Sessions

AUTOMATION & INSIGHTS

Automation & Insights

Breakouts | 25 Minutes

Baking the Cake: Ingredients for Modern App Builds

Speaker: Damian Curry

Building healthy modern applications starts with having the right ingredients. In this breakout session, we’ll explore examples of modern application architectures, identify the different components commonly used, and discuss why they are critical for your organization’s success.

Deploying 5G Infrastructure for Service Providers

Speakers: Phil Klatte, Rich Lopez

5G is coming! 5G core networks are intended to be cloud-native and deployed as microservices on a containerized Kubernetes infrastructure. Kubernetes is not designed for service providers that need to solve specific problems like how to manage 4G protocols on their 5G network. In this session, we’ll teach you how to tackle and solve these issues and how to ensure granular visibility into 5G network traffic.

Deploying NGINX Plus as an API Gateway

Speaker: Alessandro Fael Garcia

At the heart of modern application architectures is the HTTP API. APIs enable applications to be built rapidly, maintained easily, and scaled at will. API gateways are typically deployed as an additional layer in the application delivery environment, bringing additional complexity and points of failure. In this session, you’ll learn how to deploy NGINX—the most pervasive load balancer, reverse proxy, and web server—as an API gateway.

F5 Cloud DNS: Primary DNS Service

Speaker: Rick Salsa

F5 is excited to announce the launch of F5 Cloud DNS – Primary DNS Service. DNS specialists, network engineers, and DevOps teams now have the ability to easily and fully manage their DNS infrastructure optimized for today’s modern, cloud-native apps in just a few clicks. This service empowers you to deliver applications across hybrid and multi-cloud environments, scale instantly, and improve productivity with automation and DevOps integration.

Introduction to Distributed API Management

Speaker: Karthik Krishnaswamy

With APIs serving as the connective tissue across all applications, API management capabilities are critical to achieving successful outcomes. In addition, the rise of the DevOps movement has fostered a culture of self-service, supported by distributed infrastructure. What are the characteristics of distributed API management? How do you drive innovation by accelerating API release velocity? Attend this session to find out.

Delivering Apps from Red Hat OpenShift: Best Practices from the F5 DevOps Community

Speaker: Owen Garrett

OpenShift is emerging as the dominant, enterprise-ready Kubernetes distribution. In this introductory session, we'll look at how DevOps users take advantage of NGINX technology to deliver complex applications at a larger scale.

Production-Grade Kubernetes Part 1: How Should I Manage Kubernetes Traffic?

Speakers: Jenn Gile, Owen Garrett

To make Kubernetes production grade, you need to add three components. In this session, we’ll focus on the first component: the Ingress controller. An Ingress controller is a specialized load balancer that abstracts away the complexity of Kubernetes networking and bridges between services in a Kubernetes cluster and those outside it. 

We’ll look at:

  • Use cases and requirements that should inform your selection of an Ingress controller
  • The features and capabilities that make an Ingress controller “production-grade” 
  • An overview of NGINX Ingress Controller 
Production-Grade Kubernetes Part 2: How Can I Secure Kubernetes Without Slowing Down Apps?

Speakers: Jenn Gile, Owen Garrett

To make Kubernetes production grade, you need to add three components. In this session, we’ll focus on the second component: built-in security. While “coarse-grained” security might be sufficient outside the cluster, “fine-grained” security is required inside it. 

We’ll explore the ways you can enable production-grade security within Kubernetes, including:

  • Trends and challenges of securing Kubernetes at scale
  • How to simplify and secure your environment by centralizing WAF and authentication at the point of Ingress
  • Why and where to duplicate your WAF, both within and outside of Kubernetes
  • An overview of NGINX Ingress Controller and NGINX App Protect
Production-Grade Kubernetes Part 3: When Will I Need a Service Mesh?

Speakers: Jenn Gile, Alan Murphy, Phil Jong

To make Kubernetes production grade, you need to add three components. In this session, we’ll focus on the third component: the service mesh. A service mesh provides fine-grained traffic management and security to application services within the cluster. 

We’ll demystify the complexity of Kubernetes networking and discuss where F5 can help when you’re ready to take the mesh leap, including:

  • Service mesh basics
  • Service mesh readiness checklist
  • How to choose a service mesh
  • An overview of NGINX Service Mesh and Aspen Mesh
Reimagine Security for Modern Applications with NGINX

Speakers: Rajiv Kapoor, Chris Witeck

Gone are the days when security could simply be bolted on at the end of a process. In today’s world, integrated security must become a normal part of any DevOps implementation. In this session, we’ll explore how making security frictionless and adaptable enables development teams to power ahead without fear. Instead of a painful extra step that must be dealt with, modern application security can be a robust support system that empowers organizations to reach their business goals and guides them to even higher heights.

Site Resiliency Engineering Best Practices with F5 and Red Hat

Speakers: Eric Ji

No matter how you define it, site reliability engineering (SRE) is clearly becoming more and more widespread in traditional IT teams. In this session, we’ll get you up to speed on core SRE principles and best practices. We will explore how F5—in combination with Red Hat OpenShift and other ecosystem technologies—can empower SRE to deploy, scale, and secure modern applications.


Discussion Forums | 45 Minutes

Come Innovate with F5 and the Office of the CTO

Speaker to be announced

Innovation is at the heart of F5, and concerted efforts with programs like InnovateF5 give us an opportunity to build from our creative roots and work collaboratively on solutions, features, proof-of-concepts, hacks, or new workflows. Moreover, InnovateF5 gives us an opportunity to engage as a community and work together to foster creativity and to build cool new products. Join us to discuss the InnovateF5 program and how you can participate to drive industry innovation. “At F5, we believe that the best ideas can come from anyone, anywhere.”

Digital Transformation and AI

Speaker to be announced

Influence F5's artificial intelligence direction by sharing your challenges around digital transformation and learn about our plans to improve your customers' experience.

Facilitate Application Agility and Data Center Automation with F5 and Cisco

Speakers: Patrick Campbell, F5; Payal Singh, F5; Azeem Suleman, Cisco; Ahmed Dessouki, Cisco; Marek Hvizdos, Diebold Nixdorf

Join F5, Cisco, and one of our joint customers, as we discuss how this customer achieved the automation, flexibility, and application-centric architecture they were after through our joint solutions.

Modern Application Ecosystems: Simplifying the Build Process

Speakers: Damian Curry, F5; Jeff Duffy, Pulumi; Daniel R Odio, Armory; Steve Mayzak, Grafana

Ecosystem complexity across proprietary and open source solutions is accelerating. How do you identify the best approach for your modern application architecture? In this technical conversation, we’ll discuss best practices for building and running modern applications with alliance partners.

Observability: How are the observers expected to find what went wrong in this mess?

Speakers: Stu Shader, Elijah Zupancic

Despite the proliferation of tools for tracing, logs, and metrics, debugging production applications continues to be challenging. Compared to the monolithic three-tiered apps, many systems now are large scale systems with dependent services connected over network boundaries. They are distributed applications and suffer from all of the error states of the classical approach and also have to content with distributed systems problems. How do we expect someone to figure out what caused an application to error when we need to find out the state of three other applications when the error occurred? In this panel, we will be asking tough questions about debugging production systems to people who are regularly using observability tools in anger.


Lightning Sessions | 10 Minutes

Driving Business Based Outcomes through Value Creation Workshops

Speakers: Pamela Dodge, Joe Williams

This session will describe how F5 is partnering with customers by providing value creation workshops where we will first understand their business challenges and imperatives and then help drive business-based outcomes through technology solutions.

Modern Apps in the Wild

Speaker: Damian Curry

You may be asking yourself, “What exactly is a modern app and how does it benefit my organization?” Join this lightning session to learn the key outcomes delivered by healthy modern application infrastructure, and where to focus your energy for successful builds.

When Performance Matters: Choosing NGINX Ingress Controllers

Speaker: Amir Rawdat

There are two popular open source Kubernetes Ingress controllers that use NGINX and a commercial version based on NGINX Plus that is developed and supported by NGINX. These projects all started around the same time, have similar names on GitHub, and implement the same function. Join this lightning talk to learn how they differ and how to choose an Ingress controller that's best for your needs.


Interactive Demos | 10 Minutes

Ansible and Ansible Tower

Learn how to install Ansible and use BIG-IP modules, collections, and Ansible Tower to deploy BIG-IP configurations.

Simplifying Your Kubernetes Deployments with NGINX and Rancher (now part of SUSE)

Are you or your team currently looking for your next generation architecture? Or perhaps you’re already there but are looking for the best way to automate and manage it. Today, the deployment and management of Kubernetes is considered one of the biggest hurdles for organizations looking to modernize their infrastructure. Now with Rancher's Kubernetes management platform plus NGINX’s Ingress solution, organizations can simplify Kubernetes deployment and management at scale. 

Join us to see how you can deploy Rancher & NGINX Plus Ingress in 2 minutes flat!

  1. High level overview of Rancher & NGINX
  2. Deploying RKE
  3. Deploying NGINX Plus KIC
  4. Deploying app
SRE Multi-Cluster Blue-Green Deployment for Modern Apps

Experience how easy it is to set up and manage SRE blue-green deployment via hands-on guided simulation, by using F5 DNS Load Balancer Cloud Service to minimize downtime for application upgrades and migration across OpenShift clusters in multiple clouds.


Labs | 2 Hours

A&O Toolchain: Application Deployments with BIG-IP and Application Services (AS3), FAST, and ACC

Description to follow

A&O Toolchain: BIG-IP Deployments with Declarative Onboarding

Explore F5 Declarative Onboarding (DO) by using a declarative model to initially configure a BIG-IP device with all of the required settings to get up and ready, including system settings such as licensing and provisioning, network settings such as DNS, NTP, VLANs, Self IPs, clustering settings, and more.

During this hands-on lab, you’ll learn: 

  • The difference between a declarative and imperative API
  • How to create and validate a JSON declaration
  • Where DO fits in the F5 Automation Toolchain
A&O Toolchain: Service Analytics and Metrics with Telemetry Streaming

Explore Telemetry Streaming (TS) by declaratively aggregating, normalizing, and forwarding statistics and events from a BIG-IP device to a consumer application by POSTing a single TS JSON declaration to TS’ declarative REST API endpoint.

During this hands-on lab, you’ll learn how to:

  • Use AS3 to declaratively build a logging profile 
  • Log statistics in Kibana using Elasticsearch
  • Log statistics in Amazon Cloudwatch
ADC Automation with BIG-IQ (Self-Guided)

In this lab, you’ll learn how to deploy applications with BIG-IQ using Application Service 3 (AS3) templates. You’ll use the BIG-IQ GUI and the BIG-IQ API.

Advanced BIG-IP Configuration with Ansible (Self-Guided)

The lab is intended to effectively demonstrate Ansible's capabilities using self-paced exercises. In this F5 and Ansible lab, you’ll learn advanced techniques around Ansible Playbook development as it relates to automating F5 load balancers. This hands-on workshop details utilizing the F5 BIG-IP Ansible modules with Ansible Playbooks, and with Ansible Tower for automation uses cases such as certificate management, WAF policy deployment, and pool/node management.

Basic BIG-IP Configuration Management with Ansible (Self-Guided)

The lab is intended to effectively demonstrate Ansible's capabilities using self-paced exercises. In this F5 and Ansible lab, you’ll learn the basics around Ansible Playbook development as it relates to automating F5 load balancers. This hands-on workshop details utilizing the F5 BIG-IP Ansible modules with Ansible Playbooks, and then later integrating them with Ansible Tower.

BIG-IP Automation Workflows in AWS with Ansible Tower

This instructor-led workshop will effectively demonstrate Ansible's capabilities using self-paced exercises. In this Advanced F5 Ansible Tower lab, attendees will learn advanced techniques around Ansible Tower workflow development as it relates to automating F5 BIG-IP. This hands-on workshop details utilizing the F5 BIG-IP Ansible modules to enable infrastructure automation and IT life cycle management to drive ITaaS models and enable strategic DevOps motions in AWS 

Prerequisites: 

  • Basic knowledge of Ansible, F5 BIG-IP, and AWS infrastructure is recommended 
CI/CD with NGINX Plus (with Gitlab)

This lab will demonstrate the capabilities of using NGINX Plus as part of your CI/CD pipeline. Using NGINX Plus enables you to accelerate code release cycles, meaning more regular app updates for users.

Cloud Services DNS and DNS Load Balancing

Learn about the new F5 SaaS-based DNS offerings including DNS secondary configuration and DNS Load Balancing utilizing F5 Cloud Services.

Intro to NGINX

In this lab, we’ll introduce core NGINX Plus capabilities, operations, and basic hands-on configuration concepts as well as where to use BIG-IP vs NGINX Plus and how they complement each other.

Intro to NGINX Kubernetes Ingress Controller and Rancher

The purpose of this lab is to demonstrate how to start with a minimal set of prerequisites in your environment and build out a solution platform using Rancher Kubernetes Engine for the Environment. NGINX Kubernetes Ingress Controller for ingress and the Rancher for managed Kubernetes cluster operations. Then deploy a small demo app to it on NGINX.

Introduction to BIG-IP Rest Structure and Concepts

In this introductory-level lab, you will learn the basic concepts required to interact with the BIG-IP iControl REST API. Additionally, we’ll walk you through a typical Device Onboarding workflow to deploy a fully functional BIG-IP Active/Standby pair. It’s important to note that this module will focus on demonstrating an Imperative approach to automation.

Introduction to NGINX Instance Manager

Join this lab to get an introduction to NGINX Instance Manager, the fastest and easiest way to manage your NGINX instances (OSS or Plus).

Topics covered:

  • Edit existing configs and push changes
  • Analyze conf files centrally
  • Discover existing instances
  • Export Metrics to Grafana
  • Use an existing CI/CD pipeline 

Prerequisites:
You've seen a NGINX conf file before and got NGINX running.

K8s/OpenShift/NGINX - CIS(AS3) & KIS labs

F5 makes apps go, and nothing makes apps go faster than DevOps using containers. In this lab, you will learn how to deploy a Kubernetes and OpenShift hosted application/container on BIG-IP using F5 Container Ingress Service (CIS).

Prerequisites:
Laptop with RDP and SSH client.

Event-Driven Service Discovery with HashiCorp Consul Terraform Sync and BIG-IP

Event-driven service discovery can enable self-service management of your BIG-IP pool members. Learn how this feature of Application Service Extension 3 (AS3) can be used with Consul Terraform Sync (CTS) to dynamically push updates to your BIG-IP pool members.  

During the lab you will deploy BIG-IP using Terraform in AWS and use CTS to dynamically update the BIG-IP pools.

Prerequisites:  
Experience with AS3 is recommended, but not required 

NGINX Controller: Application Delivery and Security (ADC)

NGINX Controller brings the power of scale and business alignment to your fleet of NGINX instances. In this lab, you’ll learn to configure your NGINX Controller as a resilient service and with Active Directory authentication. You’ll find out how to get started with your first application and component configuration, add application security protection, and monitor your services with NGINX Controller. You’ll also have additional opportunities to explore example configurations and best practices.

NGINX Dataplane Scripting

NGINX is already a very powerful all‑in‑one load balancer, web server, content cache and API gateway, but did you know that you can make NGINX even more powerful by plugging in your own code? In this lab, we’ll demonstrate how easy it is to extend NGINX using JavaScript. No prior NGINX or JavaScript experience is required.

Security Automation with BIG-IQ

Take advantage of BIG-IQ Centralized Management and AS3 for deploying F5 security solutions.

PERFORMANCE

Performance

Breakouts | 25 Minutes

Automate App Services Deployments with Declarative APIs

Speaker: Kevin Delgadillo

Modern apps require modern deployment models that simplify and accelerate repeatable rollouts while minimizing errors. Join this breakout session to learn how F5's modern declarative APIs can enable app services deployment automation while abstracting configuration complexity away.

BIG-IP Deployment Options for VMware NSX-T

Speaker: Ulises Alonso Camaro

The session will show different deployment options for BIG-IP in VMware NSX-T, explaining the pros and cons of each one. We’ll also describe NSX-T's inner workings which are important when choosing the best option for a given use case.

Everything You Need to Know About QUIC and HTTP/3

Speaker: Liam Crilly

You wait decades for a new HTTP version and then two come along at once! Following just six years after HTTP/2 was introduced, HTTP/3 is here and with it, QUIC, a brand-new transport protocol. In this session, we discuss why HTTP/2's reign was short lived and why we will be living with all three HTTP versions for the foreseeable future.

Grow Revenue with Edge to Multi-Cloud Managed Application Services

Speakers: Mariana Agache, Ian Harris, Rich Lopez

Service providers can solve key application challenges in their digital transformation by offering managed services that enable an enterprise to easily deploy and secure applications in any location (i.e., on premises, at the edge, in a private data center, or in a public cloud). In this way, you can focus on developing key apps for your business rather than worrying about how to deliver and secure those applications. In this session, we’ll show you managed app services that a service provider can offer using F5 technology, successful use cases, and the support that F5 provides service providers to ensure their success in generating revenue from these managed application services.

Improving BIG-IP Deployments with Visibility and Control

Speakers: Ronnie Dockery, Roman Jouhannet

Apps are how the modern enterprise materializes the consumer expectation of positive digital experiences. However, ensuring those apps can deliver on that promise by performing well, running securely, and remaining available is extremely difficult—especially with large portfolios of apps and services. Join this session to learn about the benefits of adopting a centralized, app-centric approach for managing, gaining visibility into, and automating your BIG-IP deployments.

Marrying Your Modern and Traditional Applications with NGINX and BIG-IP in One Fell Swoop

Speakers: Nicolas Menant, Owen Garrett

It’s time to bridge the divide between your DevOps and infrastructure teams. In this breakout session, we’ll introduce a single step to deployment for a traditionally siloed, 2-step process across teams. You’ll walk away knowing how to reduce time to market, with the bonus of value-added services layered on top.

Performance Based Autoscaling for BIG-IP

Speakers: Greg Coward, David Garrison

Join this session to learn about F5’s cloud-agnostic solution for centralized application delivery monitoring and management. This solution leverages analytics and automation tools such as Splunk, ELK, and Terraform to monitor ADC performance and autoscale infrastructure and configurations automatically.

Deliver your Apps Anywhere… Publicly or Privately

Speakers: Jakub Pavlik, Pranav Dharwadkar

Developers are increasingly adopting a microservices approach for their apps in order to gain rapid iteration capabilities required for delivering new services faster. However, delivering the app still requires multiple steps such as allocation of virtual IPs, provisioning the front LB, configuring firewall rules, configuring a public domain, and DDoS. At present, each of these steps requires coordination across multiple teams with multiple iterations. The time efficiencies gained by adopting microservices and cloud-native technologies can be negated due to the time taken to deliver the app. 

In this session, Pranav Dharwadkar, VP of Products at Volterra, and Jakub Pavlik, Engineering Director, will help you understand these challenges and introduce a distributed proxy architecture that can alleviate these provisioning challenges across different cloud environments. This webinar will include a live demo using a distributed proxy architecture to advertise an app publicly and privately.

Simplifying the Lives of NetOps and DevOps by Enabling Automation and Self-Service in App Delivery

Speakers: Zach Westall, Ken Bocchino

Self-service capabilities, automation, and consistency are the hallmarks of modern application development and delivery. Join this breakout session to learn how NGINX Controller can help you streamline your modern application delivery across teams.

The Importance of Upgrading to the Latest BIG-IP Versions

Speaker: Tom Atkins

Running BIG-IP version 13.1 or earlier? Still operating appliances that have exceeded their supported lifespan? If so, you could be putting your apps, your business, and your customers at risk. The latest BIG-IP appliances and versions are inherently more secure, reliable, and bug-free, while also affording innovative new app delivery and security functionality. 

Join us in this breakout to learn more about:

  • Risks of running legacy BIG-IP instances and versions
  • Benefits and innovations within the latest BIG-IP instances and versions
  • Ways to simplify and accelerate your upgrades

Discussion Forums | 45 Minutes

Ask the CTO

Speakers: Geng Lin, Lori MacVittie

Ask F5 CTO, Geng Lin, your most burning tech questions in this Q&A discussion moderated by F5 Technical Evangelist, Lori Mac Vittie.

Diversity, Inclusion, Retention & Recruiting

Speaker to be announced

Right now, in tech and everywhere we are emphasizing the importance of diversity and inclusion. We’re all hungry for practical ways to impart inclusion and diversity in our workforces. To F5, that means attracting and welcoming people from a variety of backgrounds, views, and experiences. Building a vibrant, high-performing workforce takes guts—it means purposely seeking out people who may not always agree. It means challenging one another to do and think differently. It means finding people who may not look alike or share similar experiences.

Remove Friction for Your Known Good Customers

Speakers: Mengmeng Chen, Yuxi Yao

Every day, your B2C website receives numerous visits from returning good customers. But do you have measures in place to handle them differently than everyone else? Manual login, forgetting password, etc. are all various forms of friction that impedes customer engagements. By removing such friction intelligently, B2C commerce websites can lift 1–2% of top line revenue, allowing security teams to contribute to business outcomes.

Words Matter: Evolving Inclusive Language and Conscious Naming in Tech

Speakers: Jesica Church, F5; Suzy Greenberg, Intel; Celeste Horgan, Inclusive Naming Initiative; Mark Miller, Lawrence Livermore National Lab; Joanna Lee, Gesmer Updegrove

The tech we use and deploy daily is riddled with terminology that is exclusionary and biased. For years, our industry has been making strides towards greater inclusivity, but it will take all of us to create broader momentum and be part of the change. Join a moderated panel to discuss the efforts and issues of driving systematic transformation in partnership with members from the Inclusive Naming Initiative, a global community of professionals from leading organizations whose mission is to help companies and projects remove harmful and unclear language and replace it with an agreed-upon set of neutral terms. 


Labs | 2 Hours

Application Flow Control with iRules

An iRule is a powerful and flexible feature within the BIG-IP Local Traffic Manager (LTM) system that you can use to manage your network traffic. The iRules feature not only allows you to select pools based on header data, but also allows you to direct traffic by searching on any type of content data that you define. In this lab, you’ll learn how to utilize HTTP iRules to direct, secure, and enhance your HTTP(s) traffic. You’ll also get some hands-on time to gain experience writing and troubleshooting iRules.

BIG-IP Automation Workflows in AWS with Ansible Tower

The instructor-led workshop is intended for effectively demonstrating Ansible's capabilities using self-paced exercises. In this Advanced F5 Ansible Tower lab, attendees will learn advanced techniques around Ansible Tower workflow development as it relates to automating F5 BIG-IP. This hands-on workshop details utilizing the F5 BIG-IP Ansible modules to enable infrastructure automation and IT life cycle management to drive ITaaS models and enable strategic DevOps motions in AWS.

Prerequisites: 

Basic knowledge of Ansible, BIG-IP, and AWS infrastructure is recommended, but not required.

BIG-IP tcpdump and Wireshark How-To (Self-Guided)

You may find it difficult at times to troubleshoot application traffic coming through BIG-IP. In this lab, you’ll learn how to utilize tcpdump and the F5 Wireshark plugin to gain perspective on how traffic is flowing through BIG-IP and seeing where a performance issue might be found.

Cisco ACI and F5 ServiceCenter

Gain hands-on experience on how to manage BIG-IP in your ACI + BIG-IP deployment by leveraging the F5 Automation Toolchain and ACI’s programmable App Center framework.

Learn how this simple and native integration aims to solve important real world use cases:

  1. Deep infrastructure visibility into the ACI and BIG-IP deployment
  2. Network and application management on BIG-IP

Join this lab to find out how to leverage APIs to achieve end-to-end network automation workflows and learn how different personas within your organization can benefit from these features and functionalities.

Identifying the Level of Protection Required for Applications

In this lab, you’ll learn how to strategically build policies around what gets Advanced WAF protection and what level of protection. We’ll cover balancing security, administration, and resources and figuring out how to deploy Advanced WAF policies consistently using best practices.

Learn How to Secure Your App in Minutes (Self-Guided)

In this hands-on lab we’ll show you how to take the complexity out of safeguarding your apps with F5 Essential App Protect Service—a feature-rich, checkbox-simple SaaS security solution. You’ll learn how to spin up protection against common web exploits, malicious IPs, and coordinated attacks within minutes, all without requiring extensive security expertise. You’ll experience how developers can protect their apps or tune WAF configuration features through the rich declarative API or an intuitive user interface.  

We’ll cover how to:

  • Set up a trial F5 Cloud Services account
  • Configure Essential App Protect Service for a fictitious app
  • Test the configuration by sending scripted and targeted attacks through Postman and a browser
  • Get hands-on experience with several key use cases that can be easily applied to your app ecosystem
Deploying F5 Solutions to AWS with Terraform and iControl LX Extensions

In this self-guided lab, you’ll work in a dedicated AWS environment to build an HA pair of F5 Advanced WAFs from an AWS CloudFormation template. Learn how to quickly create virtual servers with a single RESTful API call via the declarative F5 Application Services 3 iControl LX extension.

Azure Secure Cloud Computing Architecture

F5 and Microsoft Azure Government: Meeting SCCA Requirements. In this lab, we’ll discuss the challenges of the Department of Defense’s (DoD) cloud adoption and examine exciting solutions to meeting complex requirements of a secure cloud architecture. 

During this hands-on lab, we’ll cover:

  • CAP/SCCA/VDSS requirements
  • The status of Azure Government and the programs in place to use it
  • How F5’s Virtual Data Security Stack helps you meet the SCCA mandates
  • Live lab deploying a VDSS into Azure Government Cloud
  • In-depth overview of a POC for a shared VDSS model for cybersecurity service provider organizations
  • Solutions for a virtual, scalable way to meet O365 CAP/VDSS demands using Azure and F5
Deploying BIG-IP in GCP Using Terraform and F5 Automation Toolchain

In this lab, you’ll deploy a 3-NIC Google API-based failover-based template and then building upon that with an overview of the F5 failover extension.

SaaS-Based DNS and DNS Load Balancing (Self-Guided)

Learn about the new F5 SaaS-based DNS offerings including DNS secondary configuration and DNS load balancing utilizing F5 Cloud Services.

ADC Performance Monitoring and Scaling

This lab will provide hands on experience with the ADC Performance Monitoring, (ADPM) solution illustrating F5's Automation Toolchain integrating with a third party analytics provider(s) to provide cloud-agnostic centralized application delivery monitoring and management. 

During this lab, attendees will:
1) Utilize various third-party technologies/services along with F5’s automation toolchain
2) Deploy a multi-cloud application and manage scaling operations via the ADPM environment and third party analytics provider monitoring/alerting
2) Network as well as application management on BIG-IP.

F5 201 Certification Hands-On Lab – BIG-IP LTM Specialist

The purpose of this lab is to provide a sampling of hands-on exercises to better understand the subjects outlined in the 201-TMOS Administration Exam. This lab will prepare attendees to understand the objectives outlined in the F5 201 certification exam and is not intended to be outcome based.

SECURITY

Security

Breakouts | 25 Minutes

Bridging a Zero Trust Chasm: Integrating Azure AD’s Conditional Access with BIG-IP APM’s Identity Aware Proxy

Speakers: Manish Desai, Anitha Mareedu, Jay Kelley

Most organizations are moving toward a Zero Trust security architecture to protect their applications wherever they reside. In order to even begin thinking about deploying a Zero Trust environment, you’ll need to bridge the chasm between modern and classic identity management and authentication. F5 and Microsoft have accomplished that, through the integration of BIG-IP APM and Azure Active Directory. In this session, we’ll dive deeper into how Zero Trust by enabling trusted identity, app access security, and risk management to be applied to every access request on a continuous basis. We’re taking the Zero Trust axiom of “Never trust, always verify” to a new level, adding “Continuously monitor” to the mix.

Building a Fraud Profile with Device ID+

Speaker: Wesley Hales

Device and user identifiers are the common thread that span the entire technology stack. Organizations use them to drive fraud prevention and critical business analytics. Device ID+ is a real-time, high-precision device identifier that utilizes advanced signal collection and machine learning algorithms to assign a unique identifier to each device visiting your site. In this session, we’ll give you a rundown on how Device ID+ works, why it’s important, and how to use it within your application.

Combating Account Takeover

Speakers: Gary Newe, Anish Johnson

With the proliferation of apps that have adopted anti-bot technologies such as Shape Enterprise Defense, attackers are finding it difficult to identify soft targets. Instead of expending resources in an attempt to circumvent anti-automation technologies, fraudsters are pivoting and attacking unprotected email servers that become the steppingstone to the ultimate goal: your customer accounts. This, in turn, has resulted in a change in the credential marketplace landscape. Shape Security has been protecting our customers from automated attacks for years and has observed that fraudsters are left with no option but to revert to manual (i.e., human-driven) fraud methods. For this reason, we’ve developed machine learning models that specifically protect banks, credit unions, and other financial institutions.

Data Driven: Unlocking the Current and Future State of Application Delivery and Security Technologies

Speaker: Lori Mac Vittie

Technologies that deliver and secure applications are the status quo. Without them, applications don't scale, don't perform, and ultimately impact the customer experience. As businesses become digital, the technologies that enable experiences must evolve to deliver the data and actionable insights necessary to optimize and secure applications. This session will explore the current state of application delivery and security technologies and how data unlocks future business and digital capabilities.

Defending Applications from Sophisticated Bot-Driven Fraud and Abuse

Speaker: Brian Uffelman

Bots and unwanted automation drive billions of dollars in fraud losses for organizations around the globe every year. In this session, you’ll learn how F5 and Shape protect against the evolving threats from bots and cybercriminals that drive application fraud and abuse. Shape’s antibot platform uniquely defends against bots and unwanted automation for your customers. Learn how to find and qualify antibot opportunities and protect your customer’s applications from attack.

Device ID+: Identify Your Returning Users Easily

Speakers: Sumit Agarwal, Corey Marshall, Smriti Jaggi

Join this breakout to learn more about Device ID+, a real-time, high-precision device identifier that utilizes advanced signal collection and proven machine learning algorithms to assign a unique identifier to each device visiting your site.

Discover, Analyze, and Secure Your APIs Anywhere

Speaker: Pranav Dharwadkar, Jakub Pavlik

Containerization and serverless computing have had a significant impact on how apps are architected, networked, and secured. In this session, we’ll provide real world examples of app and API security attacks. We’ll also cover the four key security tenets—discover, analyze, secure, and anywhere—that users should look for in an app or API focused security solution.

Down the Rabbit Hole of the Dark Web

Speaker: John Cianfarani

The term "dark web" is used so frequently but what is it and what does it really mean? This session aims to help you understand what you can find on the dark web, interesting stats and trends, how to safely access it, and how to protect your web and mobile applications.

F5 Labs 2021 App Protect Report: Lessons Learned from Security Breaches and Incidents

Speakers: Ray Pompon, Sander Vinberg

Join this session to hear the latest insights from the F5 Labs Application Protection Research Series. We'll share insights from the past four years of data analysis on breach data, global honeypot nets, vulnerability analysis, and customer incident reports, including details on how the pandemic changed cybersecurity and what new threats emerged.

How Has AI Evolved and How Can It Be Used to Predict and Prevent Fraud?

Speaker: Saurabh Bajaj

Over the course of the last decade, the nature of cybersecurity has changed, evolving past the idea of cybersecurity being a system of logical controls to prevent attackers from infiltrating systems, to becoming a data analytics problem based on behavioral analysis of attack patterns to detect them when they do. As such, fraud and abuse have become the primary focus areas for organizations’ defensive efforts, and the use of artificial intelligence—particularly machine learning—has become one of the principal tools. This talk will review how cybersecurity challenges have changed, examine the emergence of credential stuffing as the #1 cybersecurity problem in the world—with real data from major corporations—and demonstrate next generation uses of machine learning in defending organizations and millions of users around the world.

How to Cut Bait from Encrypted Phishing

Speakers: Jay Kelley, Manish Desai, Don Laursen

According to the 2020 Phishing & Fraud Report from F5 Labs, the majority of phishing links—over 71%—use valid HTTPS certificates to appear credible so that they can fool you into clicking on a malicious link. Join this session to learn how F5 SSL Orchestrator can stop the bait used in encrypted phishing and spear phishing campaigns and how it can also secure non-standard ports from being a source of data loss.

How to Stop the Use of Security and Privacy as a Weapon

Speakers: Jay Kelley, Manish Desai, Don Laursen

Today, bad actors are using the same security tools you use against you. They’re able to do this through product specific gaps in modern cipher support, performance limitations, and crypto complexity, bypassing the security you’ve deployed. In this session, you’ll learn how to simplify the traffic decryption challenge and secure against data exfiltration and C2 communications with effective decryption of outbound network traffic. See how your organization can support both legacy and modern ciphers while protecting against cipher mismatches and unintentional bypass, plus enable intelligent decryption bypass for privacy regulation adherence. And finally, we’ll help you understand how to encrypt the entire “hello” process and import visibility solutions.

Improve Security Across the F5 WAF Engine with Better Visibility, Correlation, and Auto-Response

Speakers: Frank Strobel, Snehal Contractor

With F5 and Stellar Cyber, enterprises gain 360-degree visibility across their IT operations and can more easily remediate any security vulnerabilities that do arise. Stellar Cyber provides a leading open security operations platform providing high-speed, high-fidelity threat detection across the entire attack surface, and F5 is the industry leader in protecting apps. By consolidating visibility and analytics across F5’s WAF products through Stellar Cyber, this joint solution delivers best-of-breed protection, 360-degree visibility, high-fidelity detection, and fast remediation—all easily accessed through a single, intuitive user interface.

NIST Zero Trust Architecture: Not Just for Federal Agencies Anymore

Speakers: Jay Kelley, Manish Desai

As many employees and other personnel continue to work remotely, organizations­—including government agencies and ministries—have begun to evolve their thinking on Zero Trust security architectures. Organizations are becoming more comfortable with the idea of working remotely and are seeking to lay the foundation for securing this new working style. Most U.S. and foreign government agencies,—and even highly regulated private sector industries such as financial services and healthcar­­e—are viewing the National Institute of Standards and Technology (NIST) Special Publication 800-207 Zero Trust Architecture as a guide on how to deploy a Zero Trust model. In this session, you’ll learn how F5’s security portfolio maps to the NIST 800-207 guidelines to assist not just U.S. federal agencies, but also foreign governments and private sector organizations, in rapidly adopting a Zero Trust architecture to augment their existing security investments, and to help develop new, safer workflows and operations.

Security Automation for Modern Apps with F5, Red Hat Ansible, and Elastic

Speakers: Eric Ji, Matt Quill, James Lee

In modern application architectures, security concerns are more complex than ever. In this session, we’ll explore how you can implement a layered security policy for your modern app environment through a combination of F5 Advanced WAF and NGINX App Protect, tailored to the needs of different cybersecurity teams of NetSecOps and DevSecOps. We will also show how NGINX+, Elastic, Red Hat Ansible, and Red Hat OpenShift work together to automate remediation tasks in your IT environment.

Shifting Security to the Left

Speaker: Jay Kelley

A cultural shift is underway in how organizations look at security. Organizations with a traditional “security as the gatekeeper” mindset cannot scale and be effective in an environment where change is rapid and continuous. An important component of this cultural shift is the need to quickly abandon the concept of security as the gatekeeper and then embrace security as a shared responsibility across disciplines and teams. Join this session to find out how security controls can shift further left in the CI/CD pipeline and how the responsibility for security can be shared throughout the development process.

The Impact of (Skyrocketing) Unemployment Fraud During COVID-19

Speakers: Payal Shah, Partha Sarathy

The COVID-19 pandemic has affected billions of people around the world. Aside from the virus’ health ramifications, the corresponding lockdowns, travel restrictions, and closures have brought with them a tremendous economic impact. The unfortunate result is that many are hurting financially, having lost their jobs or otherwise suffered a drastic reduction in income. By implementing controls to prevent and monitor fraud, state agencies can greatly reduce the amount of unemployment fraud. Join this session to learn how Shape has been able to facilitate millions of dollars in fraud savings for organizations during the pandemic.


Discussion Forums | 45 Minutes

Application Protection in the Era of COVID-19

Speaker: Brian Uffleman

The COVID-19 pandemic has introduced complexity and chaos into nearly every aspect of our lives. The associated surge in unemployment fraud merely adds to that chaos. Rather than giving up and opting to live with billions of dollars in fraud losses each year, the time has come to take action. Join this discussion to find out how fraud detection and prevention platforms such as the Shape AI Fraud Engine (SAFE) can empower us to identify and stop different types of fraud, including unemployment fraud.

Remove Friction for Your Known Good Customers

Speaker to be announced

Description to come

Talking Real Attacks with F5’s Security Operations Center Analysts

Speakers: Nic Garmendia, Edgar Ojeda, John Wagnon

F5’s Security Operations Center (SOC) analysts are on the front lines, working 24x7 with customers to thwart attacks and add protections to keep their businesses up and running. In this session, our DDoS and WAF analysts will walk thru real attack scenarios and share best practices on how you can remain vigilant against persistent attackers. Cyberattacks are not going away so learn from the experts who have visibility into the attacks impacting businesses like yours.


Lightning Sessions | 10 Minutes

API Security: NGINX App Protect and the Best Partner Solutions

Speaker: Scott Laster

The speed at which the API economy is accelerating requires equally nimble security in front of these microservices. Join this lightning session to find out how NGINX App Protect is delivering on the concept of Security as Code and—when combined as a joint solution with other leading API tooling vendors—can deliver significant value to API publishers.

Bottomline Fraud Loss Reduction: Defending Against Account Takeover Fraud and Account Opening Fraud

Speaker: Partha Sarathy

Join us to learn how Shape can help you detect fraud in your applications and prevent the resulting revenue losses.

Design Options for Improving Security with SSL Orchestrator in ACI Environments

Speaker: James Lee

Join this lightning session to gain insight into how F5 SSL Orchestrator can secure Cisco ACI deployments.

Mitigating Bots and Fraud with Advanced WAF and Shape Enterprise Defense

Speakers: Austin Geraci, WorldTech IT; Lou Senko, Q2E; Jordan Hager, Q2E

In this lightning session, we’ll take you into a real-world case study with Q2E Banking and WorldTech IT.

Protecting Billions of Transactions Per Week with Shape Enterprise Defense

Speakers: Shehzad Shahbuddin, Carlos Asuncion

COVID-19 has accelerated the digital shift by at least two years, with some estimates pointing to as much as a five-year acceleration. Learn how Shape Enterprise Defense protects your customers from sophisticated automation attacks that can result in widespread hijacking of your customers' accounts.

Real-Time Device Intelligence: Identify Each Device Visiting Your Website

Speakers: Smriti Jaggi, Gary Newe

Device ID+ is a real-time device identifier that utilizes advanced signal collection and proven machine learning algorithms to assign a unique identifier to each device visiting your site. In this session, you’ll learn how Device ID+ can help you strengthen app security by detecting or blocking known bad devices, optimize traffic management, mitigate fraud and risk, personalize and accelerate online experiences for known devices, and more.

Rescuing Real Users Lost Due to Login Friction

Speaker: Mengmeng Chen

Capturing the attention of consumers and leading them to your website is an expensive proposition for an online retailer. Learn how even seemingly small improvements in the conversion from shoppers to buyers can yield significant revenue and margin improvements

See How F5 SAFE Can Protect Your Users and Keep Fraudsters at Bay

Speakers: John Cianfarani, Anish Johnson

Throughout the COVID-19 pandemic, many of F5’s customers have seen a noticeable uptick in new account applications coming in and have had to adjust operations as their current customers adjust their usage patterns. If you’re seeing similar trends and are concerned about how to ensure a smooth experience for users while keeping malicious actors out, join this session and see how F5 SAFE can help. As users visit and interact with your site or application, SAFE inconspicuously collects several hundred signals across user journey, behavior, and environment, and evaluates the risk of account opening or account takeover fraud using a customized machine learning model tuned for your enterprise.

Zero Trust | PEP: What’s the Point?

Speakers: Jean-Paul Bergeaux, GuidePoint Security; Danny Rivera, GuidePoint Security

Learn about a solution from F5 Partner, GuidePoint Security.


Interactive Demos | 10 Minutes

Controlling OTT Video in Service Provider Networks

The volume of over-the-top (OTT) encrypted video can be up to 70% of internet traffic. This presents a challenge for service providers as congestion in the network can impact the video performance for fixed and mobile network subscribers. Join this interactive demo to see the latest release of F5's Policy Enforcement Manager (PEM) which includes new features that allow service providers to monitor and control video traffic to ensure a high-quality end user experience.

F5 and Cisco ACI Integration: F5 ACI ServiceCenter

In this interactive demo, you’ll see how the F5 ACI ServiceCenter app runs natively in Cisco’s Application Policy Infrastructure Controller (APIC), providing administrators with a single point of automation and visibility for L2–3, as well as L4–7 app services between F5 BIG-IP and Cisco ACI.

Orchestrated Infrastructure Security: Changing Security at the Speed of Business

Speaker: Kevin Gallaugher

The way we do business is constantly evolving. Most organizations’ changes need to happen quickly or they risk losing revenue and opportunities. In this session, learn how F5 SSL Orchestrator can simplify change management for security devices (e.g., WAF, NG Firewall) and shorten the duration of the entire process. You’ll learn how to simplify stack change management and minimize the negative impacts due to it.

Protect Customers' Data and Your Brand with Shape Client-Side Defense

Learn how to protect your customers’ data and your online business from direct attacks to the first- and third-party JavaScript components with Shape Client-Side Defense.

Silverline Shape Defense: Advanced Bot Detection That Helps Prevent Large Scale Fraud

Silverline Shape Defense is a managed security service that protects your web applications from automated bot attacks to prevent large-scale fraud, inflated operational costs, and friction for your end users. Join us for a hands-on demo to learn how to learn how Silverline Shape Defense protects your web apps from bots and other automated attacks by delivering continuous protection, even when attackers retool. The managed service prevents sophisticated attacks, including those on the OWASP Automated Threats to Web Applications list.

VMware Horizon with BIG-IP APM

This interactive demo will provide you with a better understanding of VMware Horizon and BIG-IP APM.

VMware NSX-T Integration Topologies

Join this interactive demo to better understand the different topologies of deploying BIG-IP in an NSX-T environment.


Labs | 2 Hours

Access 101: Intro to Access (Self-Guided)

This is an introductory lab focused on F5 Access Policy Manager (APM). In this lab, you’ll learn the fundamental concepts of BIG-IP APM and learn about the components within the module.

During this lab you’ll cover:

  • Provisioning and main menu navigation
  • Access guided config concepts
  • Authentication types and frameworks
  • Visual Policy Editor concepts
  • Access log overview
  • Access policy frameworks
  • Webtop concepts
Access 102: Access Building Blocks (Self-Guided)

In this BIG-IP Access Policy Manager (APM) Lab, you’ll work through the fundamental building blocks and intermediate concepts leveraged in Access. You will build on the fundamental concepts from the 101 class and delve into more complex authentication with per session and per request policies.

During this lab you’ll learn:

  • Access policy frameworks
  • Client-side authentication
  • Server-side authentication
Access 201: Zero Trust: Identity Aware Proxy

Security is becoming more challenging as organizations shift to a remote workforce and applications reside in multiple locations beyond the enterprise data center. This has caused organizations to look for new and innovative ways to solve the complex problem for real-time authentication and authorization controls.

F5’s Zero Trust Architecture uses the Identity Aware Proxy (IAP) to create real-time contextual access decisions regardless of endpoint location. Contextual access can come from a multitude of sources including Identity providers, client posture, resource posture, or integration third party tools.  

During this hands-on lab you will learn how to configure the following:

  • Configure IAP using guided configuration
  • Conduct Client posture assessments using F5 Access Guard
  • Collect resource and third-party data via HTTP connector
Access 301: Per-Request Application Control

Request-by-request security is a foundational element when considering modern application delivery and security. Beyond single session authentication security, the need and ability to control access based on dynamic changes to the user, client, resource posture or external telemetry is critical and factors into Zero Trust architectures. In this lab, you’ll explore F5's per-request policies and apply their functionality to control secure access to applications.

During this hands-on lab you will learn how to:

  • Configure per-request policies using guided configuration
  • Create dynamic per-request policies to control access and security
  • Use OAuth in conjunction with per-request policies to control application access
Access 401: BIG-IP APM Automation

Did you know you can implement BIG-IP Access Policy Manager (APM) solutions through automation? Learn how to navigate the APM REST API, attach policy with AS3, and build BIG-IP APM objects and policies through imperative calls.  

During this lab, you will learn how to:

  • Configure iControl REST navigation and AS3 declarations
  • Build APM objects
  • Create per-session policies
  • Create per-request policies
  • Deploy solutions through automation
Access 501: Secure Application Access via Azure AD (Self-Guided)

This lab demonstrates the F5 BIG-IP Access Policy Manager (BIG-IP APM) integration with Microsoft Azure Active Directory (Azure AD) for secure user access to applications using Access Guided Configuration (AGC). 

Advanced Multi-Layer Firewall Protection

F5 BIG-IP Advanced Firewall Manager (AFM) is a high-performance, stateful, full-proxy network security solution designed to guard data centers against incoming threats that enter the network on the most widely deployed protocols. BIG-IP AFM’s unique application-centric design enables greater effectiveness in guarding against targeted network-level attacks. It tracks the state of network sessions, maintains deep application awareness, and uniquely mitigates attacks based on more granular details than traditional firewalls. The purpose of this lab is to walk you through the setup of BIG-IP to protect applications at multiple layers of the OSI stack hence providing Application Security Control. This in effect allows F5 BIG-IP to be multiple firewalls within a single platform.

API Security with NGINX Plus using DevOps Workflow

The instructor-led workshop is intended to demonstrate the use case for API security using NGINX Plus API Gateway and NGINX App Protect. The components are deployed via an automated CI/CD pipeline. API gateways serve as the front end for the traffic with routing, authentication, rate limiting controls, NAP is deployed at the ingress for a Kubernetes cluster which hosts a microservices based application.

Prerequisites:

Prior to attending, attendees must create an account on WWT.com in order to gain free access to lab environments and other valuable content from World Wide Technology. A base understanding of NGINX is helpful.

BIG-IP AFM DDoS and DNS DoS Protections

This session will teach you to use BIG-IP AFM to detect and prevent DNS DoS attacks against a virtual server as well as detecting and preventing system DDoS attacks.

BIG-IP AFM for Azure Ingress/Egress Traffic Filtering and VPN Tunneling

The instructor-led lab is intended to effectively demonstrate use of BIG-IP Advanced Firewall Manager (AFM) to filter ingress/egress traffic for an Azure Subnet or an entire Azure VNET. Attendees will learn how to create and configure Azure Route Tables, to use BIG-IP AFM as the gateway for desired subnets, and create associated Ingress/Egress NAT rules and policies. This workshop will expose techniques to leverage AFM logs to review proper enforcement and desired operations.

Contents:

  • Configuring a BIG-IP to operate in this manner for egress traffic (AFM NATs, policies, FQDN resolution, forwarding VSs, etc.)
  • Configuring the Azure Route Tables to use the AFM as the gateway for the desired subnets
  • Configuring Egress FQDN allow/deny rules
  • Reviewing AFM logs to show operation of the solution 
  • Configuring Ingress NAT/Rules 
  • Reviewing AFM logs to show operation of the solution

Prerequisites: 

  • Base understanding of BIG-IP and LTM configuration
  • Base understanding of Azure Networking is a plus but not required
  • Base experience with firewalls a plus but not required  
DNS Over HTTPS and TLS

Investigate and explore the movement to DNS over HTTPS and TLS and create a DNS server that will respond to DOH and DOT with F5.

Next Generation DNS Services and Security using F5

Explore DNS Services and Security by configuring the BIG-IP DNS modules in a lab environment.

Securing Your Application with iRules (Self-Guided)

F5 iRules can be used to fix things that are missing or hard to solve for in the existing application stack. F5 iRules give you the power and flexibility to fill security gaps. This self-guided lab will show you a handful of ways to use iRules to defend and protect against malicious activity in your enterprise.

SSLO 101: Essential SSL Visibility with SSL Orchestrator

As the volume of data continues to grow at a rapid pace, more companies are deploying Secure Socket Layer (SSL) and Transport Layer Security (TLS) solutions to encrypt data in transit.

In this “follow me”-style lab, you’ll learn how F5 SSL Orchestrator maximizes visibility across your network, increases infrastructure efficiencies, and heightens security by:

  • Effectively inspecting encrypted traffic
  • Supporting multiple deployment modes
  • Easily integrating with complex architectures for optimal flexibility.
SSLO 201: Advanced Use Cases with SSL Orchestrator

As organizational requirements change, so does the need to update security polices and add new services to existing SSL Orchestrator deployments. There is no need to fear required maintenance and regular enhancements to your security strategy.

During this instructor-led session, you will learn how to:

  • Modify existing SSL Orchestrator configurations to keep up with business and security demands 
  • Add authentication to identify and log outbound user activity
  • Support more complex traffic flow logic using a layered SSL Orchestrator architecture

Prerequisite:

  • SSLO 101: Essential SSL Visibility with SSL Orchestrator
WAF 111: Protect Against the OWASP Top 10

The OWASP Top 10 is the de facto list of the top 10 most prevalent web application attacks. A challenge for many security practitioners is taking this list of high-level attacks and turning them into real, actionable protection of their applications. In this lab, we’ll demonstrate how to quickly protect against the OWASP Top 10 by leveraging solutions across the F5 technology portfolio, primarily, BIG-IP Advanced WAF in addition to NGINX WAF and F5 iRules for AWS WAF.

WAF 141: Getting started with WAF, Bot Defense, and Threat Campaigns

In this lab, you’ll learn how to approach a WAF deployment and add security in layers to protect the application from known attacks—the negative security model.

Topics covered:

  • IP Intelligence
  • Geolocation
  • Bot defense
  • Threat campaigns
  • Transparent mode policy
  • Server technologies
  • Evasion techniques protection
  • Attack signatures and more

Prerequisites:
Interest in WAF, no working knowledge of F5 Advanced WAF needed, although helpful

WAF 241: Elevated WAF Security

Take your security policy to the next level. Use traffic learning to phase in a more restrictive positive security posture. We’ll cover elevated bot protection, learning and positive security, L7 DoS protection, and login page protection. 

Topics covered:

  • Bot defense – blocking mode
  • Cookie tampering protection
  • HTTP redirection protection
  • Learning – file types
  • Learning – headers
  • Login pages
  • DoS and behavioral DoS 

Prerequisites:
Soft requirement of the WAF 141 lab

WAF 341: Maximum WAF Security (Self-Guided)

Learn how to layer on additional security features and further enhance WAF policy using learning of parameters and URLs.

Topics covered:

  • Anti-bot mobile SDK
  • Brute force protection
  • Credential stuffing protection
  • Data guard
  • Data safe
  • HTTP methods control
  • Meta character enforcement
  • Learning – parameters
  • Learning – URLs
  • Sensitive data – masking in logs
  • Session hijacking protection
  • User session tracking

Prerequisites:
Soft requirement of WAF 241 or working knowledge of WAF policy and learning

WAF 342: Automating Advanced WAF (Self-Guided)

Join this lab to learn how to integrate your Advanced WAF into your CI/CD pipeline.

Topics covered:

  • Best practice policy recommendations for this scenario
  • Declarative WAF API (new feature introduced in 15.1)
  • WAF policy templating 
  • Integrating your WAF as part of your AS3 declaration 
  • Testing the effectiveness of your WAF 

Prerequisites:
Familiarity with CI/CD and ASM, some experience with AS3 and ASM is recommended, but not required

WAF and BIG-IP APM API Security and Management

As the dependency of API usage increases across organizations, so do the tools used to protect them. APIs were historically protected through dedicated API gateways performing complex tasks. The complex requirements for API gateways have decreased as the adoption of REST has increased in organizations. API gateways have been narrowed to three specific requirements: authentication, authorization, and content validation.

Using F5 Advanced WAF in conjunction with BIG-IP Access Policy Manager (APM), an organization can not only achieve the requirements needed for a traditional API gateway but increased security and authorization controls.

During this hands-on lab, you’ll learn how to:

  • Build an API protection profile using OpenAPI spec files 
  • Configure BIG-IP as a resource server for OAuth and OIDC for course-grain access control
  • Configure BIG-IP APM’s per-request policy engineer to provide fine-grain access control 
  • Configure Advanced WAF to protect against common API attacks