BIG-IP Access Policy Manager (APM) v11.2 Preface: Product Overviews and Hardware... P-1 BIG-IP Product Family... P-1 F5 Hardware... P-4 F5 Services... P-9 F5 Resources and Tools... P-11 Module 1: BIG-IP Installation and Initial Access... 1-1 BIG-IP Access Policy Manager Overview... 1-1 Licensing and the Setup Utility... 1-2 Lab 1 Installation and Setup... 1-9 Lab 1a Changing Initial IP Address... 1-10 Lab 1b Licensing and Provisioning the System... 1-12 Lab 1c Setup Utility... 1-15 Lab 1d Configuration Utility... 1-19 Lab 1e Configuration Backup... 1-21 BIG-IP Hardware Platforms... 1-22 Optional Lab 1f SCCP / AOM IP Address Configuration... 1-26 Module 2: APM Traffic Processing... 2-1 Virtual Servers and Access Profiles... 2-1 APM Configuration Wizards... 2-3 Logging... 2-5 Reporting... 2-11 Lab 2a APM Configuration Wizard... 2-19 Lab 2b Configuration Backup... 2-23 Module 3: APM Access Policies and Profiles... 3-1 Access Policies Overview... 3-1 Access Policy Branches... 3-4 Access Policy Endings... 3-9 Configuring Access Policies and Profiles... 3-11 Using Webtops... 3-23 Exporting and importing access profiles... 3-25 Lab 3a Access Policies... 3-26 Lab 3b Configuration Backup... 3-29
TOC-2 Module 4: APM Portal Access... 4-1 Portal Access Overview... 4-1 Configuring Portal Access... 4-7 Rewrite Profiles... 4-10 SSO and Credential Caching... 4-12 Lab 4a Portal Access with Single Sign-On... 4-19 Lab 4b Configuration Backup... 4-22 Module 5: APM Network Access... 5-1 Network Access Overview... 5-1 Configuring Network Access... 5-4 BIG-IP Edge Client... 5-20 Lab 5a Network Access... 5-27 Optional Lab 5b BIG-IP Edge Client... 5-30 Lab 5c Configuration Backup... 5-31 Module 6: APM Access Control Lists... 6-1 Resources Overview... 6-1 Access Control Lists... 6-2 Lab 6a Access Control Lists... 6-8 Lab 6b Layer 7 Access Control Lists... 6-12 Lab 6c Layer 4 + 7 Access Control Lists... 6-13 Lab 6d Configuration Backup... 6-14 Module 7: APM Application Access & Webtops... 7-1 Application Access & Webtops Overview... 7-1 Application Access... 7-1 Configuring Remote Desktop Access... 7-6 Configuring Webtops... 7-9 Lab 7a Full Webtop... 7-16 Lab 7b Webtop Links... 7-18 Lab 7c Application Access Tunnels... 7-19 Lab 7d Network Access Optimized Tunnels... 7-20 Lab 7e Terminal Services... 7-21 Lab 7f Single Sign-on for Terminal Services... 7-22 Lab 7g Terminal Services Java client... 7-23 Lab 7h Configuration Backup... 7-24
TOC-3 Module 8: BIG-IP LTM Concepts... 8-1 LTM Pools and Virtual Servers... 8-1 Monitor Concepts and Configuration... 8-4 Secure Network Address Translation (SNAT)... 8-8 Lab 8a Virtual Servers and Pools... 8-10 Optional Lab 8b Monitors... 8-13 Optional Lab 8c SNAT Automap... 8-14 Lab 8d Configuration Backup... 8-15 Module 9: Web Application Access for LTM... 9-1 Web Applications Access for LTM... 9-1 Configuring APM and LTM together... 9-4 Pool Assignment Agent... 9-6 Profiles... 9-9 Profile Types and Dependencies... 9-10 Configuring and Using Profiles... 9-12 SSL Termination/Initiation... 9-14 SSL Profile Configuration... 9-17 Lab 9a Web Applications Access for LTM... 9-19 Lab 9b Pool Assignment Agent... 9-22 Optional Lab 9c Self-Signed Certificates... 9-25 Lab 9d Configuration Backup... 9-27 Module 10: APM Macros and Authentication Servers...10-1 Access Policy Macros... 10-1 Configuring Access Policy Macros... 10-4 Authentication with Access Policy Manager... 10-7 Radius Server Authentication... 10-9 LDAP Server Authentication... 10-12 Active Directory Server Authentication... 10-13 Lab 10a AAA Servers... 10-20 Lab 10b Visual Policy Editor Macros... 10-21 Lab 10c Active Directory Query... 10-25 Optional Lab 10d AD Query and AD Groups... 10-27 Lab 10e Configuration Backup... 10-28 Module 11: APM Client Side Checks & Actions...11-1 Overview of APM Client Side Checks... 11-1 Configuring Client Side Checks... 11-3
TOC-4 Overview of Client Side Actions... 11-16 Lab 11a Client-Side Process Check... 11-21 Optional Lab 11b Protected Workspaces... 11-23 Optional Lab 11c AV and Firewall Checking... 11-24 Lab 11d Configuration Backup... 11-25 Module 12: APM Advanced Topics... 12-1 General Purpose Actions... 12-1 Server Side Checks... 12-12 Session Variables... 12-18 Access irules Events... 12-34 Typical APM irule Use Case... 12-37 Configuring Access irules... 12-39 Dynamic ACLs... 12-43 Lab 12a Session Variables 1... 12-45 Lab 12b Session Variables 2... 12-47 Lab 12c irule... 12-49 Optional Lab 12d Pre-defined Redirect irule... 12-52 Lab 12e Dynamic Access Control Lists... 12-53 Lab 12f Configuration Backup... 12-56 Module 13: APM Authentication Domains... 13-1 Authentication Domain Concepts... 13-1 Lab 13a Authentication Domains... 13-6 Lab 13b Authentication Domains with SSO... 13-9 Optional Lab 13c SSO Auth Domain Wrap-Up... 13-11 Optional Lab 13d Web App Access Logout... 13-13 Lab 13e Configuration Backup... 13-14 Module 14: Maintaining BIG-IP APM... 14-1 Logging and Notification... 14-1 Reports... 14-9 F5 Support Resources and Tools... 14-13 Lab 14a tmsh Users... 14-23 Optional Lab 14b Remote Syslogging... 14-24 Optional Lab 14c SNMP Traps... 14-25 Lab 14d Reports... 14-26 Lab 14e AskF5... 14-27 Lab 14e Configuration Backup... 14-24
TOC-5 Module 15: APM Customization...15-1 Customization overview... 15-1 Basic Customization view... 15-2 Advanced Customization view... 15-4 Big-IP EDGE Client... 15-8 Advanced Edit Mode Customization... 15-12 Lab 15a Customization Tool... 15-16 Lab 15b Webtop Help... 15-18 Optional Lab 15c Logon Page Dropdown List... 15-20 Lab 15d Configuration Backup... 15-30 Module 16: APM Configuration Project...16-1 Configuration Project Overview... 16-1 Lab 16a Configuration Restore... 16-2 Lab 16b Configuration Project... 16-3 Appendix A - Installation... A-1 Appendix B - New Features... B-1 Appendix C - Course Slides... C-1
TOC-6