Overview
This course uses lectures and hands-on exercises to give participants real-time experience in setting up and configuring the BIG-IP Advanced Firewall Manager (AFM) system.
Students are introduced to the AFM user interface, stepping through various options that demonstrate how AFM is configured to build a network firewall and to detect and protect against DoS (Denial of Service) attacks. Reporting and log facilities are also explained and used in the course labs. Further Firewall functionality and additional DoS facilities for DNS and SIP traffic are discussed.
This course is intended for network operators, network administrators, network engineers, network architects, security administrators, and security architects responsible for installation, setup, configuration, and administration of the BIG-IP AFM system.
Prerequisites
Delegates will learn how to
- Installation and setup of the BIG-IP AFM system
- AFM network firewall concepts
- Network firewall options and modes
- Network firewall rules, policies, address/port lists, rule lists and schedules
- IP Intelligence facilities of dynamic black and white lists, IP reputation database and dynamic IP shunning.
- Detection and mitigation of DoS attacks
- Event logging of firewall rules and DoS attacks
- Reporting and notification facilities
- DoS Whitelists
- DoS Sweep/Flood
- DNS Firewall and DNS DoS
- SIP DoS
- Network Firewall iRules
- Port Misuse
- Various AFM component troubleshooting commands
Outline
Chapter 1: Setting up the BIG-IP System
- Introducing the BIG-IP System
- Initially Setting Up the BIG-IP System
- Archiving the BIG-IP Configuration
- Leveraging F5 Support Resources and Tools
- Chapter Resources
- BIG-IP System Setup Labs
Chapter 2: AFM Overview and Network Firewall
- AFM Overview
- AFM Release History
- AFM Availability
- What do you see?
- Terminology
- Network Firewall
- AFM Contexts
- AFM Modes
- AFM Packet Processing
- AFM Rules and Direction
- Rules Contexts and Processing
- Configuring Network Firewall
- Network Firewall Rules
- Geolocation
- Redundant and Conflicting Rules
- Stale Rules
- Lists and Schedules
- Rule Lists
- Address Lists
- Port Lists
- Schedules
- Policies
- Policy Status and Firewall Policy Management
- Inline Rule Editor
- Send to Virtual
- Packet Tester
Chapter 3: Logs
- Overview
- Event Logs
- Logging Profiles
- Log Throttling
- Logging and Logging Profiles
- BIG-IP Logging Mechanisms
- Publisher
- Log Destination
- Custom Search
- Logging Global Rule Events
- Log Configuration Changes
- QKView and Log Files
- SNMP MIB
- SNMP Traps
Chapter 4: IP Intelligence
- Overview
- Feature 1 Dynamic Black and White Lists
- Black List Categories
- Feed Lists
- IP Intelligence Policies
- IP Intelligence Log Profile
- IP Intelligence Reporting
- Troubleshooting IP Intelligence Lists
- Feature 2 IP Intelligence Database
- Licensing
- Installation
- Configuration
- Troubleshooting
- IP Intelligence iRule
Chapter 5: Device DoS
- Denial of Service and DoS Protection Overview
- Device DoS
- Configuring Device DoS
- Variant 1
- Variant 2
- Auto-Threshold Configuration
- Variant 3
- Bad Actor and Blacklist Address
- Device DoS Profiles
- DoS Protection Profile
- Dynamic Signatures
- DoS iRules
Chapter 6: Reports
- Reports
- Reporting
- General Reporting Facilities
- Time Series Chart
- Details
- Report Export
- DoS Screens
- Dashboard
- Analysis
- Custom Page
- Settings
- Scheduled Reports
- Troubleshooting Scheduled Reports
- Overview
- Summary
- Widgets
- Custom Widgets
- Deleting and Restoring Widgets
- Firewall Manager
Chapter 7: DoS White Lists
- White Lists
- Configuration
- tmsh
- Source Address List
Chapter 8: DoS Sweep Flood Protection
- Sweep Flood
- Configuration
Chapter 9: IP Intelligence Shun
- IP Intelligence Shun
- Manual Configuration
- Dynamic Configuration
- IP Intelligence Policy
- tmsh
- Extending the Shun Feature
- Remotely Triggered Black Hole
- Scrubber
Chapter 10: DNS Firewall
- DNS Firewall
- Configuration
- DNS Query
- DNS Opcodes
- Logging
- Troubleshooting
Chapter 11: DNS DoS
- DNS DoS
- Configuration
- DoS Protection Profile
- Device DoS
Chapter 12: SIP DoS
- Session Initiation Protocol (SIP)
- Transactions and Dialogs
- SIP DoS Configuration
- DoS Protection Profile
- Device DoS
- SIP iRules
Chapter 13: Network Firewall iRules
- Network Firewall iRules
- iRule Events
- Configuration
- Recommended Practice
- More Information
Chapter 14: Port Misuse
- Port Misuse
- Port Misuse Policy
- Attaching a Service Policy
- Log Profile
Chapter 15: Additional Training and Certification
- Getting Started Series Web-Based Training
- F5 Instructor Led Training Curriculum
- F5 Professional Certification Program
Appendix A: Troubleshooting
- Support Requirements
- tmsh commands
- Tools
- Log and Other Files
Appendix B: Lab Scripts
- Scripts
- Installation
Frequently asked questions
See all of our FAQsHow can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
Learn more about our Virtual Classrooms.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
Learn more about QA’s online courses.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.