General Flashcards
ASM
Application Security Manager is a web application firewall which protects web apps through automated policy development, enforcement, and reporting.
APM
Access Policy Manager provides:
- SSL VPN
- Site-to-site IPsec VPN
- SSO via Kerberos ticketing and SAML 2.0
- IdP (SAML) Chaining
*
GTM
A global load balancing solution, GTM improves access to applications by securing and accelerating Domain Name resolution.
AFM
Advanced Firewall Manager is a stateful full proxy firewall intended for data center protection. Released as a module with BIG-IP v11.3, AFM appears as “Secure” panel in configuration utility.
LTM
LTM provides intelligent traffic management for rapid application deployment, optimization, load-balancing, and offloading.
APM
Access Policy Manager provides valuable insight and control over who is on the network and what applications they are using.
AAM
Application Acceleration Manager speeds up application delivery and controls the growth of bandwidth demands, particularly for video.
LC
BIG-IP Link Controller puts you in control by monitoring the performance and availability of each ISP link, helping you keep ISP costs down. It dynamically directs inbound and outbound connections over the best possible link and improves application performance by prioritizing and optimizing traffic.
PEM
Policy Enforcement Manager allows service providers to understand subscriber behavior, create tailored service plans, and improve service quality.
ADF
Application Delivery Firewall (ADF) is an ammalgamation of:
- (AFM) Advanced Firewall Manager
- (APM) Access Policy Manager
- (ASM) Application Security Manager
- (LTM) Local Traffic Manager
HTTP Class Profile
- Use HTTP Class profiles when it is possible to classify HTTP traffic using simple strings or regex patterns. More complex operations, may need to use an iRule.
- starting with 11.4 HTTP Class profiles are replaced by Local Traffic Policies
[{source]](http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7280.html)
OneConnect profile
- increase efficiency by reusing connections to pool members
- uses HTTP Keep-Alives to maintain connections
- must use SNAT or SNAT Automap
- OneConnect is not recommended for FTP, RTSP. Some TCP protocols may require an iRule to handle connection reuse. Best suited to protocols where transaction boundaries are well defined
- when an HTTP client sends multiple requests within a single connection, OneConnect also allows the BIG-IP to process each HTTP request individually. without OneConnect load-balancing is performed once per TCP connection
HTTP 1.0 vs. HTTP 1.1
- HTTP 1.0 keepalves are disabled by default, HTTP 1.1 keepalives are enabled by default
*
Stream Profile
- Stream profile performs a search and replace procedure for all occurrences of a string in a data stream
- use the Stream profile with any TCP traffic
- when used with HTTP profile search/replace is performed on the HTTP payload
- when used without HTTP profile search/replace is performed on the entire data portion of each TCP segment
- Stream profile also works when the string to be replaced is split across multiple TCP segments
- Since the Content-Length header is proxied to the server before the Stream replacements are performed, there is no way to adjust the reported content length. With stream profile chunking is mandatory.
- Not comatible with server-side compression because compressed data cannot be searched.
- by default stream matches are case sensitive, for case-insensitive apply a basic regex construct
- all replacements in a single pass, replaced data will not rematch
- in order for an iRule to call the Stream profile apply the default Stream profile to the virtual (with all parameters blank)
- to prevent replacements on binary data, HTTP must be restricted to rewritable content types, e.g. Content-Type: text/*