Shaping the future of IT skills

Maximising IT performance through learning

Configuring F5 SSL Orchestrator - SSLO


F5 Networks

Configuring F5 SSL Orchestrator - SSLO

15 Sep 2022 - 2 days


CEST UTC+02:00



Show Tabs
In this 2 day course, students are provided with a functional understanding of how to deploy, test and maintain F5 SSL Orchestrator to optimize the SSL infrastructure, provide security devices with visibility of SSL/TLS encrypted traffic, and maximize efficient use of that existing security investment.

The course includes lecture, hands-on labs, and discussion about the importance of SSL visability, how F5 SSL Orchestrator supports policy-based management, steering of traffic flows to existing security devices and centralizes the SSL decrypt/encrypt function through multi-layered security, dynamic service chaining, topology selections and security policies.
Prerequisites & Audience
The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:
  • OSI model encapsulation
  • Routing and switching
  • Ethernet and ARP
  • TCP/IP concepts
  • IP addressing and subnetting
  • NAT and private IP addressing
  • Default gateway
The following course-specific knowledge and experience is suggested before attending this course:
  • HTTP, HTTPS protocols
  • Security services such as malware detection, data loss/leak prevention (DLP), next-generation firewalls (NGFW), intrusion prevention systems (IPS), and Internet Content Adaptation Protocol (ICAP)
Course Benefits
  • Understand basic use cases for decryption and re-encryption of inbound and outbound SSL/TLS network traffic
  • Create dynamic service chains of multiple security services
  • Configure security policies to enable policy-based traffic steering
  • Add SSL visibility to existing applications
  • Deploy SSL Orchestrator configurations based on topology templates
  • Troubleshoot an SSL Orchestrator deployment
Course Topics
  • Compare F5 SSL Orchestration to manual “daisy chaining” of security services
  • Learn essentials of PKI and certificates, how to create a certificate signing request, and how to import certificates and private keys into BIG-IP
  • Implement certificate forging in an SSL Forward Proxy deployment
  • Understand HTTP, ICAP, L3/L2, and TAP security services
  • Configure traffic classification and URL bypass within a security policy
  • Define security services to include in a dynamic service chain
  • Use the Guided Configuration to deploy an outbound Layer 3 transparent forward proxy
  • Use the Guided Configuration to deploy an outbound Layer 3 explicit forward proxy
  • Use the Guided Configuration to deploy an inbound Layer 3 reverse proxy
  • Use the Guided Configuration to deploy an SSL Orchestration for an existing application
  • Configure High Availability for SSLO devices
  • Troubleshoot SSLO and traffic flow issues
Chapter 1: Introducing SSL Orchestrator  
  • Why is SSL Visibility Needed?
  • SSL Visibility without SSL Orchestrator
  • The SSL Orchestrator Solution
  • SSLO Placement on the Network
  • Platform and Licensing Requirements
  • Leveraging F5 Support Resources and Tools
Chapter 2: Reviewing Local Traffic Configuration
  • Reviewing Nodes, Pools, and Virtual Servers
  • Reviewing Address and Port Translation
  • Reviewing Routing Assumptions
  • Reviewing Application Health Monitoring
  • Reviewing Traffic Behavior Modification with Profiles
  • Reviewing the TMOS Shell (TMSH)
  • Reviewing Managing BIG-IP Configuration Data
Chapter 3: Certificate Fundamentals
  • Overview of Internet Security Model
  • Understanding how Certificates are Used
  • Using a Certificate in Profiles
  • SSL Forward Proxy
  • SSLdump
Chapter 4: SSLO Traffic Flow
  • SSL Orchestration is more than Visibility
  • Inbound/Outbound Inspection
  • Flow Support and Cipher Diversity
  • Broad Topology and Device Support
  • Dynamic Service Chaining and Policy-based Traffic Steering
  • Advanced Monitoring
  • Dynamic Scaling
  • Dynamic Evaluation
  • Selecting the Appropriate Topology
Chapter 5: Using SSLO Guided Configuration
  • Introducing Guided Configuration
  • Reviewing the Landing Page
  • Differentiating Topologies
  • SSL Configuration
  • Services and Service Handling
  • Constructing Service Chains
  • Creating a Security Policy
  • Defining an Interception Rule
  • Examining Egress
  • Applying Log Settings
  • Summary page and Deployment
  • Exploring the Dashboard
Chapter 6: SSLO Deployment Scenarios
  • Transparent Forward Proxy
  • Explicit Forward Proxy
  • Classroom Lab Environment
  • Gateway Reverse Proxy (L3 Inbound)
  • Existing Application
Chapter 7: Managing the SSLO Security Policy
  • Review creating Security Policies
  • View Security Policies
  • Viewing Per-Request Policies
Chapter 8: Troubleshooting SSLO
  • Solving Traffic Flow Issues
  • Solving Guided Configration(UI) and iAppLX issues
  • Determining SSLO Version
  • Troubleshooting using cURL
  • Viewing Log Files
  • Capturing Traffic using tcpdump
  • Backing up SSLO
  • Deleting a SSLO Configuration
Chapter 9: SSLO High Availability
  • Deploying BIG-IP Systems to Achieve High Availability
  • Establishing Device Trust
  • Establishing a Sync-Failover Device Group
  • Synchronizing Configuration Data
  • SSLO High Availability (HA) Requirements
  • Installation and Upgrade Cautions
  • Troubleshooting HA

F5 Networks courses

F5 Configuring BIGIP Viprion v15.1 - VIPRION
F5 Developing iRules for BIGIP v15.1 - IRULE-CFG
F5 Configuring BIGIP APM: Access Policy Manager v15.1 - EGW-APM
F5 Troubleshooting Big IP LTM v16.1 - BIG-TRBL-INT2
F5 Administering BIGIP v16.1 - BIG-OP-ADMIN
F5 Configuring BIGIP LTM v16.1 : Local Traffic Manager - BIG-LTM-CFG-3
F5 Configuring BIGIP AFM: Advanced Firewall Manager - BIG-AFM-CFG
Configuring BIGIQ - BIG-IQ-CFG
Configuring F5 SSL Orchestrator - SSLO
Automating BIG-IP with Ansible - BIG-AUTO
Automating BIG-IP with AS3 - BIG-AUTO
Configuring F5 Advanced WAF- BIG-AWF-CFG
F5 Configuring BIG IP DNS - BIG-DNS
F5 Bootcamp: ADM, LTM, VCMP
We use cookies to understand how you use our site and to improve your experience. To learn more, click here. Read our revised Privacy Policy and Terms and Conditions.