Course Description
This course provides users with the necessary skills to implement a system for inspection of SSL traffic.
Objectives
From two ACOS devices pre-configured in a Layer 3 base environment, students learn how to configure SSLi and the concepts behind how SSLi works:
- SSLi Concepts
- SSLi Configuration
- SSLi Bypass Features
- SSLi Troubleshooting
Class Structure
- Classroom Discussion 50%
- Lab Exercises 50%
Prerequisites
- OSI reference model
- Network topology and administration
- An industry standard switching and routing CLI
Audience
- Network Operations (NetOps)
- Development Operations (DevOps)
- Network Security (NetSec)
- Architects (Arch)
Outline
| TOPIC | LAB | TIME (Hours) |
SSLi Overview SSLi Concepts
SSLi Traffic Flow
SSLi Requirements
Deployment Topologies | X | 0.5 |
Configuring the Internal SSLi Device Access-List configuration
VLAN configuration
Server configuration
Service Group configuration
client-ssl template configuration
Wildcard VIP configuration | | 0.5 |
Configuring the External SSLi Device Access-List configuration
VLAN configuration
Server configuration
Service Group configuration
server-ssl template configuration
Wildcard VIP configuration | X | 1.5 |
SSLi Bypass Features Static Bypass
Web Category Bypass
SNI Support | | 0.5 |
SSLi with Explicit Proxy Explicit Proxy Overview
SSLi with Explicit Proxy
Explicit Proxy Configuration | | 0.5 |
Other Features Static Port Intercept
Dynamic Port Intercept
ICAP
AppCentric Template | X | 1.5 |
SSLi Troubleshooting Examining Traffic Flow
AXDebug
Show Techsupport | X | 1.0 |
