
Login / Register
This course uses lectures and hands-on exercises to give participants real-time experience in setting up and configuring the BIG-IP Advanced Firewall Manager (AFM) system. Students are introduced to the AFM user interface, stepping through various options that demonstrate how AFM is configured to build a network firewall and to detect and protect against DoS (Denial of Service) attacks. Reporting and log facilities are also explained and used in the course labs. Further Firewall functionality and additional DoS facilities for DNS and SIP traffic are discussed.
This course is intended for system and network administrators responsible for the configuration and ongoing administration of a BIG-IP Advanced Firewall Manager (AFM) system.
Configure and manage an AFM system.
Configure AFM Network Firewall in a positive or negative security model.
Configure Network Firewall to allow or deny network traffic using rules based on protocol, source, destination, geography, and other predicate types.
Prebuild firewall rules using lists and schedule components.
Enforce firewall rules immediately or test them using policy staging.
Use Packet Tester and Flow Inspector features to check network connections against your security configurations for Network Firewall, IP intelligence and DoS features.
Configure various IP Intelligence features to identify, record, allow or deny access by IP address.
Configure the Device DoS detection and mitigation feature to protect the BIG-IP device and all applications from multiple types of attack vectors.
Configure DoS detection and mitigation on a per-profile basic to protect specific applications from attack.
Use DoS Dynamic Signatures to automatically protect the system from DoS attacks based on long term traffic and resource load patterns.
Configure and use the AFM local and remote log facilities.
Configure and monitor AFM’s status with various reporting facilities.
Export AFM system reports to your external monitoring system directly or via scheduled mail.
Allow chosen traffic to bypass DoS checks using Whitelists.
Isolate potentially bad clients from good using the Sweep Flood feature.
Isolate and re-route potentially bad network traffic for further inspection using IP Intelligence Shun functionality.
Restrict and report on certain types of DNS requests using DNS Firewall.
Configure, mitigate, and report on DNS based DoS attacks with the DNS DoS facility.
Configure, mitigate, and report on SIP based DoS attacks with the SIP DoS facility.
Configure, block, and report on the misuse of system services and ports using the Port Misuse feature.
Build and configure Network Firewall rules using BIG-IP iRules.
Monitor and perform initial troubleshooting of various AFM functionality.
Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Archiving the BIG-IP System Configuration
Leveraging F5 Support Resources and Tools
AFM Overview
AFM Availability
AFM and the BIG-IP Security Menu
AFM Firewalls
Contexts
Modes
Packet Processing
Rules and Direction
Rules Contexts and Processing
Inline Rule Editor
Configuring Network Firewall
Network Firewall Rules and Policies
Network Firewall Rule Creation
Identifying Traffic by Region with Geolocation
Identifying Redundant and Conflicting Rules
Identifying Stale Rules
Prebuilding Firewall Rules with Lists and Schedules
Rule Lists
Address Lists
Port Lists
Schedules
Network Firewall Policies
Policy Status and Management
Other Rule Actions
Redirecting Traffic with Send to Virtual
Checking Rule Processing with Packet Tester
Examining Connections with Flow Inspector
Event Logs
Logging Profiles
Limiting Log Messages with Log Throttling
Enabling Logging in Firewall Rules
BIG-IP Logging Mechanisms
Log Publisher
Log Destination
Filtering Logs with the Custom Search Facility
Logging Global Rule Events
Log Configuration Changes
QKView and Log Files
SNMP MIB
SNMP Traps
Overview
IP Intelligence Policy
Feature 1: Dynamic White and Blacklists
Black List Categories
Feed Lists
Applying an IP Intelligence Policy
IP Intelligence Log Profile
IP Intelligence Reporting
Troubleshooting IP Intelligence Lists
Feature 2: IP Intelligence Database
Licensing
Installation
Linking the Database to the IP Intelligence Policy
Troubleshooting
IP Intelligence iRule
Denial of Service and DoS Protection Overview
Device DoS Protection
Configuring Device DoS Protection
Variant 1 DoS Vectors
Variant 2 DoS Vectors
Automatic Configuration or Automatic Thresholds
Variant 3 DoS Vectors
Device DoS Profiles
DoS Protection Profile
Dynamic Signatures
Dynamic Signatures Configuration
DoS iRules
AFM Reporting Facilities Overview
Examining the Status of Particular AFM Features
Exporting the Data
Managing the Reporting Settings
Scheduling Reports
Troubleshooting Scheduled Reports
Examining AFM Status at High Level
Mini Reporting Windows (Widgets)
Building Custom Widgets
Deleting and Restoring Widgets
Dashboards
Bypassing DoS Checks with Whitelists
Configuring DoS White Lists
tmsh options
Per Profile Whitelist Address List
Isolating Bad Clients with Sweep Flood
Configuring Sweep Flood
Overview
Manual Configuration
Dynamic Configuration
IP Intelligence Policy
tmsh options
Troubleshooting
Extending the Shun Feature
Route this Traffic to Nowhere – Remotely Triggered Black Hole
Route this Traffic for Further Processing – Scrubber
Filtering DNS Traffic with DNS Firewall
Configuring DNS Firewall
DNS Query Types
DNS Opcode Types
Logging DNS Firewall Events
Troubleshooting
Overview
DNS DOS
Configuring DNS DOS
DoS Protection Profile
Device DoS and DNS
Session Initiation Protocol (SIP)
Transactions and Dialogs
SIP DoS Configuration
DoS Protection Profile
Device DoS and SIP
Overview
Port Misuse and Service Policies
Building a Port Misuse Policy
Attaching a Service Policy
Creating a Log Profile
Overview
iRule Events
Configuration
When to use iRules
More Information
BIG-IP Architecture and Traffic Flow
AFM Packet Processing Overview
Getting Started Series Web-Based Training
F5 Instructor Led Training Curriculum
F5 Professional Certification Program
Enquire for More Info
CERTIFICATION
CERTIFICATION
CERTIFICATION
CERTIFICATION