Merge pull request #114 from f5devcentral/v20_update

module 5 edits

docs/class5/module3/lab2.rst

@@ -144,6 +144,6 @@ Now, you will create a simple HTTPS application.
    .. image:: ./images/add-app-12.png
 
 
-When the deployment has completed, the **Application Services** dashboard will show the status of the application.
+When the deployment has completed, the **Application Services** dashboard will show the status of the new application.
 
 .. image:: ./images/add-app-13.png

docs/class5/module4/lab2.rst

@@ -26,12 +26,9 @@ Create an Inline L3 Inspection Service
 #. In the **General Properties** section of the **Create Inspection Service: 'Generic L3'** panel:
 
    - Enter ``my-sslo-ngfw`` in the **Name** field.
-
    - Enter ``next-gen firewall`` in the **Description** field (optional).
-
    - Click the **Save & Continue** button.
 
-
    .. image:: ./images/service-3.png
 
 
@@ -71,8 +68,6 @@ Create an Inline L3 Inspection Service
    .. image:: ./images/service-7.png
 
 
-
-
    - Click the checkbox to the left of the assigned instance and then click the **Validate** button.
 
      .. image:: ./images/service-8a.png

docs/class5/module4/lab3.rst

@@ -13,15 +13,14 @@ With the **Inline L3** inspection service created, you will now create a service
 
 #. In the **SSL Orchestrator** menu, click on **Service Chains**.
 
-#. Since there are no **Service Chain** yet, click on the **Start Creating** button to get started.
+#. Since there are no **Service Chains** yet, click on the **Start Creating** button to get started.
 
    .. image:: ./images/service-chain-0.png
 
 
 #. In the **Create Service Chain** panel:
 
    - Enter ``my-service-chain-lab2`` in the **Name** field
-
    - Enter ``sc-ngfw-only`` in the **Description** field (optional).
 
 

docs/class5/module4/lab4.rst

@@ -7,8 +7,7 @@ A traffic policy is a combination of multiple rulesets, each with same or simila
 
    - The Traffic Rules ruleset controls blocking, TLS decrypt decisions, and steering to inspection services.
    - The Traffic Rules ruleset contains a single, immovable **All Traffic** condition that applies to all traffic flows that do not match any other (higher) condition. Its default and adjustable behavior is to Allow traffic and decrypt.
-   - The Logging Rules ruleset controls logging behavior. 
-
+   - The Logging Rules ruleset controls logging behavior.
 
 
 Create an SSL Orchestrator Traffic Policy
@@ -18,7 +17,7 @@ You will now create a traffic policy with a TLS decryption bypass rule for a spe
 
 #. In the **SSL Orchestrator** menu, click on **Policies**.
 
-#. Since there are no **Service Chain** yet, click on the **Start Creating** button to get started.
+#. Since there are no **Service Chains** yet, click on the **Start Creating** button to get started.
 
 #. In the **Create Policy** panel's **General Properties** section:
 
@@ -62,10 +61,12 @@ Now, you will create a TLS bypass rule for traffic destined for **test.f5labs.co
    - Select an expression of **Equals**.
    - Enter an evaluation value of ``test.f5labs.com``.
 
-#. If you not see the **Action** section, scroll down.
 
 #. Define the action to take when this conditional expression matches:
 
+   .. hint::
+      Scroll down if you not see the **Actions** section.
+
    - Set the **Flow Action** to **Allow**. This will allow the traffic to pass.
    - Set the **SSL Action** to **Bypass**. This will disable decryption of the traffic.
    - Set the **Service Chain** to **my-service-chain-lab2**. This will send the traffic through a specified Service Chain.
@@ -127,7 +128,7 @@ Finish the Traffic Policy
    .. image:: ./images/policy-6.png
 
 
-The traffic policy is now saved to CM and will be deployed to a BIG-IP instance when it is associated with an application.
+The traffic policy is now saved to the BIG-IP Central Manager. In the next section, you will deploy it to a BIG-IP instance by associating it with an application.
 
    .. image:: ./images/policy-7.png
 

docs/class5/module4/lab5.rst

@@ -23,7 +23,7 @@ Create an Inbound Application with SSL Orchestrator Policy
 
 #. Click on the **Start Creating** button to open the **Application Service Properties** panel.
 
-#. Enter ``My second application`` in the **Description** field.
+#. Enter ``My SSLO inbound application`` in the **Description** field.
 
 #. Click on the **Start Creating** button to reveal the **Virtual Server** and **Pool** configuration options.
 
@@ -112,11 +112,13 @@ Create an Inbound Application with SSL Orchestrator Policy
    .. image:: ./images/second-app-3.png
 
 
-#. If validation is successful, you will see **Validated** and a link to **View Results**. You may optionally click on the link to view the configuration, then click **Exit** to close the results panel.
+#. If validation is successful, you will see **Validated**.
+
+#. [Optional] Click on the **View Results** link to view the configuration and then click **Exit** to close the results panel.
 
 #. Click on the **Deploy Changes** button. Then, click on the **Yes, Deploy** button to send the application configuration to the BIG-IP Next instance.
 
 
-When the deployment has completed, the **Application Services** dashboard will show the status of the application.
+When the deployment has completed, the **Application Services** dashboard will show the status of the new application.
 
    .. image:: ./images/second-app-4.png

docs/class5/module4/lab6.rst

@@ -1,7 +1,7 @@
 Testing the Inbound Application Deployment
 ================================================================================
 
-You have now deployed an SSL Orchestrator HTTPS application with a traffic policy that steers decrypted traffic to an Inline L3 inspection service. The next step is to test your application from a client environment and verify that decrypted traffic is visible to the inspection service.
+You have now deployed an HTTPS application with an **Inbound Application Mode** SSL Orchestrator configuration. A traffic policy steers decrypted traffic to a Service Chain that contains a single Inline L3 inspection service. The next step is to test your application from a client environment and verify that decrypted traffic is visible to the inspection service.
 
 
 Test Access to the HTTPS Application

docs/class5/module5/lab1.rst

@@ -5,7 +5,7 @@ The SSL Orchestrator **Inbound Gateway Mode** deployment describes a
 scenario where the F5 BIG-IP functions in routing mode. The
 destination addresses are behind the BIG-IP and traffic is forwarded through
 as a routed next hop. This is different from the standard
-application deployment because of the following attributes:
+application deployment because of the following characteristics:
 
 -  The virtual server listens on a wildcard (0.0.0.0/0) IP subnet, and
    optionally a wildcard (any) port.
@@ -35,4 +35,4 @@ to the |sslo-dg2|.
 
 .. |sslo-dg2| raw:: html
 
-      <a href="https://clouddocs.f5.com/sslo-deployment-guide/" target="_blank"> SSL Orchestrator Deployment Guide </a>
+      <a href="https://clouddocs.f5.com/sslo-deployment-guide/" target="_blank"> SSL Orchestrator Deployment Guide</a>

docs/class5/module5/lab2.rst

@@ -13,32 +13,56 @@ Now, you will create an ICAP inspection service.
 
 #. In the **SSL Orchestrator** menu, click on **Inspection Services**.
 
-#. In the **Inspection Services** window, click the **+ Create** button.
+#. Click on **+ Create** to add a new service.
 
-#. In the **Create Inspection Service** drawer, select **Generic ICAP** and click the **Start Creating** button.
+#. In the **Create Inspection Service** panel, select **Generic ICAP** and then click the **Start Creating** button.
 
-#. In the subsequent drawer, enter the following:
+   .. image:: ./images/icap-1.png
 
-   - Name: ``my-sslo-icap``
-   - Description (optional): ``ICAP service``
-   - Request Modification URI Path: ``/avscan``
-   - Response Modification URI Path: ``/avscan``
 
-#. Click the **Save & Continue** button.
+#. In the **General Properties** section of the **Create Inspection Service: 'Generic ICAP'** panel:
 
-#. In the **Network** settings, apply the following:
+   - Enter ``my-sslo-icap`` in the **Name** field.
+   - Enter ``ICAP antivirus scanner`` in the **Description** field (optional).
+   - Enter ``/avscan`` in the **Request Modification URI Path** field.
+   - Enter ``/avscan`` in the **Response Modification URI Path** field.
+   - Click the **Save & Continue** button.
 
-   - VLAN Name: ``sslo-insp-icap``
-   - Device Monitor: Select **TCP**
-   - Click the **Start Adding** button in the **Inspection Service Endpoints** section
-   - Add: ``198.19.97.50``, port ``1344``
+   .. image:: ./images/icap-2.png
+
+
+#. In the **Network** settings:
+
+   - Enter ``sslo-insp-icap`` in the **VLAN Name** field.
+   - Select **TCP** in the **Device Monitor** field.
+   - In the **Inspection Service Endpoints** section, click the **Start Adding** button.
+   - Enter ``198.19.97.50`` in the **Server Address** field.
+   - Enter ``1344`` in the **Port** field.
+
+   .. image:: ./images/icap-3.png
 
 #. Click the **Review & Deploy** button.
 
-#. In the **Deploy Inspection Service** drawer, click **Start Adding** to add the BIG-IP Next instance.
 
-#. Click the checkbox to the left of the assigned instance, then click the **Validate** button.
+#. In the **Deploy Inspection Service** panel, add the BIG-IP Next instance.
+
+   - Click the **Start Adding** button
+   - Select the instance named **bigip-next.f5labs.com**.
+   - Click on the **+ Add to List** button.
+
+
+
+   - Click the checkbox to the left of the assigned instance and then click the **Validate** button.
+
+   - If Validation is successful, click the **Deploy Changes** button to push this inspection service configuration to the BIG-IP Next instance.
+
+     .. image:: ./images/icap-4.png
+
+
+   - At the **Deploy Inspection Service?** prompt, click on the **Yes, Deploy** button and wait for the task to complete.
+
+
+After deployment, the new inspection service will appear in the list.
 
-#. If Validation is Successful, click the **Deploy Changes** button to push this
-   inspection service configuration to the BIG-IP Next instance.
+   .. image:: ./images/icap-5.png
 

docs/class5/module5/lab3.rst

@@ -8,31 +8,39 @@ Defining a Service Chain
 Create a Service Chain
 --------------------------------------------------------------------------------
 
-With the ICAP inspection service created, you will create a new service chain that contains this inspection service. If continuing from the previous lab module, you should also be able to add the **Inline L3** service.
+With the **ICAP** inspection service created, you will create a new service chain that contains that service, along with the **Inline L3** service that was created in the previous module.
 
 
 #. In the **SSL Orchestrator** menu, click on **Service Chains**.
 
-#. Click the **+ Create** in the top right to open the **Create Service Chain** panel.
+#. Click **+ Create** in the top right to add a new **Service Chain**.
 
-   - Enter ``my-service-chain-lab3`` in the **Name** field.
-
-   - Enter ``L3 and ICAP service chain`` in the **Description** field (optional).
+   .. image:: ./images/gwm-sc-1.png
 
+#. In the **Create Service Chain** panel:
 
-   .. image:: ./images/service-chain-1.png
+   - Enter ``my-service-chain-lab3`` in the **Name** field.
+   - Enter ``L3 and ICAP service chain`` in the **Description** field (optional).
 
 
 #. In the **Inspection Services** section, click the **Start Adding** button.
 
-#. Select the both of the previously created inspection services and then click **Add to List**. Once applied, they can be re-ordered as needed.
+#. Select the both of the previously created inspection services and then click **Add to List**. 
+
+   .. hint::
+      Scroll down if you don't see both services.
 
-   .. image:: ./images/service-chain-2.png
+   .. image:: ./images/gwm-sc-2.png
 
 
 #. Click the **Save** button to save the service chain configuration.
 
-   .. image:: ./images/service-chain-3.png
+   .. image:: ./images/gwm-sc-3.png
+
+   .. note::
+      If needed, the ordering of the **Inspection Services** can be changed by selecting the checkbox beside a service, and then clicking on the **up-arrow** or **down-arrow** buttons.
+
 
+The new service chain will appear in the list.
 
-.. todo:: add screenshots
+   .. image:: ./images/gwm-sc-4.png