Configuring BIG-IP AFM v11: Advanced

Firewall Manager
course description local traffic manager advanced firewall manager
This two day course uses lectures and hands-on exercises to give participants real-time
experience in setting up and configuring the BIG-IP Advanced Firewall Manager system.
Students are introduced to the AFM user interface, stepping through various options that
demonstrate how AFM is configured to build a network firewall and detect and protect against
DoS (Denial of Service) attacks. Reporting and log facilities are also explained in relationship to
the firewall rules created in worked examples. Further, firewall functional and additional DoS
facilities for DNS and SIP traffic are discussed.
Topics covered in this course include:

Installation and setup of the BIG-IP AFM System

AFM network firewall concepts
Firewall options and modes
Network firewall rules, policies, address/port lists, rule lists and schedules
IP intelligence facilities
Detection and prevention of DoS and DDoS attacks
Event logging of firewall rules and DoS attacks
Reporting and notification facilities
DoS Whitelists
DNS Firewall and DoS
SIP DoS
Network firewall iRules
IPFIX Logging
Various AFM component troubleshooting

By course completion, the student should be able to perform an initial configuration of the BIGIP AFM system. In addition, the student should be able to monitor, administer, and perform basic
configuration and troubleshooting tasks on traffic processed by the BIG-IP AFM System.

Audience
This course is intended for system and network administrators responsible for installation, setup,
configuration, and administration of the BIG-IP Advanced Firewall Manager System.

Prerequisites
Students should be familiar with the F5 BIG-IP Product Suite and, in particular, how to setup and
configure a BIG-IP LTM system, including virtual servers, pools, profiles, VLANs and self-IPs.

Students should have previously attended one of the following F5 BIG-IP Version 11.x public
training courses:

Administering BIG-IP
BIG-IP Local Traffic Manager (LTM) Essentials
F5 Certified BIG-IP Administrator certification

Students should also understand:

Common security and network terminology

TCP/IP addressing, routing and internetworking concepts
Security authorization and authentication concepts
Common elements of WAN and LAN environments

In addition, students should be proficient in:

Basic PC operation and application skills, including MS Windows

Basic Web browser operation (Internet Explorer is used in class)

View Table of Contents

Configuring BIG-IP AFM v11.5.0: Table of Contents

Chapter 1: Setting up the BIG-IP System

o Review of the BIG-IP System Full Proxy Architecture
o What's inside the BIG-IP System?
o What's on the outside of a BIG-IP?
o Connecting to the BIG-IP System
o Always on Management (AOM) Review
o BIG-IP System Setup Review
o Creating an Archive of the BIG-IP System
o Chapter Resources
o Lab 1.1:BIG-IP Discovery
o Lab 1.2:Backup the System
Chapter 2: Network Firewall
o AFM Firewalls
o Firewall Rule Containers
o AFM Contexts
o AFM Modes
o AFM Packet Processing
o AFM Rules and Direction
o Rules Contexts and Processing
o Configuring Network Firewall
o Network Firewall Rules
o Geolocation
o Redundant and Conflicting Rules

o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o

Stale Rules
Lists and Schedules
Rule Lists
Address Lists
Port Lists
Schedules
Policies
Lab 2.1: Standard Virtual Server
Lab 2.2: Application and Firewall Mode
Lab 2.3: Contexts and Actions
Lab 2.4: Firewall Rule on Virtual Server
Lab 2.5: Block only HTTP traffic
Lab 2.6: Block by Source IP address
Lab 2.7: Block by Destination IP address
Lab 2.8: Lists
Lab 2.9: Policies
Chapter 3: Logs
o Event Logs
o Logging Profiles
o Logging and Logging Profiles
o BIG-IP Logging Mechanisms
o Publisher
o Log Destination
o Custom Search
o Clearing Event Logs
o Logging Global Rule Events
o iHealth
o QKView
o Other Log Files
o SNMP MIB
o Lab 3.1: Logging Profile
o Lab 3.2: Remote Logging
o Lab 3.3: Logging Global Rules
Chapter 4: IP Intelligence
o Functional History
o Architecture
o Feature 1 Black and White Lists
o Black List Classes
o Feed Lists
o IP Intelligence Policies
o IP Intelligence Log Profile
o IP Intelligence Reporting
o Troubleshooting IP Intelligence Lists
o Feature 2 IP Intelligence Database
o Licensing
o Installation

o
o
o
o
o

Configuration
Troubleshooting
IP Intelligence iRule
Lab 4.1: Global Black List
Lab 4.2: Virtual Server Black List
Chapter 5: DoS Protection
o DoS Protection
o Configuring AFM to detect and prevent DoS and DDoS attacks
o Lab 5.1: ICMP DoS Attack
o Lab 5.2: TCP Dos Attack
Chapter 6: Reports
o Reports
o Reporting
o General Reporting Facilities
o Charts
o Details
o Report Export
o Network Screens
o DoS Screens
o Settings
o Overview
o Summary
o Widgets
o Time Periods, Settings, Export, and Delete Options
o Firewall Manager
o Lab 6.1: Firewall Manager
o Lab 6.2: Overview
Chapter 7: DoS White Lists
o White Lists
o Configuration
o Tmsh
o Lab 7.1: DoS White List
Chapter 8: DoS Sweep Flood Protection
o Sweep Flood
o Configuration
o Lab 8.1: Sweep Attack
Chapter 9: DNS Firewall
o DNS Firewall
o Configuration
o Lab 9.1: Block UDP Traffic
o Lab 9.2: DNS Firewall
Chapter 10: DNS DoS
o DNS DoS
o Configuration
o Lab 10.1: DNS DoS Attack
Chapter 11: SIP DoS

o
o
o
o
o
o

Session Initiation Protocol (SIP)

Transactions and Dialogs
SIP DoS
Configuration
SIP iRules
Lab 11.1: SIP DoS
Chapter 12: Network Firewall iRules
o Network Firewall iRules
o iRule Event
o Use Cases
o Best Practice
o Lab 12.1: Network Firewall iRule
Chapter 13: IPFIX
o Internet Protocol Flow eXport (IPFIX)
o Architecture and Terminology
o Message Structure
o Configuration
o Tmsh
o Lab 13.1: IPFIX Logging
Appendix A: Complete Setup Instructions
o Lab A.1: Changing Initial IP Address
o Lab A.2: Licensing, Provisioning and Setup
o Lab A.3: Network Configuration
o Lab A.4: Configuration Utility
o Lab A.5: Backup the System
Appendix B: Additional Labs
o Lab B1: Self IP Rule
o Lab B2: Ping Rule
o Lab B3: Block by VLAN
o Lab B4: Partitions
Appendix C: Troubleshooting
o Support Requirements
o tmsh commands
o Tools
Appendix D: Lab Scripts
SKU: F5-TRG-BIG-AFM-CFG
Price: $995 (USD)
Prerequisite Courses:
o Administering BIG-IP V11
o Configuring BIG-IP Local Traffic Manager (LTM) v11