Configuring BIG-IP AFM: Advanced Firewall Manager (BIG-IP-AFM)

Programme
This course uses lectures and hands-on exercises to give participants real-time experience in setting up and configuring the BIG-IPĀ® Advanced Firewall Manager system. Students are introduced to the AFM user interface, stepping through various options that demonstrate how AFM is configured to build a network firewall and to detect and protect against DoS (Denial of Service) attacks. Reporting and log facilities are also explained and used in the course labs. Further Firewall functionality and additional DoS facilities for DNS and SIP traffic are discussed.

Topics covered in this course include:
  • Installation and setup of the BIG-IP AFM System
  • AFM network firewall concepts
  • Network firewall options and modes
  • Network firewall rules, policies, address/port lists, rule lists and schedules
  • IP Intelligence facilities of dynamic black and white lists and the IP reputation database
  • Detection and prevention of DoS attacks
  • Event logging of firewall rules and DoS attacks
  • Reporting and notification facilities
  • DoS Whitelists
  • DNS Firewall and DNS DoS
  • SIP DoS
  • Network Firewall iRules
  • Various AFM component troubleshooting commands

Participants
This course is intended for network operators, network administrators, network engineers, network architects, security administrators, and security architects responsible for installation, setup, configuration, and administration of the BIG-IP Advanced Firewall Manager (AFM) system.

Prerequisites
Students should be familiar with the BIG-IP LTM system and, in particular, how to setup and configure a BIG-IP LTM system, including virtual servers, pools, profiles, VLANs and self-IPs.

Students are required to complete one of the following F5 prerequisites before attending this course:
  • Administering BIG-IP V11 instructor-led course
  • F5 Certified BIG-IP Administrator

In addition, the following web-based courses will be very helpful for any student with limited BIG-IP LTM administration and configuration:
  • Getting Started with BIG-IP web-based training
  • Getting Started with BIG-IP Local Traffic Manager (LTM) web-based training

Students should understand:
  • TMOS administration
  • Network concepts and configuration
  • Security concepts and terminology
  • DNS configuration and resolution

Programme
Chapter 1: Setting up the BIG-IP System
  • Introducing the BIG-IP System
  • Initially Setting Up the BIG-IP System
  • Backing Up and Restoring BIG-IP Configurations
  • Leveraging F5 Support Resources and Tools

Chapter 2: AFM Overview and Network Firewall
  • The F5 Solution - Application Delivery Firewall
  • Advanced Firewall Manager
  • AFM Release History
  • AFM Availability
  • What do you see?
  • AFM Firewalls
  • Firewall Rule Containers
  • AFM Contexts
  • AFM Modes
  • AFM Packet Processing
  • AFM Rules and Direction
  • Rules Contexts and Processing
  • Configuring Network Firewall
  • Network Firewall Rules
  • Geolocation
  • Redundant and Conflicting Rules
  • Stale Rules
  • Lists and Schedules
  • Rule Lists
  • Address Lists
  • Port Lists
  • Schedules
  • Policies
Chapter 3: Logs
  • Event Logs
  • Logging Profiles
  • Log Throttling
  • Traffic Flow Statistics
  • Logging and Logging Profiles
  • BIG-IP Logging Mechanisms
  • Publisher
  • Log Destination
  • Custom Search
  • Logging Global Rule Events
  • QKView
  • Other Log Files
  • SNMP MIB
  • SNMP Traps
Chapter 4: IP Intelligence
  • Overview
  • Architecture
  • Feature 1 Black and White Lists
  • Black List Categories
  • Feed Lists
  • IP Intelligence Policies
  • IP Intelligence Log Profile
  • IP Intelligence Reporting
  • Troubleshooting IP Intelligence Lists
  • Feature 2 IP Intelligence Database
  • Licensing
  • Installation
  • Configuration
  • Troubleshooting
  • IP Intelligence iRule

Chapter 5: Device DoS
  • DoS Protection
  • Configuring Device DoS
  • Profiles
  • Chapter 6: Reports
  • Reports
  • Reporting
  • General Reporting Facilities
  • Charts
  • Details
  • Report Export
  • Network Screens
  • DoS Screens
  • Settings
  • Overview
  • Summary
  • Widgets
  • Time Periods, Settings, Export, and Delete Options
  • Firewall Manager
  • Chapter 7: DoS White Lists
  • White Lists
  • Configuration
  • tmsh
Chapter 8: DoS Sweep Flood Protection
  • Sweep Flood
  • Configuration
Chapter 9: DNS Firewall
  • DNS Firewall
  • Configuration
Chapter 10: DNS DoS
  • DNS DoS
  • Configuration
Chapter 11: SIP DoS
  • Session Initiation Protocol (SIP)
  • Transactions and Dialogs
  • SIP DoS
  • Configuration
  • SIP iRules

Chapter 12: Device DoS Additional
  • DNS and SIP DoS
Chapter 13: Network Firewall iRules
  • Network Firewall iRules
  • iRule Event
  • Use Cases
  • Best Practice