Applies To:Show Versions
BIG-IQ Centralized Management
Initial Connections for BIG-IQ Centralized Management
Configure static routes
Confirm connectivity between BIG-IQ solution components
Add a proxy for secure communication
- Communicate with the F5 licensing server when you use BIG-IQ to license BIG-IP devices.
- Send iHealth data to F5 for troubleshooting help.
- Route forwarded alerts.
- Download alert rules from the security operations center.
- Download ASM signature files.
- At the top of the screen, clickSystem.
- On the left, clickPROXIES.
- On the Proxies screen, clickAdd.
- If the BIG-IQ is in a high availability configuration, you can assign the proxy to either the active or standby device. ForProxied Device, select the hostname of the device for which you are creating this proxy.
- ForName, type a name for this proxy.The proxy name must match across all devices in the cluster. The proxy addresses and port can vary.
- ForAddress, type the IP address of the proxy server.
- ForPort, type the port that you want the proxy server to use.
- If the proxy server requires authentication, type theUser NameandPasswordfor the proxy.
- Select the check box next to the Functions (LicensingoriHealth) that you want BIG-IQ to use this proxy for.When you create a proxy, the BIG-IQ uses that proxy when it accesses FPS alerts or ASM signature files. BIG-IQ uses this proxy any time you use a function that requires outside the firewall communications .
- Click the plus sign in the upper right hand corner, and then repeat the preceding 4 steps to add a proxy for each data collection device in the cluster.Remember, the proxy name must match across all devices in the cluster. The proxy addresses and port can vary.
- ClickSave & Close.
- To use this proxy for a BIG-IQ used only as a license server, follow the task sequence laid out inDeploy BIG-IQ to use as a license manager for BIG-IP VE devicesonsupport.f5.com.
- To use this proxy to configure BIG-IQ authentication credentials for iHealth & Reports, refer toHow do I get access to send QKView files for my managed devices to the F5 iHealth diagnostics serveronsupport.f5.com.
Replace the default SSL certificate on a BIG-IQ system
Configure trusted certificates for outgoing SSL connections
- At the top of the screen, clickSystem.
- On the left, clickSSL CERTIFICATION VERIFICATION.
- ForVerify Hostsconfirm that theEnabledcheck box is enabled.
- UseVerify Usingto specify the type of certificate to use for end-user host verification.ChooseDescriptionWell-known certificate authoritiesBIG-IQ accepts certificates issued by any CA in its default trust store. If you choose this option, your task is complete.Certificates I provideBIG-IQ accepts only the certificates that you identify and import.If you import the certificate of a trusted CA, BIG-IQ will trust all certificate issued by that CA.
- ForImport Method, selectCreate New.
- Type aNamefor the first certificate you are adding.It's good practice to use a name that distinguishes this certificate from others you import. BIG-IQ stores and identifies this certificate by the name you specify here. That is, if the certificate you are importing is currently namedmycertificate.crt, but when you import it you name itf5.crt, BIG-IQ stores the certificate as you specified, tof5.crt.
- From theCertificate Sourcelist, selectUpload File.
- Click theChoose Filebutton, navigate to the certificate for the first component in your solution, and then clickOpen.
- ClickSave.BIG-IQ adds the certificate to the list of trusted certificates it uses to validate the certificates of the hosts it connects to.You might have to refresh your screen display the new certificate.
- Repeat steps 7 through 9 to add certificates for the remaining components in your system (each DCD, each BIG-IP, and the standby BIG-IQ). As you add each certificate, use a name to help you identify which component it belongs to.
- ClickSave & Close.The SSL Certificate Verification screen lists the certificates for all of the components in your BIG-IQ solution.