2. Advanced Multi-Layer Firewall Protection¶
Firewall 320 – Advanced Multi-Layer Firewall Protection
Participant Hands-on Lab Guide
Last Updated: January 2 2020
©2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com.
Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5.
Welcome to the F5 Agility 2018 Multilayer Firewall Implementations setup and hands-on exercise series.
The purpose of the Lab Setup and Configuration Guide is to walk you through the setup of F5 BIGIP to protect applications at multiple layers of the OSI stack hence providing Application Security Control. This in effect allows F5 BIG-IP to be multiple firewalls within a single platform.
*Assumptions/Prerequisites*: You have attended the AFM 101 lab sessions either this year or in previous years. Additionally this lab guide assumes that you understand LTM/TMOS basics and are comfortable with the process of creating Nodes, Pools, Virtual Servers, Profiles and Setting up logging and reporting.
There are three modules detailed in this document.
Module 1: F5 Multi-layer Firewall
Module 2: F5 Dynamic Firewall Rules With iRules LX
Module 3: AFM Protocol Inspection IPS
- Remote Desktop Protocol (RDP) client utility
- Windows: Built-in
- Mac (Microsoft Client): https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417?mt=12
- Mac (Open Source Client): http://sourceforge.net/projects/cord/files/cord/0.5.7/CoRD_0.5.7.zip/download
- Unix/Linux (Source – Requires Compiling): http://www.rdesktop.org/
You may use your webbrowser for console access if necessary but screen sizing may be affected.
IP Filtering locks down connectivity to to the remote labs. If you are required to VPN into your corporate office to get Internet access, please determine your external IP address via https://www.whatismyip.com and provide an instructor with that information for your pod.
- Connectivity to the facility provided Internet service
- Unique destination IP address for RDP to your lab