دوره آموزش F5 BIG-IP Pack 1

شرح دوره F5 BIG-IP Pack 1

پک آموزشی طراحی شده دوره F5 BIG-IP Pack 1 توسط دوران آکادمی شامل یه ماژول پرکاربرد و محبوب شرکت F5

شامل دوره های

• مدیریت و عیب یابی F5 BIG-IP
• مدیریت ترافیک برنامه ها به کمک مدیر ترافیک محلی  Local Traffic Manager
• مدیریت امنیت برنامه ها Application Security management

به دلیل خاص بودن ماهیت ماژول های سخت افزاری شرکت F5، تعداد متخصصان این تجهیز بسیار اندک است، لذا آشنایی با نحوه پیکربندی و پشتیبانی از آن به عنوان یکی از معتبرترین و کلیدی ترین تخصص های دنیای IT محسوب می شود. هدف از برگزاری دوره آموزشی، توانمندی «مدیریت تجهیزات سخت افزاری شرکت F5»، آشنایی با ویژگی های انواع ماژولها و تکنیک های قرارگیری آنها در شبکه، انواع روش های پیکربندی آنها و بررسی نیازمندی‌های مربوطه براساس سناریوهای دنیای واقعی، پیکربندی تک تک خصیصه های موردنیاز و همچنین فرآیند پشتیبانی از آن می باشد.قطعا پس از اتمام دوره مذکور، فرد توانمندی پیکربندی کامل ماژول های برکاربرد F5 و پشتیبانی از آنها تحت سناریوهای مختلف را در یک شبکه بسیار بزرگ تجاری خواهد داشت.

اهداف دوره F5 BIG-IP Pack 1

• https://douran.academy/product/f5-administering-and-troubleshooting-big-ip/
• https://douran.academy/product/configuring-f5-big-ip-ltm/
• https://douran.academy/product/configuring-f5-big-ip-asm/

پیش نیاز دوره

• مفاهیم  مدل OSI
• مسیریابی و سویچینگ
• اترنت و آرپ پروتکل (ARP)
• مفاهیم TCP / IP
• آدرس دهی و زیر شبکه IP
• مفاهیم NAT & آدرس دهی خصوصی
• Default gateway (دروازه پیش فرض)
• فایروال های شبکه
• مفایل LAN تا WAN

مخاطبین دوره F5 BIG-IP Pack 1

• کارشناسان ارشد امنیت
• کارشناسان  و مدیران شبکه
• راهبران دستگاه های شرکت F5
• مشاوران حوزه شبکه و امنیت
• علاقمندان به فایروال قدرتمند F5

مزایای دوره

• ارائه مدرک معتبر
• امکان برگزاری با همکاری آموزشگاهای رسمی
• ارائه مدرک رسمی ز کمپانی F5
• برگزاری دوره ها بصورت کاملا عملی
• استفاده از لابراتور مجهز
• استفاده از برترین اساتید داخلی و با مدرک بین المللی
• با توجه به حضور گروه دوران در بیش از 1000 پروژه سازمانی، امکان معرفی دانشجویان دوره به بازار کار مرتبط به دوره ها
• تخفیف جهت حضور در دوره های بعدی
• دريافت مدرک بين المللی مرتبط

عناوین دوره

سرفصل ها بر اساس نسخه 14

Chapter 1: Setting Up the BIG-IP System

Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Configuring the Management Interface
Activating the Software License
Provisioning Modules and Resources
Importing a Device Certificate
Specifying BIG-IP Platform Properties
Configuring the Network
Configuring Network Time Protocol (NTP) Servers
Configuring Domain Name System (DNS) Settings
Configuring High Availability Options
Archiving the BIG-IP Configuration
Leveraging F5 Support Resources and Tools
Chapter 2: Traffic Processing Building Blocks

Identifying BIG-IP Traffic Processing Objects
Configuring Virtual Servers and Pools
Load Balancing Traffic
Viewing Module Statistics and Logs
Using the Traffic Management Shell (TMSH)
Understanding the TMSH Hierarchical Structure
Navigating the TMSH Hierarchy
Managing BIG-IP Configuration State and Files
BIG-IP System Configuration State
Loading and Saving the System Configuration
Shutting Down and Restarting the BIG-IP System
Saving and Replicating Configuration Data (UCS and SCF)
Chapter 3: Using NATs and SNATs

Address Translation on the BIG-IP System
Mapping IP Addresses with NATs
Solving Routing Issues with SNATs
Configuring SNAT Auto Map on a Virtual Server
Monitoring for and Mitigating Port Exhaustion
Chapter 4: Monitoring Application Health

Introducing Monitors
Types of Monitors
Monitor Interval and Timeout Settings
Configuring Monitors
Assigning Monitors to Resources
Managing Pool, Pool Member, and Node Status
Using the Network Map
Chapter 5: Modifying Traffic Behavior with Profiles

Introducing Profiles
Understanding Profile Types and Dependencies
Configuring and Assigning Profiles
Introducing SSL Offload and SSL Re-Encryption
Managing Object State
Chapter 6: Modifying Traffic Behavior with Persistence

Understanding the Need for Persistence
Introducing Source Address Affinity Persistence
Managing Object State
Chapter 7: Administering the BIG-IP System

Configuring Logging
Legacy Remote Logging
Introducing High Speed Logging (HSL)
High-Speed Logging Filters
HSL Configuration Objects
Configuring High Speed Logging
Using TCPDUMP on the BIG-IP System
Leveraging the BIG-IP iHealth System
Viewing BIG-IP System Statistics
Defining User Roles and Administrative Partitions
Leveraging vCMP
Chapter 8: Configuring High Availability

Introducing Device Service Clustering (DSC)
Preparing to Deploy a DSC Configuration
Configuring DSC Communication Settings
Establishing Device Trust
Establishing a Sync-Failover Device Group
Synchronizing Configuration Data
Exploring Traffic Group Behavior
Understanding Failover Managers and Triggers
Achieving Stateful Failover with Mirroring

سرفصل های مربوط به کارگاه

F5 BIG-IP Administration and Troubleshooting Workshop (8 Hours)

• VLAN Configuration
• Trunk Configuration
• Self-IP, Floating-IP and Route Management
• Server Pool, Pool Member and Node Configuration
• Pool Monitor Configuration
• NAT-List, SNAT-List and SNAT Pool Configuration
• Traffic Profile Configuration
• F5 TMOS Maintenance
• Creating Backup Files and Restoring Backup

• Chapter 1: Setting Up the BIG-IP System
  • Introducing the BIG-IP System
  • Initially Setting Up the BIG-IP System
  • Archiving the BIG-IP Configuration
  • Leveraging F5 Support Resources and Tools

  Chapter 2: Reviewing Local Traffic Configuration

  • Reviewing Nodes, Pools, and Virtual Servers
  • Reviewing Address Translation
  • Reviewing Routing Assumptions
  • Reviewing Application Health Monitoring
  • Reviewing Traffic Behavior Modification with Profiles
  • Reviewing the TMOS Shell (TMSH)
  • Reviewing Managing BIG-IP Configuration Data

  Chapter 3: Load Balancing Traffic with LTM

  • Exploring Load Balancing Options
  • Using Priority Group Activation and Fallback Host
  • Comparing Member and Node Load Balancing

  Chapter 4: Modifying Traffic Behavior with Persistence

  • Reviewing Persistence
  • Introducing Cookie Persistence
  • Introducing SSL Persistence
  • Introducing SIP Persistence
  • Introducing Universal Persistence
  • Introducing Destination Address Affinity Persistence
  • Using Match Across Options for Persistence

  Chapter 5: Monitoring Application Health

  • Differentiating Monitor Types
  • Customizing the HTTP Monitor
  • Monitoring an Alias Address and Port
  • Monitoring a Path vs. Monitoring a Device
  • Managing Multiple Monitors
  • Using Application Check Monitors
  • Using Manual Resume and Advanced Monitor Timer Settings

  Chapter 6: Processing Traffic with Virtual Servers

  • Understanding the Need for Other Virtual Server Types
  • Forwarding Traffic with a Virtual Server
  • Understanding Virtual Server Order of Precedence
  • Path Load Balancing

  Chapter 7: Processing Traffic with SNATs

  • Overview of SNATs
  • Using SNAT Pools
  • SNATs as Listeners
  • SNAT Specificity
  • VIP Bounceback
  • Additional SNAT Options
  • Network Packet Processing Review

  Chapter 8: Modifying Traffic Behavior with Profiles

  • Profiles Overview
  • TCP Express Optimization
  • TCP Profiles Overview
  • HTTP Profile Options
  • OneConnect
  • Offloading HTTP Compression to BIG-IP
  • HTTP Caching
  • Stream Profiles
  • F5 Acceleration Technologies

  Chapter 9: Selected Topics

  • VLAN, VLAN Tagging, and Trunking
  • Restricting Network Access
  • SNMP Features
  • Segmenting Network Traffic with Route Domains

  Chapter 10: Deploying Application Services with iApps

  • Simplifying Application Deployment with iApps
  • Using iApps Templates
  • Deploying an Application Service
  • Leveraging the iApps Ecosystem on DevCentral

  Chapter 11: Customizing Application Delivery with iRules and Local Traffic Policies

  • Getting Started with iRules
  • Triggering an iRule
  • Introducing iRule Constructs
  • Leveraging the DevCentral Ecosystem
  • Deploying and Testing iRules
  • Getting Started with Local Traffic Policies
  • What Can You Do with a Local Traffic Policy?
  • How Does a Local Traffic Policy Work?
  • Understanding Local Traffic Policy Workflow
  • Introducing the Elements of a Local Traffic Policy
  • Specifying the Matching Strategy
  • What Are Rules?
  • Understanding Requires and Controls
  • Configuring and Managing Policy Rules
  • Configuring a New Rule
  • Including Tcl in Certain Rule Settings

  Chapter 12: Securing Application Delivery with LTM

  • Understanding Today’s Threat Landscape
  • Integrating LTM Into Your Security Strategy
  • Defending Your Environment Against SYN Flood Attacks
  • Defending Your Environment Against Other Volumetric Attacks
  • Addressing Application Vulnerabilities with iRules and Local Traffic Policies

   

• Chapter 13: Final Lab Project(ورک شاپ طراحی شده توسط دوران آکادمی)
•  Administrative Partition Configuration
   Route Domains Configuration
   Local Traffic Policies Configuration
   Choosing Desired Load-balancing Methods
   VA (Virtual Address) and VS (Virtual Server) Configuration
   HA (High Availability) Configuration

Chapter 1: Setting Up the BIG-IP System

Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Archiving the BIG-IP System Configuration
Leveraging F5 Support Resources and Tools

Chapter 2: Traffic Processing with BIG-IP

Identifying BIG-IP Traffic Processing Objects
Overview of Network Packet Flow
Understanding Profiles
Overview of Local Traffic Policies
Visualizing the HTTP Request Flow
Chapter 3: Web Application Concepts

Overview of Web Application Request Processing
Web Application Firewall: Layer 7 Protection
ASM Layer 7 Security Checks
Overview of Web Communication Elements
Overview of the HTTP Request Structure
Examining HTTP Responses
How ASM Parses File Types, URLs, and Parameters
Using the Fiddler HTTP Proxy
Chapter 4: Common Web Application Vulnerabilities

A Taxonomy of Attacks: The Threat Landscape
What Elements of Application Delivery are Targeted?
Common Exploits Against Web Applications
Chapter 5: Security Policy Deployment

Defining Learning
Comparing Positive and Negative Security Models
The Deployment Workflow
Policy Type: How Will the Policy Be Applied
Policy Template: Determines the Level of Protection
Policy Templates: Automatic or Manual Policy Building
Assigning Policy to Virtual Server
Deployment Workflow: Using Advanced Settings
Selecting the Enforcement Mode
The Importance of Application Language
Configure Server Technologies
Verify Attack Signature Staging
Viewing Requests
Security Checks Offered by Rapid Deployment
Defining Attack Signatures
Using Data Guard to Check Responses
Chapter 6: Policy Tuning and Violations

Post-Deployment Traffic Processing
Defining Violations
Defining False Positives
How Violations are Categorized
Violation Rating: A Threat Scale
Defining Staging and Enforcement
Defining Enforcement Mode
Defining the Enforcement Readiness Period
Reviewing the Definition of Learning
Defining Learning Suggestions
Choosing Automatic or Manual Learning
Defining the Learn, Alarm and Block Settings
Interpreting the Enforcement Readiness Summary
Configuring the Blocking Response Page
Chapter 7: Attack Signatures

Defining Attack Signatures
Attack Signature Basics
Creating User-Defined Attack Signatures
Defining Simple and Advanced Edit Modes
Defining Attack Signature Sets
Defining Attack Signature Pools
Understanding Attack Signatures and Staging
Updating Attack Signatures
Chapter 8: Positive Security Policy Building

Defining and Learning Security Policy Components
Defining the Wildcard
Defining the Entity Lifecycle
Choosing the Learning Scheme
How to Learn: Never (Wildcard Only)
How to Learn: Always
How to Learn: Selective
Reviewing the Enforcement Readiness Period: Entities
Viewing Learning Suggestions and Staging Status
Violations Without Learning Suggestions
Defining the Learning Score
Defining Trusted and Untrusted IP Addresses
How to Learn: Compact
Chapter 9: Cookies and Other Headers

ASM Cookies: What to Enforce
Defining Allowed and Enforced Cookies
Configuring Security Processing on HTTP headers
Chapter 10: Reporting and Logging

Overview: Big Picture Data
Reporting: Build Your Own View
Reporting: Chart based on filters
Brute Force and Web Scraping Statistics
Viewing ASM Resource Reports
PCI Compliance: PCI-DSS 3.0
The Attack Expert System
Viewing Traffic Learning Graphs
Local Logging Facilities and Destinations
How to Enable Local Logging of Security Events
Viewing Logs in the Configuration Utility
Exporting Requests
Logging Profiles: Build What You Need
Configuring Response Logging
Chapter 11: Lab Project 1

Chapter 12: Advanced Parameter Handling

Defining Parameter Types
Defining Static Parameters
Defining Dynamic Parameters
Defining Dynamic Parameter Extraction Properties
Defining Parameter Levels
Other Parameter Considerations
Chapter 13: Policy Diff and Administration

Comparing Security Policies with Policy Diff
Merging Security Policies
Editing and Exporting Security Policies
Restoring with Policy History
Examples of ASM Deployment Types
ConfigSync and ASM Security Data
ASMQKVIEW: Provide to F5 Support for Troubleshooting
Chapter 14: Using Application-Ready Templates

Application Templates: Pre-Configured Baseline Security
Chapter 15: Automatic Policy Building

Overview of Automatic Policy Building
Defining Templates Which Automate Learning
Defining Policy Loosening
Defining Policy Tightening
Defining Learning Speed: Traffic Sampling
Defining Track Site Changes
Chapter 16: Web Application Vulnerability Scanner Integration

Integrating Scanner Output Into ASM
Will Scan be Used for a New or Existing Policy?
Importing Vulnerabilities
Resolving Vulnerabilities
Using the Generic XML Scanner XSD file
Chapter 17: Layered Policies

Defining a Parent Policy
Defining Inheritance
Parent Policy Deployment Use Cases
Chapter 18: Login Enforcement, Brute Force Mitigation, and Session Tracking

Defining Login Pages
Configuring Automatic Detection of Login Pages
Defining Session Tracking
What Are Brute Force Attacks?
Brute Force Protection Configuration
Defining Source-Based Protection
Source-Based Brute Force Mitigations
Defining Session Tracking
Configuring Actions Upon Violation Detection
Session Hijacking Mitigation Using Device ID
Chapter 19: Web Scraping Mitigation and Geolocation Enforcement

Defining Web Scraping
Mitigating Web Scraping
Defining Geolocation Enforcement
Configuring IP Address Exceptions
Chapter 20: Layer 7 DoS Mitigation and Advanced Bot Protection

Defining Denial of Service Attacks
The General Flow of DoS Protection
Defining the DoS Profile
Overview of TPS-based DoS Protection
Applying TPS mitigations
Create a DoS Logging Profile
Defining DoS Profile General Settings
Defining Bot Signatures
Defining Proactive Bot Defense
Defining Behavioral and Stress-Based Detection
Defining Behavioral DoS Mitigation
Chapter 21: ASM and iRules

Common Uses for iRules
Identifying iRule Components
Triggering iRules with Events
Defining ASM iRule Events
Defining ASM iRule Commands
Using ASM iRule Event Modes
Chapter 22: Using Content Profiles

Defining Asynchronous JavaScript and XML
Defining JavaScript Object Notation (JSON)
Defining Content Profiles
The Order of Operations for URL Classification
Chapter 23: Review and Final Labs

Final Lab Project (Option 1) – Production Scenario
Final Lab Project (Option 2) – JSON Parsing with the Default JSON Profile
Final Lab Project (Option 3) – Managing Traffic with Layer 7 Local Traffic Policies

سرفصل های ورکشاپ

• Application Security Policies Configuration
• Attack Signatures Management
• Fine-tuning of Security Policies
• Brute-force Attack Prevention
• Web Scraping Attack Prevention
• CSRF Attack Protection
• Sessions and Login Protection (Session Tracking and Session Awareness)
• DoS Attacks Detection and Mitigation
• Checking Health, Logs and Reports

دوران آکادمی زیر مجموعه گروه دوران، مجری برگزاری دوره  F5 BIG-IP Pack 1 در قالب آموزش امنیت به صورت آموزش آنلاین و حضوری با بهره گیری از لابراتور آنلاین اختصاصی بهمراه گواهی معتبرارائه می‌شود.