Opleidingen

OVERVIEW This 5-day bundle course covers the following 2 courses:  Administering BIG-IP v15.1 This 2-day course gives network administrators, network operators, and network engineers a functional understanding of the BIG-IP system as it is commonly deployed in an application delivery network. The course introduces students to the BIG-IP system, its configuration objects, how it processes traffic, and how typical administrative and operational activities are performed. The course includes lecture, hands-on labs, interactive demonstrations, and discussions. Topics covered: • Getting started with the BIG-IP system • Traffic processing with BIG-IP Local Traffic Manager (LTM) • Using TMSH (TMOS Shell) command line interface • Using NATs and SNATs • Monitoring application health and managing object status • Modifying traffic behavior with profiles, including SSL offload and re-encryption • Modifying traffic behavior with persistence, including source address affinity and cookie persistence • Troubleshooting the BIG-IP system, including logging (local, high-speed, and legacy remote logging), and using TCPDUMP • User roles and administrative partitions • vCMP concepts • Configuring high availability (including active/standby and connection and persistence mirroring) Configuring BIG-IP LTM v15.1: Local Traffic Manager This 3-day course gives network professionals a functional understanding of BIG-IP Local Traffic Manager, introducing students to both commonly used and advanced BIG-IP LTM features and functionality. Incorporating lecture, extensive hands-on labs, and classroom discussion, the course helps students build the well-rounded skill set needed to manage BIG-IP LTM systems as part of a flexible and high performance application delivery network. Topics covered: • BIG-IP initial setup (licensing, provisioning, and network configuration) • A review of BIG-IP local traffic configuration objects • Using dynamic load balancing methods • Modifying traffic behavior with persistence (including SSL, SIP, universal, and destination address affinity persistence) • Monitoring application health with Layer 3, Layer 4, and Layer 7 monitors (including transparent, scripted, and external monitors) • Processing traffic with virtual servers (including network, forwarding, and reject virtual servers) • Processing traffic with SNATs (including SNAT pools and SNATs as listeners) • Modifying traffic behavior with profiles (including TCP profiles, advanced HTTP profile options, caching, compression, and OneConnect profiles) • Advanced BIG-IP LTM configuration options (including VLAN tagging and trunking, SNMP features, packet filters, and route domains) • Customizing application delivery with iRules and local traffic policies • Securing application delivery using BIG-IP LTM OBJECTIVES At the end of this course, the student will be able to: Administering BIG-IP v15.1 • Describe the role of the BIG-IP system as a full proxy device in an application delivery network • Set up, start/restart/stop, license, and provision the BIG-IP system out-of-the-box • Create a basic network configuration on the BIG-IP system including VLANs and self IPs • Use the Configuration utility and TMSH to manage BIG-IP resources such as virtual servers, pools, pool members, nodes, profiles, and monitors • Create, restore from, and manage BIG-IP archives • View resource status, availability, and statistical information and use this information to determine how the BIG-IP system is currently processing traffic • Use profiles to manipulate the way the BIG-IP system processes traffic through a virtual server • Perform basic troubleshooting and problem determination activities including using the iHealth diagnostic tool • Support, and view traffic flow using TCPDUMP • Understand and manage user roles and partitions • Configure and manage a sync-failover device group with more than two members • Configure stateful failover using connection mirroring and persistence mirroring Configuring BIG-IP LTM v15.1: Local Traffic Manager • Back up the BIG-IP system configuration for safekeeping • Configure virtual servers, pools, monitors, profiles, and persistence objects • Test and verify application delivery through the BIG-IP system using local traffic statistics • Configure priority group activation on a load balancing pool to allow servers to be activated only as needed to process traffic • Compare and contrast member-based and node-based dynamic load balancing methods • Configure connection limits to place a threshold on traffic volume to particular pool members and nodes • Differentiate between cookie, SSL, SIP, universal, and destination address affinity persistence, and describe use cases for each • Describe the three Match Across Services persistence options and use cases for each • Configure health monitors to appropriately monitor application delivery through a BIG-IP system • Configure different types of virtual services to support different types of traffic processing through a BIG-IP system • Configure different types of SNATs to support routing of traffic through a BIG-IP system • Configure VLAN tagging and trunking • Restrict administrative and application traffic through the BIG-IP system using packet filters, port lockdown, and virtual server settings • Configure SNMP alerts and traps in support of remote monitoring of the BIG-IP system • Use iRules and local traffic policies appropriately to customize application delivery through the BIG-IP system • Configure the BIG-IP to detect and mitigate some common attacks at the network and application layers using LTM features such as SYN check, eviction policies, iRules and Local Traffic Policies AUDIENCE This course is intended for system and network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of a BIG-IP application delivery network, and installation, setup, configuration, and administration of the BIG-IP LTM system. CERTIFICATION Exam 201 – TMOS Administration Prerequisite: Valid passing score on Exam 101 or valid F5-CTP, Sales Certification This is the second and final exam that must be completed successfully by candidates wishing to achieve F5 Certified! Administrator, BIG-IP status. Passing this exam shows independence in performing day-to-day operations and basic troubleshooting of TMOS-based devices in various application environments after it has been installed, configured, and implemented. Individuals may choose to complete their certification journey here or move on to pursue the Technical Professional, Technical Specialist, Cloud or Security Solutions certification tracks. View Exam 201 study materials on AskF5 Exam 301a - BIG-IP LTM Specialist: Architect, Set-up, Deploy Prerequisites: Valid F5-CA, BIG-IP Certification This is the first of two exams in the F5 Certified Technology Specialist, BIG-IP LTM certification and serves as a prerequisite to exam 301b. Candidates who pass this exam possess an understanding of underlying principles – from SSL-based VPN implementation to symmetric and asymmetric acceleration – and can draw on that insight to integrate BIG-IP LTM into existing networks as well as new implementations. Receiving the F5-CTS, BIG-IP LTM certification is a prerequisite for both the Cloud and Security Solutions Expert certification tracks. View Exam 301a study materials on AskF5 Exam 301b - BIG-IP LTM Specialist: Maintain and Troubleshoot Prerequisites: Valid F5-CA, BIG-IP Certification, valid passing score on Exam 301a This is the second exam candidates are required to pass in order to receive the F5 Certified Technology Specialist, BIGIP LTM certification. Passing this exam validates their ability to design, implement, maintain, and troubleshoot advanced F5 product features to enhance the effectiveness of an Application Delivery Network. In addition, it shows that a candidate understands underlying principles – from SSL-based VPN implementation to symmetric and asymmetric acceleration – and can draw on that insight to integrate BIG-IP LTM into existing networks as well as new implementations. Receiving the F5-CTS, BIG-IP LTM certification is a prerequisite for both the Cloud and Security Solutions Expert certification tracks. View Exam 301b study materials on AskF5 Exam vouchers can be purchased at an additional charge. Vouchers can be used at www.vue.com/f5 to schedule exams at a time and location convenient to the attendee. NEXT STEP Configuring BIG-IP DNS (formerly GTM) v.16.1 Configuring F5 Advanced WAF (previously licensed as ASM) v16.1 Configuring BIG-IP APM: Access Policy Manager v.16.1 CONTENT Administering BIG-IP v16.1 Chapter 1: Setting Up the BIG-IP System • Introducing the BIG-IP System • Initially Setting Up the BIG-IP System • Configuring the Management Interface • Activating the Software License • Provisioning Modules and Resources • Importing a Device Certificate • Specifying BIG-IP Platform Properties • Configuring the Network • Configuring Network Time Protocol (NTP) Servers • Configuring Domain Name System (DNS) Settings • Configuring High Availability Options • Archiving the BIG-IP Configuration • Leveraging F5 Support Resources and Tools Chapter 2: Traffic Processing Building Blocks • Identifying BIG-IP Traffic Processing Objects • Configuring Virtual Servers and Pools • Load Balancing Traffic • Viewing Module Statistics and Logs • Using the Traffic Management Shell (TMSH) • Understanding the TMSH Hierarchical Structure • Navigating the TMSH Hierarchy • Managing BIG-IP Configuration State and Files • BIG-IP System Configuration State • Loading and Saving the System Configuration • Shutting Down and Restarting the BIG-IP System • Saving and Replicating Configuration Data (UCS and SCF) Chapter 3: Using NATs and SNATs • Address Translation on the BIG-IP System • Mapping IP Addresses with NATs • Solving Routing Issues with SNATs • Configuring SNAT Auto Map on a Virtual Server • Monitoring for and Mitigating Port Exhaustion Chapter 4: Monitoring Application Health • Introducing Monitors • Types of Monitors • Monitor Interval and Timeout Settings • Configuring Monitors • Assigning Monitors to Resources • Managing Pool, Pool Member, and Node Status • Using the Network Map Chapter 5: Modifying Traffic Behavior with Profiles • Introducing Profiles • Understanding Profile Types and Dependencies • Configuring and Assigning Profiles • Introducing SSL Offload and SSL Re-Encryption Chapter 6: Modifying Traffic Behavior with Persistence • Understanding the Need for Persistence • Introducing Source Address Affinity Persistence • Managing Object State Chapter 7: Administering the BIG-IP System • Configuring Logging • Legacy Remote Logging • Introducing High Speed Logging (HSL) • High-Speed Logging Filters • HSL Configuration Objects • Configuring High Speed Logging • Using TCPDUMP on the BIG-IP System • Leveraging the BIG-IP iHealth System • Viewing BIG-IP System Statistics • Defining User Roles and Administrative Partitions • Leveraging vCMP Chapter 8: Configuring High Availability • Introducing Device Service Clustering (DSC) • Preparing to Deploy a DSC Configuration • Configuring DSC Communication Settings • Establishing Device Trust • Establishing a Sync-Failover Device Group • Synchronizing Configuration Data • Exploring Traffic Group Behavior • Understanding Failover Managers and Triggers • Achieving Stateful Failover with Mirroring Configuring BIG-IP LTM v15.1: Local Traffic Manager Chapter 1: Setting Up the BIG-IP System • Introducing the BIG-IP System • Initially Setting Up the BIG-IP System • Archiving the BIG-IP Configuration •Leveraging F5 Support Resources and Tools Chapter 2: Reviewing Local Traffic Configuration • Reviewing Nodes, Pools, and Virtual Servers • Reviewing Address Translation • Reviewing Routing Assumptions • Reviewing Application Health Monitoring • Reviewing Traffic Behavior Modification with Profiles • Reviewing the TMOS Shell (TMSH) • Reviewing Managing BIG-IP Configuration Data Chapter 3: Load Balancing Traffic with LTM • Exploring Load Balancing Options • Using Priority Group Activation and Fallback Host • Comparing Member and Node Load Balancing Chapter 4: Modifying Traffic Behavior with Persistence • Reviewing Persistence • Introducing Cookie Persistence • Specifying Default and Fallback Persistence • Introducing SSL Persistence • Introducing SIP Persistence • Introducing Universal Persistence • Introducing Destination Address Affinity Persistence • Using Match Across Options for Persistence Chapter 5: Monitoring Application Health • Differentiating Monitor Types • Customizing the HTTP Monitor • Monitoring an Alias Address and Port • Monitoring a Path vs. Monitoring a Device • Managing Multiple Monitors • Using Application Check Monitors • Using Manual Resume and Advanced Monitor Timer Settings Chapter 6: Processing Traffic with Virtual Servers • Understanding the Need for Other Virtual Server Types • Forwarding Traffic with a Virtual Server • Understanding Virtual Server Order of Precedence • Path Load Balancing Chapter 7: Processing Traffic with SNATs • Overview of SNATs • Using SNAT Pools • SNATs as Listeners • SNAT Specificity • VIP Bounceback • Additional SNAT Options • Network Packet Processing Review Chapter 8: Modifying Traffic Behavior with Profiles • Profiles Overview • TCP Express Optimization • TCP Profiles Overview • HTTP Profile Options • HTTP/2 Profile Options • OneConnect • Offloading HTTP Compression to BIG-IP • Web Acceleration Profile and HTTP Caching • Stream Profiles • F5 Acceleration Technologies Chapter 9: Selected Topics • VLAN, VLAN Tagging, and Trunking • Restricting Network Access • SNMP Features • Segmenting Network Traffic with Route Domains Chapter 10: Customizing Application Delivery with iRules • Getting Started with iRules • Understanding When iRules are Triggered • Deploying iRules • Constructing an iRule • Testing and Debugging iRules • Exploring iRules Documentation Chapter 11: Customizing Application Delivery with Local Traffic Policies • Getting Started with Local Traffic Policies • Configuring and Managing Policy Rules Chapter 12: Securing Application Delivery with LTM • Understanding Today’s Threat Landscape • Integrating LTM Into Your Security Strategy • Defending Your Environment Against SYN Flood Attacks • Defending Your Environment Against Other Volumetric Attacks • Addressing Application Vulnerabilities with iRules and Local Traffic Policies • Detecting and Mitigating Other Common HTTP Threats Chapter 13: Final Lab Project • About the Final Lab Project Chapter 14: Additional Training and Certification • Getting Started Series Web-Based Training • F5 Instructor Led Training Curriculum • F5 Professional Certification Program Course Changes since v15 Administering BIG-IP v.16.1 • No significant changes to course outline or materials since the v15 release.  • Minor updates to the course include review and update of referenced knowledge articles, GUI screenshots, hardware platform images in introduction and chapter 1 slides and student guide pages, and removed information for obsolete topics such as Link Controller. Configuring BIG-IP LTM v16.1: Local Traffic Manager • Updates for the v16.1 release include changes to TCP Profiles and Securing Application Delivery chapters.  • All remaining content was reviewed and updated for relevance to the BIG-IP v16.1 release.

OVERVIEW This 3-day course gives network professionals a functional understanding of BIG-IP Local Traffic Manager, introducing students to both commonly used and advanced BIG-IP LTM features and functionality.  Incorporating lecture, extensive hands-on labs, and classroom discussion, the course helps students build the well-rounded skill set needed to manage BIG-IP LTM systems as part of a flexible and high performance application delivery network. Course Topics • BIG-IP initial setup (licensing, provisioning, and network configuration) • A review of BIG-IP local traffic configuration objects • Using dynamic load balancing methods • Modifying traffic behavior with persistence (including SSL, SIP, universal, and destination address affinity persistence) • Monitoring application health with Layer 3, Layer 4, and Layer 7 monitors (including transparent, scripted, and external monitors) • Processing traffic with virtual servers (including network, forwarding, and reject virtual servers) • Processing traffic with SNATs (including SNAT pools and SNATs as listeners) • Modifying traffic behavior with profiles (including TCP profiles, advanced HTTP profile options, caching, compression, and OneConnect profiles) • Advanced BIG-IP LTM configuration options (including VLAN tagging and trunking, SNMP features, packet filters, and route domains) • Customizing application delivery with iRules and local traffic policies • Securing application delivery using BIG-IP LTM OBJECTIVES At the end of this course, the student will be able to:  • Back up the BIG-IP system configuration for safekeeping • Configure virtual servers, pools, monitors, profiles, and persistence objects • Test and verify application delivery through the BIG-IP system using local traffic statistics • Configure priority group activation on a load balancing pool to allow servers to be activated only as needed to process traffic • Compare and contrast member-based and node-based dynamic load balancing methods • Configure connection limits to place a threshold on traffic volume to particular pool members and nodes • Differentiate between cookie, SSL, SIP, universal, and destination address affinity persistence, and describe use cases for each • Describe the three Match Across Services persistence options and use cases for each • Configure health monitors to appropriately monitor application delivery through a BIG-IP system • Configure different types of virtual services to support different types of traffic processing through a BIG-IP system • Configure different types of SNATs to support routing of traffic through a BIG-IP system • Configure VLAN tagging and trunking • Restrict administrative and application traffic through the BIG-IP system using packet filters, port lockdown, and virtual server settings • Configure SNMP alerts and traps in support of remote monitoring of the BIG-IP system • Use iRules and local traffic policies appropriately to customize application delivery through the BIG-IP system • Configure the BIG-IP to detect and mitigate some common attacks at the network and application layers using LTM features such as SYN check, eviction policies, iRules and Local Traffic Policies AUDIENCE This course is intended for system and network administrators responsible for installation, setup, configuration, and administration of the BIG-IP LTM system. CERTIFICATION Exam 301a - BIG-IP LTM Specialist: Architect, Set-up, Deploy Prerequisites: Valid F5-CA, BIG-IP Certification This is the first of two exams in the F5 Certified Technology Specialist, BIG-IP LTM certification and serves as a prerequisite to exam 301b. Candidates who pass this exam possess an understanding of underlying principles – from SSL-based VPN implementation to symmetric and asymmetric acceleration – and can draw on that insight to integrate BIG-IP LTM into existing networks as well as new implementations. Receiving the F5-CTS, BIG-IP LTM certification is a prerequisite for both the Cloud and Security Solutions Expert certification tracks. View Exam 301a study materials on AskF5 Exam 301b - BIG-IP LTM Specialist: Maintain and Troubleshoot Prerequisites: Valid F5-CA, BIG-IP Certification, valid passing score on Exam 301a This is the second exam candidates are required to pass in order to receive the F5 Certified Technology Specialist, BIGIP LTM certification. Passing this exam validates their ability to design, implement, maintain, and troubleshoot advanced F5 product features to enhance the effectiveness of an Application Delivery Network. In addition, it shows that a candidate understands underlying principles – from SSL-based VPN implementation to symmetric and asymmetric acceleration – and can draw on that insight to integrate BIG-IP LTM into existing networks as well as new implementations. Receiving the F5-CTS, BIG-IP LTM certification is a prerequisite for both the Cloud and Security Solutions Expert certification tracks. View Exam 301b study materials on AskF5 Exam vouchers can be purchased at an additional charge. Vouchers can be used at www.vue.com/f5 to schedule exams at a time and location convenient to the attendee. NEXT STEP Configuring BIG-IP DNS (formerly GTM) v.16.1 Configuring F5 Advanced WAF (previously licensed as ASM) v16.1 Configuring BIG-IP APM: Access Policy Manager v.16.1 CONTENT Chapter 1: Setting Up the BIG-IP System • Introducing the BIG-IP System • Initially Setting Up the BIG-IP System • Archiving the BIG-IP Configuration • Leveraging F5 Support Resources and Tools Chapter 2: Reviewing Local Traffic Configuration • Reviewing Nodes, Pools, and Virtual Servers • Reviewing Address Translation • Reviewing Routing Assumptions • Reviewing Application Health Monitoring • Reviewing Traffic Behavior Modification with Profiles • Reviewing the TMOS Shell (TMSH) • Reviewing Managing BIG-IP Configuration Data Chapter 3: Load Balancing Traffic with LTM • Exploring Load Balancing Options • Using Priority Group Activation and Fallback Host • Comparing Member and Node Load Balancing Chapter 4: Modifying Traffic Behavior with Persistence • Reviewing Persistence • Introducing Cookie Persistence • Specifying Default and Fallback Persistence • Introducing SSL Persistence • Introducing SIP Persistence • Introducing Universal Persistence • Introducing Destination Address Affinity Persistence • Using Match Across Options for Persistence Chapter 5: Monitoring Application Health • Differentiating Monitor Types • Customizing the HTTP Monitor • Monitoring an Alias Address and Port • Monitoring a Path vs. Monitoring a Device • Managing Multiple Monitors • Using Application Check Monitors • Using Manual Resume and Advanced Monitor Timer Settings Chapter 6: Processing Traffic with Virtual Servers • Understanding the Need for Other Virtual Server Types • Forwarding Traffic with a Virtual Server • Understanding Virtual Server Order of Precedence • Path Load Balancing Chapter 7: Processing Traffic with SNATs • Overview of SNATs • Using SNAT Pools • SNATs as Listeners • SNAT Specificity • VIP Bounceback • Additional SNAT Options • Network Packet Processing Review Chapter 8: Modifying Traffic Behavior with Profiles • Profiles Overview • TCP Express Optimization • TCP Profiles Overview • HTTP Profile Options • HTTP/2 Profile Options • OneConnect • Offloading HTTP Compression to BIG-IP • Web Acceleration Profile and HTTP Caching • Stream Profiles • F5 Acceleration Technologies Chapter 9: Selected Topics • VLAN, VLAN Tagging, and Trunking • Restricting Network Access • SNMP Features • Segmenting Network Traffic with Route Domains Chapter 10: Customizing Application Delivery with iRules • Getting Started with iRules • Understanding When iRules are Triggered • Deploying iRules • Constructing an iRule • Testing and Debugging iRules • Exploring iRules Documentation Chapter 11: Customizing Application Delivery with Local Traffic Policies • Getting Started with Local Traffic Policies • Configuring and Managing Policy Rules Chapter 12: Securing Application Delivery with LTM • Understanding Today’s Threat Landscape • Integrating LTM Into Your Security Strategy • Defending Your Environment Against SYN Flood Attacks • Defending Your Environment Against Other Volumetric Attacks • Addressing Application Vulnerabilities with iRules and Local Traffic Policies • Detecting and Mitigating Other Common HTTP Threats Chapter 13: Final Lab Project • About the Final Lab Project Chapter 14: Additional Training and Certification • Getting Started Series Web-Based Training • F5 Instructor Led Training Curriculum • F5 Professional Certification Program Course Changes since v15 Updates for the v16.1 release include changes to TCP Profiles and Securing Application Delivery chapters. All remaining content was reviewed and updated for relevance to the BIG-IP v16.1 release.

OVERVIEW This 2-day course gives network administrators, network operators, and network engineers a functional understanding of the BIG-IP system as it is commonly deployed in an application delivery network. The course introduces students to the BIG-IP system, its configuration objects, how it processes traffic, and how typical administrative and operational activities are performed. The course includes lecture, hands-on labs, interactive demonstrations, and discussions. Course Topics • Getting started with the BIG-IP system • Traffic processing with BIG-IP Local Traffic Manager (LTM) • Using TMSH (TMOS Shell) command line interface • Using NATs and SNATs • Monitoring application health and managing object status • Modifying traffic behavior with profiles, including SSL offload and re-encryption • Modifying traffic behavior with persistence, including source address affinity and cookie persistence • Troubleshooting the BIG-IP system, including logging (local, high-speed, and legacy remote logging), and using TCPDUMP • User roles and administrative partitions • vCMP concepts • Configuring high availability (including active/standby and connection and persistence mirroring) OBJECTIVES After completing this course, participants will be able to complete the following tasks:  • Describe the role of the BIG-IP system as a full proxy device in an application delivery network • Set up, start/restart/stop, license, and provision the BIG-IP system out-of-the-box • Create a basic network configuration on the BIG-IP system including VLANs and self IPs • Use the Configuration utility and TMSH to manage BIG-IP resources such as virtual servers, pools, pool members, nodes, profiles, and monitors • Create, restore from, and manage BIG-IP archives • View resource status, availability, and statistical information and use this information to determine how the BIG-IP system is currently processing traffic • Use profiles to manipulate the way the BIG-IP system processes traffic through a virtual server • Perform basic troubleshooting and problem determination activities including using the iHealth diagnostic tool • Support, and view traffic flow using TCPDUMP • Understand and manage user roles and partitions • Configure and manage a sync-failover device group with more than two members • Configure stateful failover using connection mirroring and persistence mirroring AUDIENCE This course is intended for network administrators, operators, and engineers responsible for managing the normal day-to-day operation and administration of a BIG-IP application delivery network. This course presents the prerequisite knowledge for many other of F5's BIG-IP instructor-led training courses. CERTIFICATION Exam 201 – TMOS Administration Prerequisite: Valid passing score on Exam 101 or valid F5-CTP, Sales Certification This is the second and final exam that must be completed successfully by candidates wishing to achieve F5 Certified! Administrator, BIG-IP status.  Passing this exam shows independence in performing day-to-day operations and basic troubleshooting of TMOS-based devices in various application environments after it has been installed, configured, and implemented.  Individuals may choose to complete their certification journey here or move on to pursue the Technical Professional, Technical Specialist, Cloud or Security Solutions certification tracks. View Exam 201 study materials on AskF5 Exam vouchers can be purchased at an additional charge. Vouchers can be used at www.vue.com/f5 to schedule exams at a time and location convenient to the attendee. NEXT STEP Configuring BIG-IP LTM: Local Traffic Manager v.16.1 Configuring BIG-IP DNS (formerly GTM) v.16.1 Configuring F5 Advanced WAF (previously licensed as ASM) v16.1 Configuring BIG-IP APM: Access Policy Manager v.16.1 CONTENT Chapter 1: Setting Up the BIG-IP System • Introducing the BIG-IP System • Initially Setting Up the BIG-IP System • Configuring the Management Interface • Activating the Software License • Provisioning Modules and Resources • Importing a Device Certificate • Specifying BIG-IP Platform Properties • Configuring the Network • Configuring Network Time Protocol (NTP) Servers • Configuring Domain Name System (DNS) Settings • Configuring High Availability Options • Archiving the BIG-IP Configuration •Leveraging F5 Support Resources and Tools Chapter 2: Traffic Processing Building Blocks • Identifying BIG-IP Traffic Processing Objects • Configuring Virtual Servers and Pools • Load Balancing Traffic • Viewing Module Statistics and Logs • Using the Traffic Management Shell (TMSH) • Understanding the TMSH Hierarchical Structure • Navigating the TMSH Hierarchy • Managing BIG-IP Configuration State and Files • BIG-IP System Configuration State • Loading and Saving the System Configuration • Shutting Down and Restarting the BIG-IP System • Saving and Replicating Configuration Data (UCS and SCF) Chapter 3: Using NATs and SNATs • Address Translation on the BIG-IP System • Mapping IP Addresses with NATs • Solving Routing Issues with SNATs • Configuring SNAT Auto Map on a Virtual Server • Monitoring for and Mitigating Port Exhaustion Chapter 4: Monitoring Application Health • Introducing Monitors • Types of Monitors • Monitor Interval and Timeout Settings • Configuring Monitors • Assigning Monitors to Resources • Managing Pool, Pool Member, and Node Status • Using the Network Map Chapter 5: Modifying Traffic Behavior with Profiles • Introducing Profiles • Understanding Profile Types and Dependencies • Configuring and Assigning Profiles • Introducing SSL Offload and SSL Re-Encryption Chapter 6: Modifying Traffic Behavior with Persistence • Understanding the Need for Persistence • Introducing Source Address Affinity Persistence • Managing Object State Chapter 7: Administering the BIG-IP System • Configuring Logging • Legacy Remote Logging • Introducing High Speed Logging (HSL) • High-Speed Logging Filters • HSL Configuration Objects • Configuring High Speed Logging • Using TCPDUMP on the BIG-IP System • Leveraging the BIG-IP iHealth System • Viewing BIG-IP System Statistics • Defining User Roles and Administrative Partitions • Leveraging vCMP  Chapter 8: Configuring High Availability • Introducing Device Service Clustering (DSC) • Preparing to Deploy a DSC Configuration • Configuring DSC Communication Settings • Establishing Device Trust • Establishing a Sync-Failover Device Group • Synchronizing Configuration Data • Exploring Traffic Group Behavior • Understanding Failover Managers and Triggers • Achieving Stateful Failover with Mirroring Course Changes since v15 • No significant changes to course outline or materials since the v15 release.  • Minor updates to the course include review and update of referenced knowledge articles, GUI screenshots, hardware platform images in introduction and chapter 1 slides and student guide pages, and removed information for obsolete topics such as Link Controller.

OVERVIEW In this course, you will learn how to use the most common FortiGate features. In interactive labs, you will explore firewall policies, user authentication, high availability, SSL VPN, site-to-site IPsec VPN, Fortinet Security Fabric, and how to protect your network using security profiles, such as IPS, antivirus, web filtering, application control, and more.  These administration fundamentals will provide you with a solid understanding of how to implement the most common FortiGate features. OBJECTIVES After completing this course, you will be able to:  • Configure FortiGate basic networking from factory default settings.  • Configure and control administrator access to FortiGate. • Use the GUI and CLI for administration.  • Control network access to configured networks using firewall policies. • Apply port forwarding, source NAT, and destination NAT.  • Analyze a FortiGate route table.  • Route packets using policy-based and static routes for multi-path and load-balanced deployments. • Authenticate users using firewall policies. • Monitor firewall users from the FortiGate GUI.  • Offer Fortinet Single Sign-On (FSSO) access to network services, integrated with Microsoft Active Directory (AD). • Understand encryption functions and certificates. • Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies.  • Configure security profiles to neutralize threats and misuse, including viruses, torrents, and inappropriate websites. • Apply application control techniques to monitor and control network applications that might use standard or non-standard protocols and ports. • Offer an SSL VPN for secure access to your private network.  • Establish an IPsec VPN tunnel between two FortiGate devices.  • Configure static routing. • Configure SD-WAN underlay, overlay, and local breakout. • Identify the characteristics of the Fortinet Security Fabric. • Deploy FortiGate devices as an HA cluster for fault tolerance and high performance. • Diagnose and correct common problems. AUDIENCE Networking and security professionals involved in the management, configuration, administration, and monitoring of FortiGate devices used to secure their organizations' networks should attend this course.  You should have a thorough understanding of all the topics covered in the FortiGate Operator course before attending the FortiGate Administrator course. CERTIFICATION This course is intended to help you prepare for the FCP - FortiGate 7.4 Administrator exam (available at an additional charge).  This exam is part of the following certification tracks:  • Fortinet Certified Professional - Network Security • Fortinet Certified Professional - Public Cloud Security • Fortinet Certified Professional - Security Operations CONTENT 1. System and Network Settings  2. Firewall Policies and NAT  3. Routing  4. Firewall Authentication  5. Fortinet Single Sign-On (FSSO)  6. Certificate Operations  7. Antivirus  8. Web Filtering  9. Intrusion Prevention and Application Control  10. SSL VPN  11. IPsec VPN  12. SD-WAN Configuration and Monitoring  13. Security Fabric  14. High Availability  15. Diagnostics and Troubleshooting

OVERVIEW Integrate applications on ROSA with AWS services while keeping a good security posture. Course Description Integrate applications deployed on ROSA with AWS services in a way that cluster administrators and platform engineers retain control of credentials and roles required by applications to access AWS services instead of exposing those credentials to application developers. Note: This course is offered as a two day in person class, a three day virtual class or is self-paced. Durations may vary based on the delivery. For full course details, scheduling, and pricing, select your location then “get started” on the right hand menu. Course Content Summary - Integrate with external container registries such as ECR and Quay.io to deploy applications from private image repositories - Configure storage classes to enable application access to different EBS volume types - Configure storage classes and security contexts to enable application access to shared EFS storage volumes - Configure pod identity using STS/IRSA to enable application access to AWS services such as database (Aurora), integration (SQS), and object storage (S3) - Provision AWS services for applications using the AWS Controllers for Kubernetes (ACK) Federate and query application metrics (application workload monitoring) with Amazon Managed Prometheus Service Aggregate and query structured application logs with Amazon CloudWatch Configure custom domains and TLS certificates for secure public access to applications OBJECTIVES Impact on the Organization Red Hat OpenShift Service on AWS (ROSA) is a turnkey application platform that provides a managed Red Hat OpenShift service that runs natively on Amazon Web Services (AWS) to enable organizations to increase operational efficiency, refocus on innovation, and quickly build, deploy, and scale applications. Red Hat OpenShift is the hybrid cloud platform that brings operational consistency to on-premise and different cloud environments. Organizations adopting ROSA are typically existing AWS customers with skills on using AWS services for a variety of business scenarios and need to integrate managed OpenShift clusters with their pre-existing AWS environments. These organizations are usually very security-conscious and require strong access controls and network security for all of their AWS services, including their ROSA clusters. Impact on the Individual After completing CS221, students can integrate applications deployed on a private ROSA cluster in a way that cluster administrators and platform engineers retain control of credentials and roles required by applications to access AWS services, instead of exposing those credentials to application developers. CONTENT Deploy Applications From External Registries Deploy applications on Red Hat OpenShift Service on AWS (ROSA) from private container image repositories in external centralized container image registries. Provide Amazon Storage Volumes for Applications Configure Amazon Elastic Block Storage (EBS) or Amazon Elastic File System (EFS) volumes that meet the cost, performance, and sharing requirements of their applications. Configure Application Access to AWS Services Configure applications for access to shared AWS services by using Kubernetes service accounts, and provision dedicated AWS services by using Kubernetes custom resources. OpenShift and AWS Application Observability Configure ROSA clusters to forward application logs to Amazon CloudWatch and application metrics to Amazon Managed Service for Prometheus. Custom Domains for ROSA Applications Expose applications to internet users with secure URLs by using human-readable DNS domains.

OVERVIEW Use Microsoft Entra to manage access by using entitlements, access reviews, privileged access tools, and monitor access events. CONTENT 1- Plan and implement entitlement management When new users or external users join your site, quickly assigning them access to Azure solutions is a must. Explore how to entitle users to access your site and resources. Define catalogs. Define access packages. Plan, implement and manage entitlements. Implement and manage terms of use. Manage the lifecycle of external users in Microsoft Entra Identity Governance settings. 2- Plan, implement, and manage access review Once identity is deployed, proper governance using access reviews is necessary for a secure solution. Explore how to plan for and implement access reviews. Plan for access reviews Create access reviews for groups and apps Monitor the access review findings Manage licenses for access reviews Automate management tasks for access review Configure recurring access reviews 3- Monitor and maintain Microsoft Entra ID Audit and diagnostic logs within Microsoft Entra ID provide a rich view into how users are accessing your Azure solution. Learn to monitor, troubleshoot, and analyze sign-in data. Analyze and investigate sign in logs to troubleshoot access issues Review and monitor Microsoft Entra audit logs Enable and integrate Microsoft Entra diagnostic logs with Log Analytics / Azure Sentinel Export sign in and audit logs to a third-party SIEM (security information and event management) Review Microsoft Entra activity by using Log Analytics / Azure Sentinel, excluding KQL (Kusto Query Language) use Analyze Microsoft Entra workbooks / reporting Configure notifications 4- Plan and implement privileged access Ensuring that administrative roles are protected and managed to increase your Azure solution security is a must. Explore how to use PIM to protect your data and resources. Define a privileged access strategy for administrative users (resources, roles, approvals, and thresholds) Configure Privileged Identity Management for Microsoft Entra roles Configure Privileged Identity Management for Azure resources Assign roles Manage PIM requests Analyze PIM audit history and reports Create and manage emergency access accounts 5- Explore the many features of Microsoft Entra Permissions Management While diving deeper into the features of Microsoft Entra Permissions Management, we use the framework of discover, remediate, monitor as a guide to help walkthrough how the Permissions Management features set can benefit your organization. Understand the features of Microsoft Entra Permissions Management Learn more specifics about how Permissions Management allows you to discover, remediate, and monitor identities, permissions, and resources Get real-world views of the data and analytics Permissions Management provides

OVERVIEW  Enhance your skills in designing, delivering and managing digital products and services. Upgrade your strategy, manage issues effectively and foster a culture of continuous improvement. What’s included: 12 month online access Official eBook Exam voucher – available in 9 languages: Chinese, English, French, German, Italian, Japanese, Polish, Portuguese (Brazil), Spanish Learning Resource Kit Interactive eLearning Auto-marked sample papers, Casestudies and Practical exercises Device-friendly Mobile-optimised 2-3 hour content ITIL® is a registered trademark of the PeopleCert group. Used under licence from PeopleCert. All rights reserved OBJECTIVES The course will help students to understand: Understand how to plan and build a service value stream to create, deliver and support services Know how relevant ITIL 4 practices contribute to creation, delivery and support across the SVS and value streams Know how to create, deliver and support services Preparation to sit the ITIL 4 Create, Deliver, Support examination CONTENT Understand the concepts and challenges relating to the following across the service value system: Organisational structure Integrated/collaborative teams Team capabilities, roles, competencies Team culture and differences Working to a customer-orientated mindset Employee satisfaction management The value of positive communications Understand how to use a ‘shift left’ approach Know how to plan and manage resources in the service value system: Team collaboration and integration Workforce planning Results based measuring and reporting The culture of continual improvement Understand the use and value of information and technology across the service value system: Integrated service management toolsets Integration and data sharing Reporting and advanced analytics Collaboration and workflow Robotic process automation (RPA) Artificial intelligence and machine learning Continuous integration and delivery/deployment (CI/CD) Information models Know how to use a value stream to design, develop and transition new services Know how the following ITIL practices contribute to a value stream for a new service: Service design Software development and Management Deployment management Release management Service Validation and testing Change Enablement Know how to use a value stream to provide user support Know how the following ITIL practices contribute to a value stream for user support: Service desk Incident management Problem management Knowledge management Service level management Monitoring and event management Know how to co-ordinate, prioritize and structure work and activities to create deliver and support services, including: Managing queues and backlogs Prioritizing work Understand the use and value of the following across the service value system: Buy vs build considerations Sourcing options Service integration and management (SIAM)

OVERVIEW Improve your digital leadership skills to align digital strategies with broader business objectives, discover how to navigate VUCA environments and effectively respond to disruptions. What’s included: 12 month online access Official eBook Exam voucher – available in 9 languages: Chinese, English, French, German, Italian, Japanese, Polish, Portuguese (Brazil), Spanish Learning Resource Kit Interactive eLearning Auto-marked sample papers, Casestudies and Practical exercises Device-friendly Mobile-optimised 8-10 hour content ITIL® is a registered trademark of the PeopleCert group. Used under licence from PeopleCert. All rights reserved. OBJECTIVES Demonstrate the use of the ITIL guiding principles in Digital and IT Strategy decisions and activities  Understand how to leverage digital strategy to react to digital disruption  Understand the relationship between the concepts of Digital and IT Strategy, the service value system and the service value chain, and explain how to utilize them to create value Understand how an organization uses Digital and IT Strategy to remain viable in environments disrupted by digital technology Understand strategic approaches made possible by digital and information technology to achieve customer/market relevance and operational excellence Understand the risks and opportunities of Digital and IT Strategy Understand the steps and techniques involved in defining and advocating for a Digital and IT Strategy  Understand how to implement a Digital and IT Strategy CONTENT Guiding principles and DITS Why Digital Transformation Key Concepts DITS in disrupted industries Strategic approaches Risks Defining a Digital Strategy Implementing a Digital Strategy