Configuring F5 SSL Orchestrator (SSLO)


Course Overview

In this 2 day course, students are provided with a functional understanding of how to deploy, test and maintain F5 SSL Orchestrator to optimize the SSL infrastructure, provide security devices with visibility of SSL/TLS encrypted traffic, and maximize efficient use of that existing security investment.

The course includes lecture, hands-on labs, and discussion about the importance of SSL visability, how F5 SSL Orchestrator supports policy-based management, steering of traffic flows to existing security devices and centralizes the SSL decrypt/encrypt function through multi-layered security, dynamic service chaining, topology selections and security policies.


The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

  • OSI model encapsulation
  • Routing and switching
  • Ethernet and ARP
  • TCP/IP concepts
  • IP addressing and subnetting
  • NAT and private IP addressing
  • Default gateway

The following course-specific knowledge and experience is suggested before attending this course:

  • HTTP, HTTPS protocols
  • Security services such as malware detection, data loss/leak prevention (DLP), next-generation firewalls (NGFW), intrusion prevention systems (IPS), and Internet Content Adaptation Protocol (ICAP)

Course Objectives

  • Understand basic use cases for decryption and re-encryption of inbound and outbound SSL/TLS network traffic
  • Create dynamic service chains of multiple security services
  • Configure security policies to enable policy-based traffic steering
  • Add SSL visibility to existing applications
  • Deploy SSL Orchestrator configurations based on topology templates
  • Troubleshoot an SSL Orchestrator deployment

Course Content

  • Compare F5 SSL Orchestration to manual “daisy chaining” of security services
  • Learn essentials of PKI and certificates, how to create a certificate signing request, and how to import certificates and private keys into BIG-IP
  • Implement certificate forging in an SSL Forward Proxy deployment
  • Understand HTTP, ICAP, L3/L2, and TAP security services
  • Configure traffic classification and URL bypass within a security policy
  • Define security services to include in a dynamic service chain
  • Use the Guided Configuration to deploy an outbound Layer 3 transparent forward proxy
  • Use the Guided Configuration to deploy an outbound Layer 3 explicit forward proxy
  • Use the Guided Configuration to deploy an inbound Layer 3 reverse proxy
  • Use the Guided Configuration to deploy an SSL Orchestration for an existing application
  • Configure High Availability for SSLO devices
  • Troubleshoot SSLO and traffic flow issues

Preise & Trainingsmethoden

Online Training

2 Tage

Preis (exkl. MwSt.)
  • US$ 1.753,–
Classroom Training

2 Tage

Preis (exkl. MwSt.)
  • Österreich: US$ 1.753,–
  • Deutschland: US$ 1.900,–
  • Schweiz: US$ 1.753,–




Diegem Kurssprache: Englisch