Manual Chapter : Managing Virtual Servers in Shared Security

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Managing Virtual Servers in Shared Security

About virtual servers

On BIG-IP devices, virtual servers can have security objects, such as DoS profiles, SSH profiles, or log profiles, attached to them. You create virtual servers using the Local Traffic service, and then use them from within Shared Security. You can modify only some of the virtual server properties within Shared Security. To modify other virtual server properties, use the Local Traffic service.
The BIG-IQ Centralized Management system can successfully discover only BIG-IP devices that are using supported profile types. If the system attempts to discover a BIG-IP device that is using an unsupported type of profile:
  • You might see an invalid profile error during discovery.
  • The BIG-IQ Centralized Management system does not successfully discover the BIG-IP device.

View and edit virtual server shared security

You can view and modify virtual servers within Shared Security to manage the security objects that might be part of a virtual server. To modify other virtual server properties, use the Local Traffic service.
You can access a specific virtual server's Shared Security configuration by selecting a virtual server found in the Network Security's context list (
Configuration
SECURITY
Network Security
Contexts
) or the Web Application Security's virtual server list (
Configuration
SECURITY
Web Application Security
Virtual Servers
). Once selected, click the link provided under the Properties area.
  1. Click
    Configuration
    SECURITY
    Shared Security
    Virtual Servers
    .
  2. On the virtual servers properties screen, modify the editable the properties as needed.
    Depending on the setting configured, you can only edit some of the properties.
  3. In the
    DoS Profile
    setting, select the DoS profile to use.
    You define DoS profiles using the Shared Security DoS Profiles screen.
  4. In the
    SSH Profile
    setting, select the SSH profile to use.
    You define SSH profiles using the Shared Security SSH Profiles screen.
  5. In the
    IP Intelligence
    setting, select the IP intelligence policy to use.
    You define IP intelligence policies using the Shared Security IP Intelligence Policies screen.
  6. In the
    Maximum Bandwidth
    setting, type the maximum bandwidth allowed, in Mbps.
    Set this value to 0 to specify no bandwidth limit.
  7. In the
    Log Profiles
    setting, select one or more log profiles to use.
    You define log profiles using the Shared Security Logging Profiles screen.
  8. Save your work.
The virtual server is updated with your changes. You make other changes to the virtual server using this screen:
Configuration
LOCAL TRAFFIC
Virtual Servers
.

Configure DoS event logging from the virtual server

You enable DoS event logging using the virtual servers displayed in the list. When enabled, you can view these DoS events using the
Monitoring
EVENTS
DoS
screens.
  1. Click
    Configuration
    SECURITY
    Shared Security
    Virtual Servers
    .
    The Virtual Servers screen opens.
  2. To enable logging of DoS events, click the check box next to the virtual server to configure, and click
    Configure DoS Logging
    .
    To disable logging of DoS events, click the check box next to the virtual server to configure, and click
    Disable DoS Logging
    .
The DoS Logging Configuration dialog box opens so that you can begin the configuration process.
Review the information about the configuration process before continuing. This is described in the
Monitoring DoS events
topics in
F5 BIG-IQ Centralized Management: Monitoring and Reporting
on
support.f5.com
.