Instructs Network Operations, Development Operations, Network Security, and Architects on implementing a system to inspect SSL traffic.

Objectives

From two ACOS devices pre-configured in a Layer 3 base environment, students learn how to configure SSLi and the concepts behind how SSLi works:

  • SSLi Concepts
  • SSLi Configuration
  • SSLi Bypass Features
  • SSLi Troubleshooting

Class Structure

  • Classroom Discussion     50%
  • Lab Exercises     50%

Prerequisites

  • OSI reference model
  • Network topology and administration
  • An industry standard switching and routing CLI

Audience

  • Network Operations (NetOps)
  • Development Operations (DevOps)
  • Network Security (NetSec)
  • Architects (Arch)

Outline

TOPIC

LAB

TIME (Hours)

SSLi Concepts

SSLi Overview
SSLi Traffic Flow

 

0:30

Deployment Topoligies

Layer 2 and Layer 3 Support
Two Partitions on Single ACOS Device
Two ACOS Devices

 

0:30

Configuring the Internal SSLi Device

Access-List configuration
VLAN configuration
Server configuration
Service Group configuration
client-ssl template configuration
Wildcard VIP configuration

X

1:30

Configuring the External SSLi Device

Access-List configuration
VLAN configuration
Server configuration
Service Group configuration
server-ssl template configuration
Wildcard VIP configuration

X

1:30

SSLi Bypass Features

Static Bypass
Web Category Bypass
SNI Support

 

0:30

SSLi with ICAP

ICAP Overview
SSLi with ICAP

X

1:30

SSLi with Explicit Proxy

Explicit Proxy Overview
SSLi with Explicit Proxy
Explicit Proxy Configuration

 

0:30

SSLi Troubleshooting

Examining Traffic Flow
AXDebug
Show Techsupport

 

0:30

 

For training/certification requests or questions, contact: training@a10networks.com