This 3-day course gives network administrators, network operators, and network engineers a functional understanding of BIG-IP Access Policy Manager as it is commonly deployed in both application delivery network and remote access settings.

The course introduces students to BIG-IP Access Policy Manager, its configuration objects, how it commonly deployed, and how typical administrative and operational activities are performed.

The course includes lecture, hands-on labs, interactive demonstrations, and discussions.

Course Topics

• Getting started with the BIG-IP system
• APM Traffic Processing and APM Configuration Wizards
• APM Access Policies, Access Profiles
• Visual Policy Editor, Branches and Endings
• APM Portal Access and Rewrite Profiles
• Single Sign-On and Credential Caching
• APM Network Access and BIG-IP Edge Client
• Layer 4 and Layer 7 Access Control Lists
• APM Application Access and Webtop Types
• Remote Desktop, Optimized Tunnels and Webtop Links
• LTM Concepts including Virtual Servers, Pools, Monitors and SNAT’ing
• APM + LTM Use Case for Web Applications
• Visual Policy Editor Macros
• AAA Servers and Authentication and Authorization with Active Directory and RADIUS
• Endpoint Security with Windows Process Checking, Protected Workspace and Firewalls
• iRules, Customization and SAML

• Configure remote access methods Network Access, Portal Access and Application Access and understand the differences and use cases for each
• Configure APM and LTM to work together for advanced application delivery as well as understand the APM + LTM use case versus the remote access use case
• Configure advanced policies using the Visual Policy Editor with all of its features such as macros, branches and multiple endings
• Understand the role of iRules and how they work together with BIG-IP in general and APM in specific
• Understand the role of Federated Single Sign-On using SAML and deploy a basic configuration
• Configure multiple authentication methods and understand how they can work together in a single access policy
• Set up, license, and provision the BIG-IP system out-of-the-box
• Create, restore from, and manage BIG-IP archives
• Use profiles to manipulate the way the BIG-IP system processes traffic through a virtual server

Chapter 1: Setting Up the BIG-IP System

• Introducing the BIG-IP System
• Initially Setting Up the BIG-IP System
• Archiving the BIG-IP Configuration
• Leveraging F5 Support Resources and Tools

Chapter 2: Configuring Web Application Access

• Review of BIG-IP LTM
• Introduction to the Access Policy
• Web Access Application Configuration Overview
• Web Application Access Configuration in Detail

Chapter 3: Exploring the Access Policy

• Navigating the Access Policy

Chapter 4: Managing BIG-IP APM

• BIG-IP APM Sessions and Access Licenses
• Session Variables and sessiondump
• Session Cookies
• Access Policy General Purpose Agents List

Chapter 5: Using Authentication

• Introduction to Access Policy Authentication
• Active Directory AAA Server
• RADIUS
• One-Time Password
• Local User Database

Chapter 6: Understanding Assignment Agents

• List of Assignment Agents

Chapter 7: Configuring Portal Access

• Introduction to Portal Access
• Portal Access Configuration Overview
• Portal Access Configuration
• Portal Access in Action

Chapter 8: Configuring Network Access

• Concurrent User Licensing
• VPN Concepts
• Network Access Configuration Overview
• Network Access Configuration
• Network Access in Action

Chapter 9: Deploying Macros

• Access Policy Macros
• Configuring Macros
• An Access Policy is a Flowchart
• Access Policy Logon Agents
• Configuring Logon Agents

Chapter 10: Exploring Client-Side Checks

• Client-Side Endpoint Security

Chapter 11: Exploring Server-Side Checks

• Server-Side Endpoint Security Agents List
• Server-Side and Client-Side Checks Differences

Chapter 12: Using Authorization

• Active Directory Query
• Active Directory Nested Groups
• Configuration in Detail

Chapter 13: Configuring App Tunnels

• Application Access
• Remote Desktop
• Network Access Optimized Tunnels
• Landing Page Bookmarks

Chapter 14: Deploying Access Control Lists

• Introduction to Access Control Lists
• Configuration Overview
• Dynamic ACLs
• Portal Access ACLs

Chapter 15: Signing On with SSO

• Remote Desktop Single Sign-On
• Portal Access Single Sign-On

Chapter 16: Using iRules

• iRules Introduction
• Basic TCL Syntax
• iRules and Advanced Access Policy Rules

Chapter 17: Customizing BIG-IP APM

• Customization Overview
• BIG-IP Edge Client
• Advanced Edit Mode Customization
• Landing Page Sections

Chapter 18: Deploying SAML

• SAML Conceptual Overview
• SAML Configuration Overview

Chapter 19: Exploring Webtops and Wizards

• Webtops
• Wizards

Chapter 20: Using BIG-IP Edge Client

• BIG-IP Edge Client for Windows Installation
• BIG-IP Edge Client in Action

Chapter 21: Configuration Project

Chapter 22: Additional Training and Certification

• Getting Started Series Web-Based Training
• F5 Instructor Led Training Curriculum
• F5 Professional Certification Program

This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of BIG-IP Access Policy Manager.

Students must complete one of the following F5 prerequisites before attending this course:

• Administering BIG-IP instructor-led course

or-

• F5 Certified BIG-IP Administrator

The following free web-based courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience.

• Getting Started with BIG-IP web-based training
• Getting Started with Local Traffic Manager (LTM) web-based training
• Getting Started with BIG-IP Access Policy Manager (APM) web-based training

The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

• OSI model encapsulation
• Routing and switching
• Ethernet and ARP
• TCP/IP concepts
• IP addressing and subnetting
• NAT and private IP addressing
• Network firewalls Default gateway
• LAN vs. WAN

The following course-specific knowledge and experience is suggested before attending this course:

• Hands-on experience with BIG-IP
• Basic web application delivery (BIG-IP LTM)
• HTML, HTTP, HTTPS as well as some CSS and JavaScript
• Telnet, SSH and TLS/SSL
• VPN or tunnel encapsulation, Layer 4 NAT and Access Control Lists