TRAINING COURSE

Configuring BIG-IP APM: Access Policy Manager

This three-day course gives network administrators, network operators, and network engineers a functional understanding of BIG-IP Access Policy Manager as it is commonly deployed in both application delivery network and remote access settings. The course introduces students to BIG-IP Access Policy Manager, its configuration objects, how it commonly deployed, and how typical administrative and operational activities are performed. The course includes lecture, hands-on labs, interactive demonstrations, and discussions.

Course Objectives

  • Configure remote access methods Network Access, Portal Access and Application Access and understand the differences and use cases for each
  • Configure APM and LTM to work together for advanced application delivery as well as understand the APM + LTM use case versus the remote access use case
  • Configure advanced policies using the Visual Policy Editor with all of its features such as macros, branches and multiple endings
  • Understand the role of iRules and how they work together with BIG-IP in general and APM in specific
  • Understand the role of Federated Single Sign-On using SAML and deploy a basic configuration
  • Configure multiple authentication methods and understand how they can work together in a single access policy
  • Set up, license, and provision the BIG-IP system out-of-the-box
  • Create, restore from, and manage BIG-IP archives
  • Use profiles to manipulate the way the BIG-IP system processes traffic through a virtual server

Course Topics

  • Getting started with the BIG-IP system
  • APM Traffic Processing and APM Configuration Wizards
  • APM Access Policies, Access Profiles
  • Visual Policy Editor, Branches and Endings
  • APM Portal Access and Rewrite Profiles
  • Single Sign-On and Credential Caching
  • APM Network Access and BIG-IP Edge Client
  • Layer 4 and Layer 7 Access Control Lists
  • APM Application Access and Webtop Types
  • Remote Desktop, Optimized Tunnels and Webtop Links
  • LTM Concepts including Virtual Servers, Pools, Monitors and SNAT'ing
  • APM + LTM Use Case for Web Applications
  • Visual Policy Editor Macros
  • AAA Servers and Authentication and Authorization with Active Directory and RADIUS
  • Endpoint Security with Windows Process Checking, Protected Workspace and Firewalls
  • iRules, Customization and SAML

Audience

This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of BIG-IP Access Policy Manager.

Prerequisites

Students must complete one of the following F5 prerequisites before attending this course:

  • Administering BIG-IP instructor-led course

    -or-

  • F5 Certified BIG-IP Administrator

The following free web-based courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience.

The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

  • OSI model encapsulation
  • Routing and switching
  • Ethernet and ARP
  • TCP/IP concepts
  • IP addressing and subnetting
  • NAT and private IP addressing
  • Default gateway
  • Network firewalls
  • LAN vs. WAN

The following course-specific knowledge and experience is suggested before attending this course:

  • Hands-on experience with BIG-IP
  • Basic web application delivery (BIG-IP LTM)
  • HTML, HTTP, HTTPS as well as some CSS and JavaScript
  • Telnet, SSH and TLS/SSL
  • VPN or tunnel encapsulation, Layer 4 NAT and Access Control Lists

Major Course Changes since v14

Configuring BIG-IP APM did not change significantly with version 15.1. Minor changes were made mostly to keep pace with changes to the BIG-IP APM UI.

Course Outlines

View Course Outline v15

Chapter 1: Setting Up the BIG-IP System

  • Introducing the BIG-IP System
  • Initially Setting Up the BIG-IP System
  • Archiving the BIG-IP Configuration
  • Leveraging F5 Support Resources and Tools

Chapter 2: Configuring Web Application Access

  • Review of BIG-IP LTM
  • Introduction to the Access Policy
  • Web Access Application Configuration Overview
  • Web Application Access Configuration in Detail

Chapter 3: Exploring the Access Policy

  • Navigating the Access Policy

Chapter 4: Managing BIG-IP APM

  • BIG-IP APM Sessions and Access Licenses
  • Session Variables and sessiondump
  • Session Cookies
  • Access Policy General Purpose Agents List

Chapter 5: Using Authentication

  • Introduction to Access Policy Authentication
  • Active Directory AAA Server
  • RADIUS
  • One-Time Password
  • Local User Database

Chapter 6: Understanding Assignment Agents

  • List of Assignment Agents

Chapter 7: Configuring Portal Access

  • Introduction to Portal Access
  • Portal Access Configuration Overview
  • Portal Access Configuration
  • Portal Access in Action

Chapter 8: Configuring Network Access

  • Concurrent User Licensing
  • VPN Concepts
  • Network Access Configuration Overview
  • Network Access Configuration
  • Network Access in Action

Chapter 9: Deploying Macros

  • Access Policy Macros
  • Configuring Macros
  • An Access Policy is a Flowchart
  • Access Policy Logon Agents
  • Configuring Logon Agents

Chapter 10: Exploring Client-Side Checks

  • Client-Side Endpoint Security

Chapter 11: Exploring Server-Side Checks

  • Server-Side Endpoint Security Agents List
  • Server-Side and Client-Side Checks Differences

Chapter 12: Using Authorization

  • Active Directory Query
  • Active Directory Nested Groups
  • Configuration in Detail

Chapter 13: Configuring App Tunnels

  • Application Access
  • Remote Desktop
  • Network Access Optimized Tunnels
  • Landing Page Bookmarks

Chapter 14: Deploying Access Control Lists

  • Introduction to Access Control Lists
  • Configuration Overview
  • Dynamic ACLs
  • Portal Access ACLs

Chapter 15: Signing On with SSO

  • Remote Desktop Single Sign-On
  • Portal Access Single Sign-On

Chapter 16: Using iRules

  • iRules Introduction
  • Basic TCL Syntax
  • iRules and Advanced Access Policy Rules

Chapter 17: Customizing BIG-IP APM

  • Customization Overview
  • BIG-IP Edge Client
  • Advanced Edit Mode Customization
  • Landing Page Sections

Chapter 18: Deploying SAML

  • SAML Conceptual Overview
  • SAML Configuration Overview

Chapter 19: Exploring Webtops and Wizards

  • Webtops
  • Wizards

Chapter 20: Using BIG-IP Edge Client

  • BIG-IP Edge Client for Windows Installation
  • BIG-IP Edge Client in Action

Chapter 21: Configuration Project

View Course Outline v14

Chapter 1: Setting Up the BIG-IP System

  • Introducing the BIG-IP System
  • Initially Setting Up the BIG-IP System
  • Archiving the BIG-IP Configuration
  • Leveraging F5 Support Resources and Tools

Chapter 2: Configuring Web Application Access

  • Review of BIG-IP LTM
  • Introduction to the Access Policy
  • Web Access Application Configuration Overview
  • Web Application Access Configuration in Detail

Chapter 3: Exploring the Access Policy

  • Navigating the Access Policy

Chapter 4: Managing BIG-IP APM

  • BIG-IP APM Sessions and Access Licenses
  • Session Variables and sessiondump
  • Session Cookies
  • Access Policy General Purpose Agents List

Chapter 5: Using Authentication

  • Introduction to Access Policy Authentication
  • Active Directory AAA Server
  • RADIUS
  • One-Time Password
  • Local User Database

Chapter 6: Understanding Assignment Agents

  • List of Assignment Agents

Chapter 7: Configuring Portal Access

  • Introduction to Portal Access
  • Portal Access Configuration Overview
  • Portal Access Configuration
  • Portal Access in Action

Chapter 8: Configuring Network Access

  • Concurrent User Licensing
  • VPN Concepts
  • Network Access Configuration Overview
  • Network Access Configuration
  • Network Access in Action

Chapter 9: Deploying Macros

  • Access Policy Macros
  • Configuring Macros
  • An Access Policy is a Flowchart
  • Access Policy Logon Agents
  • Configuring Logon Agents

Chapter 10: Exploring Client-Side Checks

  • Client-Side Endpoint Security

Chapter 11: Exploring Server-Side Checks

  • Server-Side Endpoint Security Agents List
  • Server-Side and Client-Side Checks Differences

Chapter 12: Using Authorization

  • Active Directory Query
  • Active Directory Nested Groups
  • Configuration in Detail

Chapter 13: Configuring App Tunnels

  • Application Access
  • Remote Desktop
  • Network Access Optimized Tunnels
  • Landing Page Bookmarks

Chapter 14: Deploying Access Control Lists

  • Introduction to Access Control Lists
  • Configuration Overview
  • Dynamic ACLs
  • Portal Access ACLs

Chapter 15: Signing On with SSO

  • Remote Desktop Single Sign-On
  • Portal Access Single Sign-On

Chapter 16: Using iRules

  • iRules Introduction
  • Basic TCL Syntax
  • iRules and Advanced Access Policy Rules

Chapter 17: Customizing BIG-IP APM

  • Customization Overview
  • BIG-IP Edge Client
  • Advanced Edit Mode Customization
  • Landing Page Sections

Chapter 18: Deploying SAML

  • SAML Conceptual Overview
  • SAML Configuration Overview

Chapter 19: Exploring Webtops and Wizards

  • Webtops
  • Wizards

Chapter 20: Using BIG-IP Edge Client

  • BIG-IP Edge Client for Windows Installation
  • BIG-IP Edge Client in Action

Chapter 21: Configuration Project

SKU: F5-TRG-BIG-EGW-APM

Course type: Instructor-Led Training

Price: $2,995 (USD)

Course Length: 3 days

Designed for:
    Network Administrator
    Architect