Skip to main Content

Configuring BIG-IP Advanced WAF Web Application Firewall 17.5

In this 4-day course, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks.

The course includes lecture, hands-on labs, and discussion about different F5 Advanced Web Application Firewall tools for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero-day exploits.

Course Topics

• Resource provisioning for F5 Advanced Web Application Firewall

• Traffic processing with BIG-IP Local Traffic Manager (LTM)

• Web application concepts

• Mitigating the OWASP Top 10 and other vulnerabilities

• Security policy deployment

• Security policy tuning

• Deploying Attack Signatures and Threat Campaigns

• Positive security building

• Securing cookies and other headers

• Reporting and logging

• Advanced parameter handling

• Using Automatic Policy Builder

• Integrating with web vulnerability scanners

• Login enforcement for flow control

• Brute force and credential stuffing mitigation

• Session tracking for client reconnaissance

• Using Parent and Child policies

• Layer 7 DoS protection

• Configuring Advanced Bot Defense

• Course Objectives

• Describe the role of the BIG-IP system as a full proxy device in an application delivery network

• Provision the F5 Advanced Web Application Firewall

• Define a web application firewall

• Describe how F5 Advanced Web Application Firewall protects a web application by securing file types, URLs, and parameters

• Deploy F5 Advanced Web Application Firewall using the Rapid Deployment template (and other templates) and define the security checks included in each

• Define learn, alarm, and block settings as they pertain to configuring F5 Advanced Web Application Firewall

• Define attack signatures and explain why attack signature staging is important

• Deploy Threat Campaigns to secure against CVE threats

• Contrast positive and negative security policy implementation and explain benefits of each

• Configure security processing at the parameter level of a web application

• Deploy F5 Advanced Web Application Firewall using the Automatic Policy Builder

• Tune a policy manually or allow automatic policy building

• Integrate third party application vulnerability scanner output into a security policy

• Configure login enforcement for flow control

• Mitigate credential stuffing

• Configure protection against brute force attacks

• Deploy Advanced Bot Defense against web scrapers, all known bots, and other automated agents

Delivery Format

  • Public Classroom

    Traditional Classroom Learning

  • Virtual Learning

    Learning that is virtual

4 courses found

    • Delivery Format: Virtual Learning
    • Date 11-14 May, 2026 | 9:00 AM to 5:00 PM
    • Location: Virtual (GMT Standa)
    • Language: English

    £3,595.00

    • Delivery Format: Virtual Learning
    • Date 01-04 June, 2026 | 9:00 AM to 5:00 PM
    • Location: Virtual (GMT Standa)
    • Language: English

    £3,595.00

    • Delivery Format: Virtual Learning
    • Date 14-17 September, 2026 | 9:00 AM to 5:00 PM
    • Location: Virtual (GMT Standa)
    • Language: English

    £3,595.00

    • Delivery Format: Virtual Learning
    • Date 16-19 November, 2026 | 9:00 AM to 5:00 PM
    • Location: Virtual (GMT Standa)
    • Language: English

    £3,595.00

Request a date or location for this course

Dates in Other Countries