Overview
This course covers three typical deployment scenarios for BIG-IP Access Policy Manager (APM) and is broken into three individual lessons. In lesson one, you learn how to configure BIG-IP APM to provide Active Directory-based authentication for a load-balanced pool of web servers.
Building on that, in lesson two, you learn how to create a policy that provides an SSL VPN (Network Access) resource to users, but only when they log into BIG-IP APM using a corporate-issued PC.
Finally, lesson three builds on the first two lessons to create a policy that provides a dynamic landing page with both SSL VPN as well as an OWA (Portal Access) resource, but only to users with special authorization.
This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of BIG-IP Access Policy Manager.
Prerequisites
The following course-specific knowledge and experience is suggested before attending this course:
- Hands-on experience with BIG-IP
- Basic web application delivery (BIG-IP LTM)
- HTML, HTTP, HTTPS as well as some CSS and JavaScript
- Telnet, SSH and TLS/SSL
- VPN or tunnel encapsulation, Layer 4 NAT and Access Control Lists
Delegates will learn how to
- Getting started with the BIG-IP system
- APM Traffic Processing and APM Configuration Wizards
- APM Access Policies, Access Profiles
- Visual Policy Editor, Branches and Endings
- APM Portal Access and Rewrite Profiles
- Single Sign-On and Credential Caching
- APM Network Access and BIG-IP Edge Client
- Layer 4 and Layer 7 Access Control Lists
- APM Application Access and Webtop Types
- Remote Desktop, Optimized Tunnels and Webtop Links
- LTM Concepts including Virtual Servers, Pools, Monitors and SNAT’ing
- APM + LTM Use Case for Web Applications
- Visual Policy Editor Macros
- AAA Servers and Authentication and Authorization with Active Directory and RADIUS
- Endpoint Security with Windows Process Checking, Protected Workspace and Firewalls
- iRules, Customization and SAML
Outline
Chapter 1: Setting Up the BIG-IP System
- Introducing the BIG-IP System
- Initially Setting Up the BIG-IP System
- Archiving the BIG-IP Configuration
- Leveraging F5 Support Resources and Tools
Chapter 2: Configuring Web Application Access
- Review of BIG-IP LTM
- Introduction to the Access Policy
- Web Access Application Configuration Overview
- Web Application Access Configuration in Detail
Chapter 3: Exploring the Access Policy
- Navigating the Access Policy
Chapter 4: Managing BIG-IP APM
- BIG-IP APM Sessions and Access Licenses
- Session Variables and sessiondump
- Session Cookies
- Access Policy General Purpose Agents List
Chapter 5: Using Authentication
- Introduction to Access Policy Authentication
- Active Directory AAA Server
- RADIUS
- One-Time Password
- Local User Database
Chapter 6: Understanding Assignment Agents
- List of Assignment Agents
Chapter 7: Configuring Portal Access
- Introduction to Portal Access
- Portal Access Configuration Overview
- Portal Access Configuration
- Portal Access in Action
Chapter 8: Configuring Network Access
- Concurrent User Licensing
- VPN Concepts
- Network Access Configuration Overview
- Network Access Configuration
- Network Access in Action
Chapter 9: Deploying Macros
- Access Policy Macros
- Configuring Macros
- An Access Policy is a Flowchart
- Access Policy Logon Agents
- Configuring Logon Agents
Chapter 10: Exploring Client-Side Checks
- Client-Side Endpoint Security
Chapter 11: Exploring Server-Side Checks
- Server-Side Endpoint Security Agents List
- Server-Side and Client-Side Checks Differences
Chapter 12: Using Authorization
- Active Directory Query
- Active Directory Nested Groups
- Configuration in Detail
Chapter 13: Configuring AppTunnels
- Application Access
- Remote Desktop
- Network Access Optimized Tunnels
- Landing Page Bookmarks
Chapter 14: Deploying Access Control Lists
- Introduction to Access Control Lists
- Configuration Overview
- Dynamic ACLs
- Portal Access ACLs
Chapter 15: Signing On with SSO
- Remote Desktop Single Sign-On
- Portal Access Single Sign-On
Chapter 16: Using iRules
- iRules Introduction
- Basic TCL Syntax
- iRules and Advanced Access Policy Rules
Chapter 17: Customizing BIG-IP APM
- Customization Overview
- BIG-IP Edge Client
- Advanced Edit Mode Customization
- Landing Page Sections
Chapter 18: Deploying SAML
- SAML Conceptual Overview
- SAML Configuration Overview
Chapter 19: Exploring Webtops and Wizards
- Webtops
- Wizards
Chapter 20: Using BIG-IP Edge Client
- BIG-IP Edge Client for Windows Installation
- BIG-IP Edge Client in Action
Chapter 21: Configuration Project
Chapter 22: Additional Training and Certification
- Getting Started Series Web-Based Training
- F5 Instructor Led Training Curriculum
- F5 Professional Certification Program
- F5 Instructor Led Training Curriculum
- F5 Professional Certification Program
Frequently asked questions
How can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.