F5 ASM/AWAF Training

24 hours
F5 Application Security Module (ASM) and Advanced Web Application Firewall (AWAF) secure web applications against unknown vulnerabilities, enable compliance with key regulatory mandates and protect applications from malicious and abusive bot traffic. Successful deployment of these solutions requires a cycle of policy development that minimizes false positives, while still maintaining an appropriate level of security. F5 administrators must understand the policy development process, as well as the security tradeoffs that are required to protect applications.

What to Expect

The following items are included in this training: 

  • Mitigating web application attacks with F5 ASM/AWAF
  • Selecting attack signatures that match your application
  • Understanding positive and negative security models
  • Integrating policy deployment into a CI/CD pipeline
  • Maintaining security while reducing false positives


Understand how the ASM/AWAF works with other F5 modules to protect applications. Learn how to deploy and tune policies, identify false positives and respond to policy violations.

Intended Audience:

  • Security Engineers/Architects
  • Network Engineers/Architects
  • Application Developers
  • IT Decision Makers

Training Includes:

  • Best practices and F5 solution overview
  • HTTP Protocol and web application concepts
  • Regulatory compliance: PCI-DSS, HIPAA, NIST
  • Understand Positive and Negative Security Models
  • Selecting the correct template for your policy
  • Creating policies with the Automatic Policy Builder
  • Applying and updating attack signatures
  • Identify clients with Bot Defense Profile
  • Working with application owners and developers
  • Real world deployment for applications

Hands-On Labs and Demos:

  • Lab 1: Initial Policy Creation
  • Lab 2: Manage the ASM Policy Builder
  • Lab 3: Troubleshoot and Resolve False Positives
  • Lab 4: Identify and Respond to Policy Violations
  • Lab 5: Ongoing Policy Tuning and Enhancement