304 - BIG-IP APM Specialist
For engineers preparing for the F5 304 certification exam
Understand how APM really behaves under real traffic.
Understand how to design, configure, and troubleshoot BIG-IP Access Policy Manager (APM) solutions to 304 exam-level requirements from authentication and authorization through to remote access, SSO, federation, and policy troubleshooting using all relevant features.
Enrolment opens: February 1st 2026
Full course access: February 28th 2026
Pricing €499 > Full Course
Created by: Graham Mattingley (15+ years F5 consultant - banking, aviation, government & F5 instructor)"
Last Updated: Jab 30, 2026
Course Overview
In this course, you are provided with a structured understanding of how to design, deploy, and troubleshoot BIG-IP Access Policy Manager (APM) solutions in alignment with the 304 certification blueprint. The course includes video training, walkthroughs of access policy configuration, authentication flow analysis, federation configuration, and practical troubleshooting scenarios covering AAA integration, SAML and OAuth, SSL VPN deployment, remote access configuration, client behaviour, session management, and high availability considerations.
You will develop the structured methodology required to design secure access policies, validate authentication flows, interpret session behaviour, and resolve complex APM issues to 304 exam-level standards. This course aligns with the official F5 304 BIG-IP APM Specialist certification exam blueprint.
What's Included
-
Instructor-led, self-paced video training aligned directly to the 304 blueprint
-
Step-by-step access policy configuration walkthroughs using the F5 GUI and TMSH
-
Authentication and federation demonstrations covering AD, LDAP, RADIUS, SAML, OAuth, and multi-factor integration
-
Visual Policy Editor (VPE) logic breakdowns with real-world policy design scenarios
-
SSL VPN and remote access configuration demonstrations
-
Session analysis and troubleshooting walkthroughs covering authentication failures, policy evaluation, and client-side behaviour
-
Scenario-based exercises and multiple-choice tests to assess 304 exam readiness
-
Private course community access for technical discussion and 304 exam support
Join the 304 Wait List - Free Updates Until April 2026
Receive weekly build updates, preview content, and early access notifications.
What You Will Be Able To Do?
Many engineers can configure basic APM authentication. Fewer can confidently design, validate, and troubleshoot complex access policies under real authentication scenarios.
This course builds that structured access control capability.
After completing this course, you'll be able to:
✅ Design structured access policies - Build and organise Visual Policy Editor (VPE) flows that are logical, maintainable, and exam-aligned. Select the correct policy type for the access requirement
✅ Integrate authentication services correctly - Configure and validate AD, LDAP, RADIUS, Active Directory, SAML, OAuth, SSO, and multi-factor authentication
✅ Implement secure remote access solutions - Deploy SSL VPN, Network Access, and Portal Access configurations safely
✅ Configure and validate SSO and SAML federation flows - Understand identity provider (IdP) and service provider (SP) behaviour and session propagation
✅ Analyse session and authentication failures - Trace policy evaluation, identify branch logic issues, and isolate root causes
✅ Troubleshoot client-side and policy evaluation issues - Interpret logs, session variables, and access decisions methodically
✅ Communicate access design and troubleshooting findings clearly - Explain authentication logic, enforcement decisions, and remediation steps to security teams, network engineers, and application owners
✅ Customise and brand APM user interfaces professionally – Modify logon pages, access denied pages, and logout flows to match corporate applications. Apply branding, messaging, and session feedback to create seamless, production-ready user journeys.
You will leave this course with the confidence to design and troubleshoot APM access policies methodically — reducing authentication outages, improving security posture, and demonstrating real authority in identity-driven environments.
304 Course Curriculum
▶️Section 1 – AAA, SSO, Federation, and MDM
8 Sub-Modules | 40 Lessons
- Sub-Modules and Lessons aligned directly to 304 blueprint objectives
- Authentication methods (LDAP, Active Directory, RADIUS, TACACS+) and their configuration differences
- AAA server configuration and validation within access policies
- Single Sign-On (SSO) configuration and session credential mapping
- SAML configuration as Service Provider (SP) and Identity Provider (IdP)
- OAuth and federation concepts within APM
- Multi-factor authentication integration and enforcement logic
- Mobile Device Management (MDM) considerations and endpoint evaluation
- Session variables, credential handling, and identity propagation across applications
- Security implications of authentication design decisions
▶️Section 2 – Network and Application Access
8 Sub-Modules | 40 Lessons
- Sub-Modules and Lessons aligned directly to 304 blueprint objectives
- SSL VPN architecture and remote access deployment models
- Network Access configuration and client connectivity behaviour
- Portal Access configuration and application publishing
- Application Access resources and internal application mapping
- Web Access Management (LTM-APM mode) integration
- Access resource assignment within the Visual Policy Editor
- Client-side behaviour and endpoint interaction during remote sessions
- Split tunnelling concepts and access control considerations
- High availability considerations for remote access deployments
- SSO Explanations and Configuration Examples
▶️Section 3 – Visual Policy Editor (VPE)
8 Sub-Modules | 40 Lessons
- Sub-Modules and Lessons aligned directly to 304 blueprint objectives
- Authentication and logon objects within the Visual Policy Editor
- Branching logic and decision evaluation order
- Session variables and expression-based policy decisions
- Resource and ACL assignment within policy flows
- Macro creation and reusable policy components
- Advanced branching scenarios and multiple authentication paths
- Access policy endings and fallback behaviour
- Debugging policy flow and evaluation sequencing
- Designing maintainable, readable, and scalable policy structures
▶️Section 4 – Deploy and Maintain iApps
4 Sub-Modules | 20 Lessons
- Sub-Modules and Lessons aligned directly to 304 blueprint objectives
- Understanding when to use APM iApps and guided configuration templates
- Deploying APM services using iApps
- Strict Updates behaviour and template management
- Maintaining and modifying iApp-based configurations safely
- Configuration implications of iApp-generated objects
▶️Section 5 – Administering and Troubleshooting APM
8 Sub-Modules | 40 Lessons
- Sub-Modules and Lessons aligned directly to 304 blueprint objectives
- Access profile management and configuration review
- High availability behaviour and session persistence across failover
- Provisioning, licensing, and module dependencies
- Logging configuration and session reporting
- Gathering diagnostic data and interpreting APM logs
- Investigating authentication failures and policy evaluation issues
- Session inspection and variable tracing
- Validating access behaviour across distributed environments
▶️Section 6 – Security
8 Sub-Modules | 40 Lessons
- Sub-Modules and Lessons aligned directly to 304 blueprint objectives
- Mitigating authentication-based attacks (brute force, credential abuse)
- Session management and timeout configuration
- ACL configuration (Layer 4 vs Layer 7 enforcement)
- Secure Web Gateway (SWG) concepts and traffic control
- Endpoint Security (EPSEC) configuration and posture checks
- Access policy hardening and enforcement strategies
- Certificate handling and secure client communication
- Designing secure access flows with risk awareness
Private Community Included with the Course
Share a private community with other members of this course.
Course community membership is permanent.
✅Ask questions and get practical advice from other course members on the same learning journey.
✅Share real-world scenarios, problems, and solutions.
Want Personalised Support?
Add a 1:1 Strategy Session
Get a private hour with Graham to:
✅ Review your specific APM study and knowledge gaps
✅ Review specific areas of the blueprint that are blockers.
✅ Live question sessions to test exam readiness
Additional Costs: €100
16 Hours of Video Lessons
Presentations, F5 GUI and CLI demonstrations, real-world APM Virtual deployment scenarios, profile configuration walkthroughs, traffic flow analysis, and architectural design examples aligned to the 304 blueprint.
Labs with GUI, CLI, adtest, ldapsearch and Postman
Architectural presentations, F5 GUI and TMSH demonstrations, real-world deployment scenarios, profile implementation walkthroughs, traffic flow validation, and high availability configuration exercises aligned to the 304blueprint.
Lesson Knowledge Checks
Targeted knowledge assessments after each module to reinforce key concepts and ensure you are progressing toward 304 exam readiness. The questions will also include production-level Q&A
Course FAQs
Is this a certification prep course?
Do I need prior experience with AD, LDAP, Kerberos, SAML or OAuth?
Do I need prior BIG-IP certification?
Does this course include practical configuration demonstrations?
Is this course focused only on the exam, or real-world APM usage?
Instructor
Graham Mattingley
F5 Instructor
Graham Mattingley F5 Instructor
F5-certified expert with 30+ years in application development and 15 years specialising in F5 technologies. I've deployed and secured F5 solutions for banking, aviation, and government systems across Europe. I'm also an app developer and OWASP member, so I teach security from both sides: how apps work and how to protect them.
I don't teach exam shortcuts. I teach real-world security, how APM actually behaves under production traffic, how to tune policies without breaking applications, and how to make confident decisions when it's 2 AM and something's on fire.
This is the operational knowledge I wish I'd had 15 years ago, distilled from production deployments you won't find in official training materials.
How this course is delivered
-
Instructor-led, structured video lessons aligned directly to the 304 blueprint
-
Step-by-step configuration walkthroughs using the F5 GUI and TMSH
-
Guided video lab demonstrations showing full architectural builds and validation
-
Clearly structured modules progressing from architecture fundamentals to deployment design
-
Self-paced access, allowing you to study around professional commitments
-
Practical architectural scenarios based on real-world APM/SSO/SAML implementations
Prerequisites & Requirements
-
A valid F5 201 – TMOS Administration certification
-
Strong understanding of BIG-IP LTM fundamentals
-
Familiarity with TCP/IP, SSL/TLS, and application authentication concepts
-
Basic understanding of Active Directory and authentication services (AD, LDAP, RADIUS)
-
Access to a BIG-IP lab environment is strongly recommended
If you have not yet completed the 201 or 301a certifications, a structured 201 + 301a preparation pathway is available before progressing to 301b.
What happens next?
-
Join the waiting list to be notified when enrolment opens
-
Receive weekly, blueprint-aligned APM troubleshooting scenarios and diagnostic insights while the course is in development
-
Get early access and priority enrolment before the public launch
