Chapter 1: Introducing SSL Orchestrator

• Internet Security and SSL Visibility

• Introducing SSL Orchestrator and its role in network security

• SSL Orchestrator Placement on the Network

• Platform and Licensing Requirements

Chapter 2: Certificate Fundamentals

• Overview of Internet Security Model

• Understanding Certificate Use

• Managing Certificates on SSL Orchestrator (BIG-IP)

Chapter 3: Architecture Overview

• Inbound and outbound inspection

• Cipher diversity

• Broad topology and inspection device support

• Dynamic service chaining and policy-based traffic steering

• Advanced monitoring

• Dynamic scaling and evaluation

Chapter 4: Guided Configuration

• Reviewing the Landing Page

• Selecting a Topology

• Making SSL Certificate Configurations

• Creating Services and Service Handling

• Constructing a Service Chain

• Building a Security Policy

• Defining an Interception Rule

• Examining Egress settings

• Reviewing the Summary Page and Deployment

• Exploring the SSL Orchestrator Dashboard

Chapter 5: Services

• Relationship of devices to services

• Inline layer 2, layer 3 and HTTP inspection services

• ICAP and TAP passive inspection services

Chapter 6: Topologies

• Selecting the appropriate topology

• Benefits and limitations of topologies

• Existing application integration

• Layer 2 virtual wire concepts

Chapter 7: Components

• Initial and subsequent forward proxy flow

• Flow and header based signaling

• Access components

• Appropriate naming of service objects

• Authentication

• Tee connector design and flow

Chapter 8: Managing Security Policy

• Creating security policies

• Reviewing per-request policy for an outbound topology

• Navigating Visual Policy Editor

Chapter 9: Solving SSL Orchestrator Problems

• Collecting system information

• Solving traffic flow issues

• Guided Configuration and iAppLX issues

• Troubleshooting with cURL

• Traffic captures with tcpdump

• Cleanup and deleting configurations

Chapter 10: SSL Orchestrator High Availability

• Review BIG-IP High Availability

• SSL Orchestrator High Availability (HA) Requirements

• Installation and Upgrade Cautions

• SSL Orchestrator in Scaled Mode

• Troubleshooting SSL Orchestrator HA

The following free Self-Directed Training (SDT) courses, although optional, are helpful for any student with limited BIG-IP administration and configuration experience:

• Getting Started with BIG-IP

• Getting Started with SSL Orchestrator (SSLO)

General network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course, including OSI model encapsulation, routing and switching, Ethernet and ARP, TCP/IP concepts, IP addressing and subnetting, NAT and private IP addressing, NAT and private IP addressing, default gateway, network firewalls, and LAN vs. WAN.

The following course-specific knowledge and experience is suggested before attending this course:

• HTTP, HTTPS, FTP, and SSH protocols

• TLS/SSL

• Security services such as malware detection, data loss/leak prevention (DLP), next-generation firewalls (NGFW), intrusion prevention systems (IPS), and Internet Content Adaptation Protocol (ICAP)

Configuring BIG-IP LTM: Local Traffic Manager v.16.1

Configuring BIG-IP DNS (formerly GTM) v.16.1

Configuring F5 Advanced WAF (previously licensed as ASM) v16.1

Configuring BIG-IP APM: Access Policy Manager v.16.1

Developing iRules for BIG-IP v.16.1

Troubleshooting BIG-IP v.16.1

Configuring BIG-IP LTM: Local Traffic Manager v.16.1

Configuring BIG-IP DNS (formerly GTM) v.16.1

Configuring F5 Advanced WAF (previously licensed as ASM) v16.1

Configuring BIG-IP APM: Access Policy Manager v.16.1

Developing iRules for BIG-IP v.16.1

Troubleshooting BIG-IP v.16.1