Configuring BIG-IP APM: Access Policy Manager v15.1

Beskrivning

This course covers three typical deployment scenarios for BIG-IP Access Policy Manager (APM) and is broken into three individual lessons.

In lesson one, you learn how to configure BIG-IP APM to provide Active Directory-based authentication for a load-balanced pool of web servers. Building on that, in lesson two, you learn how to create a policy that provides an SSL VPN (Network Access) resource to users, but only when they log into BIG-IP APM using a corporate-issued PC. Finally, lesson three builds on the first two lessons to create a policy that provides a dynamic landing page with both SSL VPN as well as an OWA (Portal Access) resource, but only to users with special authorization.

Topics covered in this course include:

v14.1 Course Topics

Getting started with the BIG-IP system
APM Traffic Processing and APM Configuration Wizards
APM Access Policies, Access Profiles
Visual Policy Editor, Branches and Endings
APM Portal Access and Rewrite Profiles
Single Sign-On and Credential Caching
APM Network Access and BIG-IP Edge Client
Layer 4 and Layer 7 Access Control Lists
APM Application Access and Webtop Types
Remote Desktop, Optimized Tunnels and Webtop Links
LTM Concepts including Virtual Servers, Pools, Monitors and SNAT’ing
APM + LTM Use Case for Web Applications
Visual Policy Editor Macros
AAA Servers and Authentication and Authorization with Active Directory and RADIUS
Endpoint Security with Windows Process Checking, Protected Workspace and Firewalls
iRules, Customization and SAML

Objectives

v14.1 COURSE OUTLINE

Chapter 1: Setting Up the BIG-IP System

Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Archiving the BIG-IP Configuration
Leveraging F5 Support Resources and Tools

Chapter 2: Configuring Web Application Access

Review of BIG-IP LTM
Introduction to the Access Policy
Web Access Application Configuration Overview
Web Application Access Configuration in Detail

Chapter 3: Exploring the Access Policy

Navigating the Access Policy

Chapter 4: Managing BIG-IP APM

BIG-IP APM Sessions and Access Licenses
Session Variables and sessiondump
Session Cookies
Access Policy General Purpose Agents List

Chapter 5: Using Authentication

Introduction to Access Policy Authentication
Active Directory AAA Server
RADIUS
One-Time Password
Local User Database

Chapter 6: Understanding Assignment Agents

List of Assignment Agents

Chapter 7: Configuring Portal Access

Introduction to Portal Access
Portal Access Configuration Overview
Portal Access Configuration
Portal Access in Action

Chapter 8: Configuring Network Access

Concurrent User Licensing
VPN Concepts
Network Access Configuration Overview
Network Access Configuration
Network Access in Action

Chapter 9: Deploying Macros

Access Policy Macros
Configuring Macros
An Access Policy is a Flowchart
Access Policy Logon Agents
Configuring Logon Agents

Chapter 10: Exploring Client-Side Checks

Client-Side Endpoint Security

Chapter 11: Exploring Server-Side Checks

Server-Side Endpoint Security Agents List
Server-Side and Client-Side Checks Differences

Chapter 12: Using Authorization

Active Directory Query
Active Directory Nested Groups
Configuration in Detail

Chapter 13: Configuring AppTunnels

Application Access
Remote Desktop
Network Access Optimized Tunnels
Landing Page Bookmarks

Chapter 14: Deploying Access Control Lists

Introduction to Access Control Lists
Configuration Overview
Dynamic ACLs
Portal Access ACLs

Chapter 15: Signing On with SSO

Remote Desktop Single Sign-On
Portal Access Single Sign-On

Chapter 16: Using iRules

iRules Introduction
Basic TCL Syntax
iRules and Advanced Access Policy Rules

Chapter 17: Customizing BIG-IP APM

Customization Overview
BIG-IP Edge Client
Advanced Edit Mode Customization
Landing Page Sections

Chapter 18: Deploying SAML

SAML Conceptual Overview
SAML Configuration Overview

Chapter 19: Exploring Webtops and Wizards

Webtops
Wizards

Chapter 20: Using BIG-IP Edge Client

BIG-IP Edge Client for Windows Installation
BIG-IP Edge Client in Action

Chapter 21: Configuration Project

Audience

This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of BIG-IP Access Policy Manager

Prerequisites

Students must complete one of the following F5 prerequisites before attending this course:

Administering BIG-IP instructor-led course
or
F5 Certified BIG-IP Administrator
The following free web-based courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience. These courses are available at F5 University:

Getting Started with BIG-IP web-based training
Getting Started with BIG-IP Access Policy Manager (APM) web-based training
The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

OSI model encapsulation
Routing and switching
Ethernet and ARP
TCP/IP concepts
IP addressing and subnetting
NAT and private IP addressing
Default gateway
Network firewalls
LAN vs. WAN
The following course-specific knowledge and experience is suggested before attending this course:

Hands-on experience with BIG-IP
Basic web application delivery (BIG-IP LTM)
HTML, HTTP, HTTPS as well as some CSS and JavaScript
Telnet, SSH and TLS/SSL
VPN or tunnel encapsulation, Layer 4 NAT and Access Control Lists

More information – please look on F5 webpage under ”Education”

Programme

Course Topics

Course outline version 14