Description

Duration

2 Days

12 CPD hours

This course is intended for

This course is intended for network operators, network administrators, network engineers, network architects, security administrators, and security architects responsible for installation, setup, configuration, and administration of the BIG-IP AFM system.

This course uses lectures and hands-on exercises to give participants real-time experience in setting up and configuring the BIG-IP Advanced Firewall Manager (AFM) system. Students are introduced to the AFM user interface, stepping through various options that demonstrate how AFM is configured to build a network firewall and to detect and protect against DoS (Denial of Service) attacks. Reporting and log facilities are also explained and used in the course labs. Further Firewall functionality and additional DoS facilities for DNS and SIP traffic are discussed.

Module 1: Setting Up the BIG-IP System

Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Archiving the BIG-IP System Configuration
Leveraging F5 Support Resources and Tools

Module 2: AFM Overview

AFM Overview
AFM Availability
AFM and the BIG-IP Security Menu
Packet Processing
Rules and Direction
Rules Contexts and Processing
Inline Rule Editor

Module 4: Logs

Event Logs
Logging Profiles
Limiting Log Messages with Log Throttling
Enabling Logging in Firewall Rules
BIG-IP Logging Mechanisms
Log Publisher
Log Destination
Filtering Logs with the Custom Search Facility
Logging Global Rule Events
Log Configuration Changes
QKView and Log Files
SNMP MIB
SNMP Traps

Module 5: IP Intelligence

Overview
Feature 1 Dynamic White and Black Lists
Black List Categories
Feed Lists
IP Intelligence Policies
IP Intelligence Log Profile
IP Intelligence Reporting
Troubleshooting IP Intelligence Lists
Feature 2 IP Intelligence Database
Licensing
Installation
Configuration
Troubleshooting
IP Intelligence iRule

Module 6: DoS Protection

Denial of Service and DoS Protection Overview
Device DoS Protection
Configuring Device DoS Protection
Variant 1 DoS Vectors
Variant 2 DoS Vectors
Automatic Threshold Configuration
Variant 3 DoS Vectors
Device DoS Profiles
DoS Protection Profile
Dynamic Signatures
Dynamic Signatures Configuration
DoS iRules

Module 7: Reports

AFM Reporting Facilities Overview
Examining the Status of Particular AFM Features
Exporting the Data
Managing the Reporting Settings
Scheduling Reports
Examining AFM Status at High Level
Mini Reporting Windows (Widgets)
Building Custom Widgets
Deleting and Restoring Widgets
Dashboards

Module 8: DoS White Lists

Bypassing DoS Checks with White Lists
Configuring DoS White Lists
tmsh options
Per Profile Whitelist Address List

Module 9: DoS Sweep Flood Protection

Isolating Bad Clients with Sweep Flood
Configuring Sweep Flood

Module 10: IP Intelligence Shun

Overview
Manual Configuration
Dynamic Configuration
IP Intelligence Policy
tmsh options
Extending the Shun Feature
Route this Traffic to Nowhere - Remotely Triggered Black Hole
Route this Traffic for Further Processing - Scrubber

Module 11: DNS Firewall

Filtering DNS Traffic with DNS Firewall
Configuring DNS Firewall
DNS Query Types
DNS Opcode Types
Logging DNS Firewall Events
Troubleshooting

Module 12: DNS DoS

Overview
DNS DoS
Configuring DNS DoS
DoS Protection Profile
Device DoS and DNS

Module 13: SIP DoS

Session Initiation Protocol (SIP)
Transactions and Dialogs
SIP DoS Configuration
DoS Protection Profile
Device DoS and SIP

Module 14: Port Misuse

Overview
Port Misuse and Service Policies
Building a Port Misuse Policy
Attaching a Service Policy
Creating a Log Profile

Module 15: Network Firewall iRules

Overview
iRule Events
Configuration
When to use iRules
More Information

Module 16: Recap

BIG-IP Architecture and Traffic Flow
AFM Packet Processing Overview

Course Images

F5 Networks Configuring BIG-IP AFM : Advanced Firewall Manager

By Nexus Human

Booking options

Highlights