[v8] SSLO 201: Advanced Use Cases with SSL Orchestrator (Agility 2021 | 2 hours)

Note

Requires UDF Blueprint: "Agility 2021 - SSL Orchestrator 201"

BIG-IP 16.0 / SSL Orchestrator 8.3

As organizational requirements change, so does the need to update security polices and apply additional features to existing F5 SSL Orchestrator deployments. There is no need to fear required maintenance and regular upkeep of your security strategy. Maintenance can be performed within the SSLO Dashboard. It also provides enhanced statistical information which is needed to differentiate between normal and abnormal traffic.

After completing the modules in this lab, you will be familiar with:

• Modifying existing SSL Orchestrator configurations to keep up with business and security demands

• Integrating authentication to facilitate user-based policy enforcement and logging on an HTTP service (web proxy)

• Implementing a layered SSL Orchestrator architecture to handle more complex logic requirements

Expected time to complete: 2 hours

Pre-requisite: Completion of the SSL Orchestrator 101 lab is recommended prior to attending this lab.

This class covers the following topics:

• 1. SSL Orchestrator Lab Environment
  • 1.1. Accessing the Virtual Lab
  • 1.2. Network Diagram
  • 1.3. Virtual Lab Infrastructure Details (and Credentials)
• 2. Managing Security Services and Service Chains
  • 2.1. Scenario
  • 2.2. Lab Overview
  • 2.3. Pre-existing environment validation
  • 2.4. Review the current SSL Orchestrator deployment
  • 2.5. Create a new Cisco Firepower Threat Defense TAP service
  • 2.6. Create a new "All Services" Service Chain
  • 2.7. Create a new "Cisco Firepower" Service Chain
  • 2.8. Update Service Chains on existing Security Policy rules
  • 2.9. Test new Service Chain and Security Policy rules
• 3. Transparent Authentication Using NTLM
  • 3.1. Scenario
  • 3.2. Lab Overview
  • 3.3. Verify authentication is currently disabled
  • 3.4. Review the Access Policy and AAA configuration
  • 3.5. Enable NTLM authentication on explicit proxy topology
  • 3.6. Verify that user information is being identified on the F5 SSL Orchestrator
  • 3.7. Enable and test authentication offload
• 4. Internal Layered SSL Orchestrator Architecture
  • 4.1. Scenario
  • 4.2. Lab Overview
  • 4.3. Verify Pre-requisite SSL Orchestrator Configuration
  • 4.4. Create Two Empty VLANs
  • 4.5. Modify Existing Topology
  • 4.6. Create Secondary Topology
  • 4.7. Layered Virtual Server and Topology Steering iRule
  • 4.8. Test Layered SSL Orchestrator Topology Deployment
• 5. Conclusion