Course Description
This course provides users with the necessary skills to implement a system for inspection of SSL traffic.
Objectives
From two ACOS devices pre-configured in a Layer 3 base environment, students learn how to configure SSLi and the concepts behind how SSLi works:
- SSLi Concepts
- SSLi Configuration
- SSLi Bypass Features
- SSLi Troubleshooting
Class Structure
- Classroom Discussion 50%
- Lab Exercises 50%
Prerequisites
- OSI reference model
- Network topology and administration
- An industry standard switching and routing CLI
Audience
- Network Operations (NetOps)
- Development Operations (DevOps)
- Network Security (NetSec)
- Architects (Arch)
Outline
TOPIC | LAB | TIME (Hours) |
SSLi Overview SSLi Concepts SSLi Traffic Flow SSLi Requirements Deployment Topologies | X | 0.5 |
Configuring the Internal SSLi Device Access-List configuration VLAN configuration Server configuration Service Group configuration client-ssl template configuration Wildcard VIP configuration | | 0.5 |
Configuring the External SSLi Device Access-List configuration VLAN configuration Server configuration Service Group configuration server-ssl template configuration Wildcard VIP configuration | X | 1.5 |
SSLi Bypass Features Static Bypass Web Category Bypass SNI Support | | 0.5 |
SSLi with Explicit Proxy Explicit Proxy Overview SSLi with Explicit Proxy Explicit Proxy Configuration | | 0.5 |
Other Features Static Port Intercept Dynamic Port Intercept ICAP AppCentric Template | X | 1.5 |
SSLi Troubleshooting Examining Traffic Flow AXDebug Show Techsupport | X | 1.0 |