F5 Certifications - how to prepare?

I've been looking at systems/networking jobs, and F5 comes up a lot. I've not touched F5 at all, so I was thinking it might be a good idea to get some knowledge so that I can at least say I know something.

F5 has some free training on their website, which I intend to go through. But reports are that it is far from sufficient to get even basic certification. I got pricing for live classroom training, and it was more than I am willing to spend.

So I am left with options for self study, but have honestly no idea where to start.

Are there any good, current, books people can recommend?
Any good, cheap, online training?
Any cheap videos?
Should I be labbing this?
How to set up a cheap lab?

By cheap I mean, maybe $100's (or less) but not $1000's.
2017 Goals - Something Cisco, Something Linux, Agile PM

Comments

  • chopstickschopsticks Member Posts: 389
    I'm interested to know too.
  • pcgizzmopcgizzmo Member Posts: 127
    I've recently started working with F5's in my current job. It's a different animal. Unless there is a simulator it is going to be hard to learn about the F5 w/out working on it directly. There are also different modules.

    There are Linux based load balancers out there you can load and play with and it will give you some idea of how they work but the actual working of the F5 beyond reading about it will be hard to pick up.

    Possibly if your serious about the cert which I think it is worthwhile you can find a used one and practice on it. Maybe ask F5 for a temp license.
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    I have the F5 Certified Admin cert. I don't know of any free online training for F5 products. Labs can be done with a VM license from CDW - it's about $100.

    I don't know if you could pass the exams with just F5 docs and a VM. I have been working on F5's for about 4 years and attended F5 Admin, F5 ASM and F5 APM training.
    When you go the extra mile, there's no traffic.
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    Here are the study guides for the two exams you need in order to become a Big-IP Admin
    101: https://www.f5.com/pdf/certification/exams/Certification_Study_Guide_101.pdf
    201: https://www.f5.com/pdf/certification/exams/Certification_Study_Guide_201.pdf

    You must pass both of these exams before you can take any of the 300 series exams.
    When you go the extra mile, there's no traffic.
  • jeremywatts2005jeremywatts2005 Member Posts: 347 ■■■■□□□□□□
    I taught F5 for about a month or two and was working through the certification process. The 101 cert is basically a glorified Network+ exam. The 202 is more focused on F5 products themselves. I should've kept the manuals for the classes, but was just never really interested in F5
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I would say it's hard to get the training without having a day to day job that uses f5. Employers ask for it true, but you can pick it up easily.

    Your best bet would be to find something in cbt nuggets or udemy or something. Do the free trainings on f5 website to get an idea of the different, that should set you apart from candidates who never touched f5.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    Routehub.net has a good course on it to get you started and the LAB VM that NotHackingYou mentioned is helpful for learning. Maybe buy 2 that way you can setup High Availability
  • PocketLumberjackPocketLumberjack Member Posts: 162 ■■■□□□□□□□
    I've looked at their free stuff and it looks pretty comprehensive. I haven't tried it but there is an F5 add-in for GNS3. I have been thinking about this one because my place of work has "a fleet of F5 boxes."
    Learn some thing new every day, but don’t forget to review things you know.
  • OctalDumpOctalDump Member Posts: 1,722
    OK, so so far I've got the impression that:

    Hands on (probably real world) experience is a requirement for the certification
    The first exam isn't too tough
    There is a lab VM available for about $96 from CVM
    There is a 200 minute course from routehub.net for $75 which also goes through setting up a lab
    The free online training at f5 is pretty good
    There are ~100pp free study guides from f5

    So it looks like for under $300, I can get a good lab set up, plus an online course, plus free resources from F5, but to pass exam 2 (TMOS) I'll need good hands on. Seems doable, and as UnixGuy suggests, even getting only some knowledge will be useful.

    Are there any current, good books?
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • mbarrettmbarrett Member Posts: 397 ■■■□□□□□□□
    I taught F5 for about a month or two and was working through the certification process. The 101 cert is basically a glorified Network+ exam. The 202 is more focused on F5 products themselves. I should've kept the manuals for the classes, but was just never really interested in F5

    I went to a couple of the Big-IP Admin classes, and the 101 is just basic networking but the 201 is all TMOS, which is the F5 CLI language. Both tests are required for the Big-IP Administrator certification which is their entry-level cert.
    Not sure where to get the necessary training though, I would start with the Exam study guides on the F5 University site.
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    There are sample exams on F5 as well. If I recall, both exams had questions that were specific to TMOS and networking. Questions are very detailed and require you to have a good knowledge of how to configure something and how it will work.

    I would encourage you to take TCPDumps on each side of the F5 after setting up a VIP. Examine the packet (especially src/dst IP) on each side of the F5. Understand how the different options in the virtual server will manipulate the packet on egress of the F5. Especially understand the different types of SNAT, how to override the next pool member, how a node is selected for different load balancing types, etc.
    When you go the extra mile, there's no traffic.
  • hurricane1091hurricane1091 Member Posts: 919 ■■■■□□□□□□
    I am the F5 person at my job. Truth be told the project was given to me without any prior load balancing experience, and I was able to figure it out. I watched their videos and read a lot of white pages, but without actually working on the equipment I'm not sure how one would be able to learn much. It's not that hard (although you can get crazy with it but we do not). You've got back end servers you want load balanced. So, you make an F5 virtual server with a virtual IP (which is used as the DNS entry IP in whatever you use for DNS) and listen in on certain ports (80, 443, etc), and send the traffic to the actual servers. There's SNATs, SSL off loading, custom monitors, active/standby configs to learn and more but it's really not that hard.
  • globalenjoiglobalenjoi Member Posts: 104 ■■■□□□□□□□
    I'm new to my position (about 7 months in), but F5 has been a big part. I've done all of the free F5 trainings, and while helpful, they really don't come anywhere near the actual management of the device. So far, the only real training course I've done has been for ASM. The whole thing is just a beast, I really don't know how someone could learn it without having hands on every day. If you find more resources, I'd be interested to know them as well.
  • hurricane1091hurricane1091 Member Posts: 919 ■■■■□□□□□□
    Are you sure the F5 certification is something you want? I see tons of network engineer jobs asking for the skill set, but none ask for the certificate itself. If you want the cert to gain the skill, that makes sense but it will be tough. I know they have virtual F5s (our server guy used them when testing his Exchange 2016 stuff) but not sure how you would go about getting them.

    In my case, I know we could be doing more advanced monitors, and we only have LTM as well. I hardly ever touch the things as we do not spin up new apps/services a lot (company of 3000). Lot of work went into the project, and now it just runs itself. I did change out an expiring cert today though, but unless the job was solely load balancing or the company was very large, I do not think there's a lot of everyday config going on for most people who do the load balancing at their place of work.

    I had the luxury of having 4 F5s sitting brand new in boxes while our ACE's were still in production, and built labs and learned hands on. So when implementation time came, there wasn't a real surprise. I ran into one problem I'll share here. When you create a Virtual Server in a disabled state with a unique IP, it will create separate object for that IP that is in an enabled state. This was a problem for me, because this causes the F5 to send a gratuitous ARP. Now everything for X application went to the F5 (which had the VS in a disabled state) instead of the ACE, and I did this in the middle of the day. Totally did not expect this behavior, caused me some grief and I did it TWICE! Never again!
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    I'm new to my position (about 7 months in), but F5 has been a big part. I've done all of the free F5 trainings, and while helpful, they really don't come anywhere near the actual management of the device. So far, the only real training course I've done has been for ASM. The whole thing is just a beast, I really don't know how someone could learn it without having hands on every day. If you find more resources, I'd be interested to know them as well.

    I agree totally. ASM would be very difficult to grasp without at a minimum some prior F5 experience. ASM is a huge product.
    When you go the extra mile, there's no traffic.
  • OctalDumpOctalDump Member Posts: 1,722
    Are you sure the F5 certification is something you want? I see tons of network engineer jobs asking for the skill set, but none ask for the certificate itself.

    One advantage for following the certification track is that it's a good way to ensure that I've covered all the bases. Even if I don't get a certification, it's a good starting place.

    When you learn just by doing, what you learn is skewed by the environment you are working in. If you make heavy use of some features and no use of others, you end up with an unbalanced knowledge: very deep in some areas and very shallow in others. So you end up with blind spots, which affect troubleshooting and your approach to design.

    And in the end, if I do learn enough to get a certification, it's nice to verify those competencies independently.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • OctalDumpOctalDump Member Posts: 1,722
    I agree totally. ASM would be very difficult to grasp without at a minimum some prior F5 experience. ASM is a huge product.

    This is very good to know, since LTM and ASM are the two things I see come up the most. It looks like the official training courses for both are about the same length, although the ASM does seem to suggest that LTM knowledge is useful. A lot of the training providers bundle their Administrator and LTM courses into 5 days, so it seems that is a logical place to start, with the rest being "add ons".
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • hurricane1091hurricane1091 Member Posts: 919 ■■■■□□□□□□
    OctalDump wrote: »
    One advantage for following the certification track is that it's a good way to ensure that I've covered all the bases. Even if I don't get a certification, it's a good starting place.

    When you learn just by doing, what you learn is skewed by the environment you are working in. If you make heavy use of some features and no use of others, you end up with an unbalanced knowledge: very deep in some areas and very shallow in others. So you end up with blind spots, which affect troubleshooting and your approach to design.

    And in the end, if I do learn enough to get a certification, it's nice to verify those competencies independently.

    I understand this, and you do not have to look any further than my knowledge due to the CCNP vs the other network engineer's here without it. It appears that older F5 BIG-IP appliances can be picked up on eBay for rather cheap (amazing how this crap depreciates, we just paid 80k for 5 F5 appliances w/ support). I have no idea the functionality they provide or if they run the latest code though, and won't even speculate.

    Make no mistake, I know there's so much more to know about the F5 LTM. I never really fathom a scenario where I'll be doing F5 stuff every single day, so I guess I just take what I know and accept it. This is just a personal thing, where I have the feeling that my knowledge of networking is what will land me a job, with the F5 knowledge icing on the cake that I can further improve if need be. I most certainly feel better about myself with routing/switching because I know the ins/outs, so if you are up to the task for the F5 certs - for sure have a go at them. Especially if you do not have the chance to do them at your current job, you need to learn somehow. Unfortunately the two jobs I am looking at do not involve me doing load balancers at all, but that's just kind of how the network engineer role is. Some require it, some do not. Some require VoIP knowledge, some do not. Situational thing for sure.
  • trojintrojin Member Posts: 275 ■■■■□□□□□□
    There are sample exams on F5 as well. If I recall, both exams had questions that were specific to TMOS and networking. Questions are very detailed and require you to have a good knowledge of how to configure something and how it will work.

    I would encourage you to take TCPDumps on each side of the F5 after setting up a VIP. Examine the packet (especially src/dst IP) on each side of the F5. Understand how the different options in the virtual server will manipulate the packet on egress of the F5. Especially understand the different types of SNAT, how to override the next pool member, how a node is selected for different load balancing types, etc.

    Where you found sample questions?
    I'm just doing my job, nothing personal, sorry

    xx+ certs...and I'm not counting anymore


Sign In or Register to comment.