Configuring F5 SSL Orchestrator (SSLO)

 

Course Overview

In this 2 day course, students are provided with a functional understanding of how to deploy, test and maintain F5 SSL Orchestrator to optimize the SSL infrastructure, provide security devices with visibility of SSL/TLS encrypted traffic, and maximize efficient use of that existing security investment.

The course includes lecture, hands-on labs, and discussion about the importance of SSL visability, how F5 SSL Orchestrator supports policy-based management, steering of traffic flows to existing security devices and centralizes the SSL decrypt/encrypt function through multi-layered security, dynamic service chaining, topology selections and security policies.

Moyens Pédagogiques :
  • Quiz pré-formation de vérification des connaissances (si applicable)
  • Réalisation de la formation par un formateur agréé par l’éditeur
  • Formation réalisable en présentiel ou en distanciel
  • Mise à disposition de labs distants/plateforme de lab pour chacun des participants (si applicable à la formation)
  • Distribution de supports de cours officiels en langue anglaise pour chacun des participants
    • Il est nécessaire d'avoir une connaissance de l'anglais technique écrit pour la compréhension des supports de cours
Moyens d'évaluation :
  • Quiz pré-formation de vérification des connaissances (si applicable)
  • Évaluations formatives pendant la formation, à travers les travaux pratiques réalisés sur les labs à l’issue de chaque module, QCM, mises en situation…
  • Complétion par chaque participant d’un questionnaire et/ou questionnaire de positionnement en amont et à l’issue de la formation pour validation de l’acquisition des compétences

Prerequisites

The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

  • OSI model encapsulation
  • Routing and switching
  • Ethernet and ARP
  • TCP/IP concepts
  • IP addressing and subnetting
  • NAT and private IP addressing
  • Default gateway

The following course-specific knowledge and experience is suggested before attending this course:

  • HTTP, HTTPS protocols
  • TLS/SSL
  • Security services such as malware detection, data loss/leak prevention (DLP), next-generation firewalls (NGFW), intrusion prevention systems (IPS), and Internet Content Adaptation Protocol (ICAP)

Course Objectives

  • Understand basic use cases for decryption and re-encryption of inbound and outbound SSL/TLS network traffic
  • Create dynamic service chains of multiple security services
  • Configure security policies to enable policy-based traffic steering
  • Add SSL visibility to existing applications
  • Deploy SSL Orchestrator configurations based on topology templates
  • Troubleshoot an SSL Orchestrator deployment

Course Content

  • Compare F5 SSL Orchestration to manual “daisy chaining” of security services
  • Learn essentials of PKI and certificates, how to create a certificate signing request, and how to import certificates and private keys into BIG-IP
  • Implement certificate forging in an SSL Forward Proxy deployment
  • Understand HTTP, ICAP, L3/L2, and TAP security services
  • Configure traffic classification and URL bypass within a security policy
  • Define security services to include in a dynamic service chain
  • Use the Guided Configuration to deploy an outbound Layer 3 transparent forward proxy
  • Use the Guided Configuration to deploy an outbound Layer 3 explicit forward proxy
  • Use the Guided Configuration to deploy an inbound Layer 3 reverse proxy
  • Use the Guided Configuration to deploy an SSL Orchestration for an existing application
  • Configure High Availability for SSLO devices
  • Troubleshoot SSLO and traffic flow issues

Prix & Delivery methods

Formation en ligne

Durée
2 jours

Prix
  • 1 900,– €
Formation en salle équipée

Durée
2 jours

Prix
  • France : 1 900,– €

Actuellement aucune session planifiée