این دوره بصورت فشرده شامل سرفصل دوره های F5 BIG-IP Administration & Troubleshooting، F5 BIG-IP CGNAT Administration و F5 BIG-IP AFM Administration می باشد. قطعا جهت آشنایی حرفه ای تر و درک عمیق تر سرفصل های این دوره، گذراندن دوره Advanced + Workshop نیز پیشنهاد می شود.
پیش نیاز دوره:
- Network+
- Security Concepts & Terminology
- IPv6 & Tunneling Techniques
مدت زمان دوره: 100 ساعت
مدرس دوره: مهندس پرهام امام جمعه
سرفصل دوره:
F5 BIG-IP Administration and Troubleshooting
- Application Delivery Controller – Deployment Method
- BIG-IP Terminology and Concepts
- VLAN, Self-IP, Floating-IP and Access Management
- Pool, Pool Member and Node
- Configuration of Different Pool Monitors
- NAT, SNAT and DNAT configuration
- Full-proxy Architecture with NAT Operation
- Configuration of Important Traffic Profiles
- HA (High Availability) Configuration and Fail-safe
- Hardware Diagnostics
- TMSH Commands for BIG-IP Administration
- TCPDUMP Command for Traffic Capturing
- AOM (Always-On Management)
- Leveraging iHealth to Check Functional Status of Device
- Software and Configuration Maintenance
- Creating Backup Files and Restoring Backup
- Administrative Partitions
- Different User Roles
- F5 BIG-IP Maintenance
- External APIs, Programming or Automation Interfaces
- F5 Support Resources and Tools
- APPENDIX: TMOS v12.0, v13.0, v14.0, v15.0 (New Features)
F5 BIG-IP CGNAT Administration
- Deploying Carrier Grade NAT
- Basic NAT, SNAT and DNAT Configuration
- Using NAT44 (Translating IPv4 Addresses)
- IPv6 Overview
- Using NAT64 (Mapping IPv6 Addresses to IPv4 Destinations)
- Different CGNAT Translation Modes
- Using DS-Lite with CGNAT
- Deploying Stateless Network Address Translation
- Using ALG Profiles
- CGNAT Logging and Traceability
- HA (High Availability) Configuration and Fail-safe
F5 BIG-IP AFM Administration
- Introduction to BIG-IP AFM System
- F5-AFM (Network Firewall + DDoS Engine)
- Network Firewall Options and Modes
- Flow Eviction Policy
- Firewall NAT for IP and Port Translation
- Firewall Rules, Policies, Address/Port/Rule Lists
- IP Intelligence and Whitelists/Blacklists
- PSP (Protocol Security Profiles) – DNS and HTTP
- PIP (Protocol Inspection Profiles) – IPS
- DoS Attacks Detection and Mitigation
- DoS Whitelists, Sweep/Flood, SYN Cookie Protection
- DNS Firewall, DNS DoS, SIP DoS
- DDoS-Resistant Architecture (Three-tier Solution)
- DoS Attacks Reporting and Event Logging
- Network Firewall (AFM) iRules
- Administration and Troubleshooting BIG-IP AFM Components
Persian