Configuring BIG-IP SSL Orchestrator (SSLO)
This page provides information on how to purchase training for this course. It includes a description of the course, suggested prework, any required prerequisites, and links to purchase based on modality.
Key Info
COURSE ID:
F5-TRG-BIG-SSLO
PRODUCT FAMILY:
BIG-IP
TITLE:
Configuring BIG-IP SSL Orchestrator (SSLO)
COURSE LEVEL:
Core
MODALITY:
Self-Directed Training (SDT), Instructor-Led Training (ILT)
LENGTH (DAYS/HOUR):
ILT - 2 Days
SDT - 12 Hours
LANGUAGES:
ILT - English
SDT - English
PRICE ($$/TU):
ILT - $2420 USD/44 TUs
SDT - $550 USD/10 TUs
CONTAINS HANDS-ON LABS?:
Yes
SDT details
Learn how to deploy and operate F5 SSL Orchestrator to maximize infrastructure investments, efficiencies, and security with dynamic, policy-based encryption, decryption, and traffic steering through multiple inspection devices. Combining hands-on lab exploration with instructor-led lectures, gain practical experience implementing comprehensive encrypted traffic protection using SSL Orchestrator Guided Configuration. Build deployments for transparent and explicit forward proxies, gateway reverse proxies and existing application protecting inbound enterprise traffic, then modify those deployments changing a gateway to application mode and applying TLS v1.3 requirements. Incorporate multiple security devices at layer 2 and layer 3 with ICAP and receive-only devices in varying topology deployments.
Explore interception rules and context-based policies allowing for targeted SSL visibility based on context engine steering using geolocation, IP reputation and URL categorization. Implement dynamic service chaining of security devices to provide service insertion, service resiliency, service monitoring, and load balancing in hands-on lab scenarios. Discuss the essentials of PKI and certificates with lab practice to import certificates and private keys, then incorporate into security configurations for each topology deployment.
This course is intended for network administrators and Security Operations responsible for installation, setup, configuration, and administration of the F5 SSL Orchestrator system.
Explore interception rules and context-based policies allowing for targeted SSL visibility based on context engine steering using geolocation, IP reputation and URL categorization. Implement dynamic service chaining of security devices to provide service insertion, service resiliency, service monitoring, and load balancing in hands-on lab scenarios. Discuss the essentials of PKI and certificates with lab practice to import certificates and private keys, then incorporate into security configurations for each topology deployment.
This course is intended for network administrators and Security Operations responsible for installation, setup, configuration, and administration of the F5 SSL Orchestrator system.
ILT details
Learn how to deploy and operate F5 SSL Orchestrator to maximize infrastructure investments, efficiencies, and security with dynamic, policy-based encryption, decryption, and traffic steering through multiple inspection devices. Combining hands-on lab exploration with instructor-led lectures, gain practical experience implementing comprehensive encrypted traffic protection using SSL Orchestrator Guided Configuration. Build deployments for transparent and explicit forward proxies, gateway reverse proxies and existing application protecting inbound enterprise traffic, then modify those deployments changing a gateway to application mode and applying TLS v1.3 requirements. Incorporate multiple security devices at layer 2 and layer 3 with ICAP and receive-only devices in varying topology deployments.
Explore interception rules and context-based policies allowing for targeted SSL visibility based on context engine steering using geolocation, IP reputation and URL categorization. Implement dynamic service chaining of security devices to provide service insertion, service resiliency, service monitoring, and load balancing in hands-on lab scenarios. Discuss the essentials of PKI and certificates with lab practice to import certificates and private keys, then incorporate into security configurations for each topology deployment.
This course is intended for network administrators and Security Operations responsible for installation, setup, configuration, and administration of the F5 SSL Orchestrator system.
Explore interception rules and context-based policies allowing for targeted SSL visibility based on context engine steering using geolocation, IP reputation and URL categorization. Implement dynamic service chaining of security devices to provide service insertion, service resiliency, service monitoring, and load balancing in hands-on lab scenarios. Discuss the essentials of PKI and certificates with lab practice to import certificates and private keys, then incorporate into security configurations for each topology deployment.
This course is intended for network administrators and Security Operations responsible for installation, setup, configuration, and administration of the F5 SSL Orchestrator system.
Chapter 1: Introducing SSL Orchestrator
Internet Security and SSL Visibility
Introducing SSL Orchestrator and its role in network security
SSL Orchestrator Placement on the Network
Platform and Licensing Requirements
Chapter 2: Certificate Fundamentals
Overview of Internet Security Model
Understanding Certificate Use
Managing Certificates on SSL Orchestrator (BIG-IP)
Chapter 3: Architecture Overview
Inbound and outbound inspection
Cipher diversity
Broad topology and inspection device support
Dynamic service chaining and policy-based traffic steering
Advanced monitoring
Dynamic scaling and evaluation
Chapter 4: Guided Configuration
Reviewing the Landing Page
Selecting a Topology
Making SSL Certificate Configurations
Creating Services and Service Handling
Constructing a Service Chain
Building a Security Policy
Defining an Interception Rule
Examining Egress settings
Reviewing the Summary Page and Deployment
Exploring the SSL Orchestrator Dashboard
Chapter 5: Services
Relationship of devices to services
Inline layer 2, layer 3 and HTTP inspection services
ICAP and TAP passive inspection services
Chapter 6: Topologies
Selecting the appropriate topology
Benefits and limitations of topologies
Existing application integration
Layer 2 virtual wire concepts
Chapter 7: Components
Initial and subsequent forward proxy flow
Flow and header based signaling
Access components
Appropriate naming of service objects
Authentication
Tee connector design and flow
Chapter 8: Managing Security Policy
Creating security policies
Reviewing per-request policy for an outbound topology
Navigating Visual Policy Editor
Chapter 9: Solving SSL Orchestrator Problems
Collecting system information
Solving traffic flow issues
Guided Configuration and iAppLX issues
Troubleshooting with cURL
Traffic captures with tcpdump
Cleanup and deleting configurations
Chapter 10: SSL Orchestrator High Availability
Review BIG-IP High Availability
SSL Orchestrator High Availability (HA) Requirements
Installation and Upgrade Cautions
SSL Orchestrator in Scaled Mode
Troubleshooting SSL Orchestrator HA
Prior Knowledge
The following free Self-Directed Training (SDT) courses, although optional, are helpful for any student with limited BIG-IP administration and configuration experience:
Getting Started with BIG-IP
Getting Started with SSL Orchestrator (SSLO)
General network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course, including OSI model encapsulation, routing and switching, Ethernet and ARP, TCP/IP concepts, IP addressing and subnetting, NAT and private IP addressing, NAT and private IP addressing, default gateway, network firewalls, and LAN vs. WAN. The following course-specific knowledge and experience is suggested before attending this course: HTTP, HTTPS, FTP, and SSH protocols
TLS/SSL
Security services such as malware detection, data loss/leak prevention (DLP), next-generation firewalls (NGFW), intrusion prevention systems (IPS), and Internet Content Adaptation Protocol (ICAP)
General network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course, including OSI model encapsulation, routing and switching, Ethernet and ARP, TCP/IP concepts, IP addressing and subnetting, NAT and private IP addressing, NAT and private IP addressing, default gateway, network firewalls, and LAN vs. WAN. The following course-specific knowledge and experience is suggested before attending this course:
Register for your course
To view and/or purchase the SDT Course click here: View SDT Please find below the current active sessions for the ILT. If there are no sessions listed below and you would like to register your interest in attending the ILT version of this course please email: support@mail.education.f5.com