این دوره بصورت فشرده شامل سرفصل دوره های F5 BIG-IP Administration & Troubleshooting، F5 BIG-IP CGNAT Administration و F5 BIG-IP AFM Administration می باشد. قطعا جهت آشنایی حرفه ای تر و درک عمیق تر سرفصل های این دوره، گذراندن دوره Advanced + Workshop نیز پیشنهاد می شود.

 

 

پیش‌ نیاز دوره:

 

  • Network+
  •   Security Concepts & Terminology
  •  IPv6 & Tunneling Techniques

مدت زمان دوره: 100 ساعت

مدرس دوره: مهندس پرهام امام جمعه

سرفصل دوره:

 

F5 BIG-IP Administration and Troubleshooting

  • Application Delivery Controller – Deployment Method
  • BIG-IP Terminology and Concepts
  • VLAN, Self-IP, Floating-IP and Access Management
  • Pool, Pool Member and Node
  • Configuration of Different Pool Monitors
  • NAT, SNAT and DNAT configuration
  • Full-proxy Architecture with NAT Operation
  • Configuration of Important Traffic Profiles
  • HA (High Availability) Configuration and Fail-safe
  • Hardware Diagnostics
  • TMSH Commands for BIG-IP Administration
  • TCPDUMP Command for Traffic Capturing
  • AOM (Always-On Management)
  • Leveraging iHealth to Check Functional Status of Device
  • Software and Configuration Maintenance
  • Creating Backup Files and Restoring Backup
  • Administrative Partitions
  • Different User Roles
  • F5 BIG-IP Maintenance
  • External APIs, Programming or Automation Interfaces
  • F5 Support Resources and Tools
  • APPENDIX: TMOS v12.0, v13.0, v14.0, v15.0 (New Features)

 

F5 BIG-IP CGNAT Administration

  • Deploying Carrier Grade NAT
  • Basic NAT, SNAT and DNAT Configuration
  • Using NAT44 (Translating IPv4 Addresses)
  • IPv6 Overview
  • Using NAT64 (Mapping IPv6 Addresses to IPv4 Destinations)
  • Different CGNAT Translation Modes
  • Using DS-Lite with CGNAT
  • Deploying Stateless Network Address Translation
  • Using ALG Profiles
  • CGNAT Logging and Traceability
  • HA (High Availability) Configuration and Fail-safe

 

F5 BIG-IP AFM Administration

  • Introduction to BIG-IP AFM System
  • F5-AFM (Network Firewall + DDoS Engine)
  • Network Firewall Options and Modes
  • Flow Eviction Policy
  • Firewall NAT for IP and Port Translation
  • Firewall Rules, Policies, Address/Port/Rule Lists
  • IP Intelligence and Whitelists/Blacklists
  • PSP (Protocol Security Profiles) – DNS and HTTP
  • PIP (Protocol Inspection Profiles) – IPS
  • DoS Attacks Detection and Mitigation
  • DoS Whitelists, Sweep/Flood, SYN Cookie Protection
  • DNS Firewall, DNS DoS, SIP DoS
  • DDoS-Resistant Architecture (Three-tier Solution)
  • DoS Attacks Reporting and Event Logging
  • Network Firewall (AFM) iRules
  • Administration and Troubleshooting BIG-IP AFM Components