Академический Документы
Профессиональный Документы
Культура Документы
Firewall Manager
course description local traffic manager advanced firewall manager
This two day course uses lectures and hands-on exercises to give participants real-time
experience in setting up and configuring the BIG-IP Advanced Firewall Manager system.
Students are introduced to the AFM user interface, stepping through various options that
demonstrate how AFM is configured to build a network firewall and detect and protect against
DoS (Denial of Service) attacks. Reporting and log facilities are also explained in relationship to
the firewall rules created in worked examples. Further, firewall functional and additional DoS
facilities for DNS and SIP traffic are discussed.
Topics covered in this course include:
By course completion, the student should be able to perform an initial configuration of the BIGIP AFM system. In addition, the student should be able to monitor, administer, and perform basic
configuration and troubleshooting tasks on traffic processed by the BIG-IP AFM System.
Audience
This course is intended for system and network administrators responsible for installation, setup,
configuration, and administration of the BIG-IP Advanced Firewall Manager System.
Prerequisites
Students should be familiar with the F5 BIG-IP Product Suite and, in particular, how to setup and
configure a BIG-IP LTM system, including virtual servers, pools, profiles, VLANs and self-IPs.
Students should have previously attended one of the following F5 BIG-IP Version 11.x public
training courses:
Administering BIG-IP
BIG-IP Local Traffic Manager (LTM) Essentials
F5 Certified BIG-IP Administrator certification
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
Stale Rules
Lists and Schedules
Rule Lists
Address Lists
Port Lists
Schedules
Policies
Lab 2.1: Standard Virtual Server
Lab 2.2: Application and Firewall Mode
Lab 2.3: Contexts and Actions
Lab 2.4: Firewall Rule on Virtual Server
Lab 2.5: Block only HTTP traffic
Lab 2.6: Block by Source IP address
Lab 2.7: Block by Destination IP address
Lab 2.8: Lists
Lab 2.9: Policies
Chapter 3: Logs
o Event Logs
o Logging Profiles
o Logging and Logging Profiles
o BIG-IP Logging Mechanisms
o Publisher
o Log Destination
o Custom Search
o Clearing Event Logs
o Logging Global Rule Events
o iHealth
o QKView
o Other Log Files
o SNMP MIB
o Lab 3.1: Logging Profile
o Lab 3.2: Remote Logging
o Lab 3.3: Logging Global Rules
Chapter 4: IP Intelligence
o Functional History
o Architecture
o Feature 1 Black and White Lists
o Black List Classes
o Feed Lists
o IP Intelligence Policies
o IP Intelligence Log Profile
o IP Intelligence Reporting
o Troubleshooting IP Intelligence Lists
o Feature 2 IP Intelligence Database
o Licensing
o Installation
o
o
o
o
o
Configuration
Troubleshooting
IP Intelligence iRule
Lab 4.1: Global Black List
Lab 4.2: Virtual Server Black List
Chapter 5: DoS Protection
o DoS Protection
o Configuring AFM to detect and prevent DoS and DDoS attacks
o Lab 5.1: ICMP DoS Attack
o Lab 5.2: TCP Dos Attack
Chapter 6: Reports
o Reports
o Reporting
o General Reporting Facilities
o Charts
o Details
o Report Export
o Network Screens
o DoS Screens
o Settings
o Overview
o Summary
o Widgets
o Time Periods, Settings, Export, and Delete Options
o Firewall Manager
o Lab 6.1: Firewall Manager
o Lab 6.2: Overview
Chapter 7: DoS White Lists
o White Lists
o Configuration
o Tmsh
o Lab 7.1: DoS White List
Chapter 8: DoS Sweep Flood Protection
o Sweep Flood
o Configuration
o Lab 8.1: Sweep Attack
Chapter 9: DNS Firewall
o DNS Firewall
o Configuration
o Lab 9.1: Block UDP Traffic
o Lab 9.2: DNS Firewall
Chapter 10: DNS DoS
o DNS DoS
o Configuration
o Lab 10.1: DNS DoS Attack
Chapter 11: SIP DoS
o
o
o
o
o
o