrastructure, provide security devices with visibility of SSL/TLS encrypted traffic, and maximize efficient use of that existing security investment.

The course includes lecture, hands-on labs, and discussion about the importance of SSL visability, how F5 SSL Orchestrator supports policy-based management, steering of traffic flows to existing security devices and centralizes the SSL decrypt/encrypt function through multi-layered security, dynamic service chaining, topology selections and security policies.

Prerequisites

The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

  • OSI model encapsulation
  • Routing and switching
  • Ethernet and ARP
  • TCP/IP concepts
  • IP addressing and subnetting
  • NAT and private IP addressing
  • Default gateway

The following course-specific knowledge and experience is suggested before attending this course:

  • HTTP, HTTPS protocols
  • TLS/SSL
  • Security services such as malware detection, data loss/leak prevention (DLP), next-generation firewalls (NGFW), intrusion prevention systems (IPS), and Internet Content Adaptation Protocol (ICAP)

Course Objectives

  • Understand basic use cases for decryption and re-encryption of inbound and outbound SSL/TLS network traffic
  • Create dynamic service chains of multiple security services
  • Configure security policies to enable policy-based traffic steering
  • Add SSL visibility to existing applications
  • Deploy SSL Orchestrator configurations based on topology templates
  • Troubleshoot an SSL Orchestrator deployment

Course Content

  • Compare F5 SSL Orchestration to manual “daisy chaining” of security services
  • Learn essentials of PKI and certificates, how to create a certificate signing request, and how to import certificates and private keys into BIG-IP
  • Implement certificate forging in an SSL Forward Proxy deployment
  • Understand HTTP, ICAP, L3/L2, and TAP security services
  • Configure traffic classification and URL bypass within a security policy
  • Define security services to include in a dynamic service chain
  • Use the Guided Configuration to deploy an outbound Layer 3 transparent forward proxy
  • Use the Guided Configuration to deploy an outbound Layer 3 explicit forward proxy
  • Use the Guided Configuration to deploy an inbound Layer 3 reverse proxy
  • Use the Guided Configuration to deploy an SSL Orchestration for an existing application
  • Configure High Availability for SSLO devices
  • Troubleshoot SSLO and traffic flow issues

Prix & Delivery methods

Formation en ligne

Durée
2 jours

Prix
  • US $ 1 753,–
Formation en salle équipée

Durée
2 jours

Prix
  • Suisse : US $ 1 753,–

Actuellement aucune session planifiée