F5 Configuring BIGIP APM: Access Policy Manager - EGW-APM

This three-day course gives network administrators, network operators, and network engineers a functional understanding of BIG-IP Access Policy Manager as it is commonly deployed in both application delivery network and remote access settings.

The course introduces students to BIG-IP Access Policy Manager, its configuration objects, how it commonly deployed, and how typical administrative and operational activities are performed.

The course includes lecture, hands-on labs, interactive demonstrations, and discussions.

Students must complete one of the following F5 prerequisites before attending this course.

- Administering BIG-IP instructor-led course

or

- F5 Certified BIG-IP Administrator

The following free web-based courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience. These courses are available at F5 University:

- Getting Started with BIG-IP web-based training

- Getting Started with BIG-IP Access Policy Manager (APM) web-based training

The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

- OSI model encapsulation

- Routing and switching

- Ethernet and ARP

- TCP/IP concepts

- IP addressing and subnetting

- NAT and private IP addressing

- Default gateway

- Network firewalls

- LAN vs. WAN

The following course-specific knowledge and experience is suggested before attending this course:

- Hands-on experience with BIG-IP

- Basic web application delivery (BIG-IP LTM)

- HTML, HTTP, HTTPS as well as some CSS and JavaScript

- Telnet, SSH and TLS/SSL

- VPN or tunnel encapsulation, Layer 4 NAT and Access Control Lists

By the end of this course, the student should be able to perform an initial configuration using the Setup Utility and build many common configurations using the Graphical User Interface (browser-based).

In addition, the student should be able to monitor and manage common tasks concerning traffic processed through the BIG-IP APM system.

This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of BIG-IP Access Policy Manager.

v14 Course Topics

Chapter 1: Setting Up the BIG-IP System

Introducing the BIG-IP System

Initially Setting Up the BIG-IP System

Archiving the BIG-IP Configuration

Leveraging F5 Support Resources and Tools

Chapter 2: Configuring Web Application Access

Review of BIG-IP LTM

Introduction to the Access Policy

Web Access Application Configuration Overview

Web Application Access Configuration in Detail

Chapter 3: Exploring the Access Policy

Navigating the Access Policy

Chapter 4: Managing BIG-IP APM

BIG-IP APM Sessions and Access Licenses

Session Variables and sessiondump

Session Cookies

Access Policy General Purpose Agents List

Chapter 5: Using Authentication

Introduction to Access Policy Authentication

Active Directory AAA Server

RADIUS

One-Time Password

Local User Database

Chapter 6: Understanding Assignment Agents

List of Assignment Agents

Chapter 7: Configuring Portal Access

Introduction to Portal Access

Portal Access Configuration Overview

Portal Access Configuration

Portal Access in Action

Chapter 8: Configuring Network Access

Concurrent User Licensing

VPN Concepts

Network Access Configuration Overview

Network Access Configuration

Network Access in Action

Chapter 9: Deploying Macros

Access Policy Macros

Configuring Macros

An Access Policy is a Flowchart

Access Policy Logon Agents

Configuring Logon Agents

Chapter 10: Exploring Client-Side Checks

Client-Side Endpoint Security

Chapter 11: Exploring Server-Side Checks

Server-Side Endpoint Security Agents List

Server-Side and Client-Side Checks Differences

Chapter 12: Using Authorization

Active Directory Query

Active Directory Nested Groups

Configuration in Detail

Chapter 13: Configuring App Tunnels

Application Access

Remote Desktop

Network Access Optimized Tunnels

Landing Page Bookmarks

Chapter 14: Deploying Access Control Lists

Introduction to Access Control Lists

Configuration Overview

Dynamic ACLs

Portal Access ACLs

Chapter 15: Signing On with SSO

Remote Desktop Single Sign-On

Portal Access Single Sign-On

Chapter 16: Using iRules

iRules Introduction

Basic TCL Syntax

iRules and Advanced Access Policy Rules

Chapter 17: Customizing BIG-IP APM

Customization Overview

BIG-IP Edge Client

Advanced Edit Mode Customization

Landing Page Sections

Chapter 18: Deploying SAML

SAML Conceptual Overview

SAML Configuration Overview

Chapter 19: Exploring Webtops and Wizards

Webtops

Wizards

Chapter 20: Using BIG-IP Edge Client

BIG-IP Edge Client for Windows Installation

BIG-IP Edge Client in Action

Chapter 21: Configuration Project

Description:

This course covers three typical deployment scenarios for BIG-IP Access Policy Manager (APM) and is broken into three individual lessons.

In lesson one, you learn how to configure BIG-IP APM to provide Active Directory-based authentication for a load-balanced pool of web servers.

Building on that, in lesson two, you learn how to create a policy that provides an SSL VPN (Network Access) resource to users, but only when they log into BIG-IP APM using a corporate-issued PC. Finally, lesson three builds on the first two lessons to create a policy that provides a dynamic landing page with both SSL VPN as well as an OWA (Portal Access) resource, but only to users with special authorization.