Manual Chapter : Warehouse Topic: Access Product

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.0.0
Manual Chapter

Warehouse Topic: Access Product

Before BIG-IQ can display Access report data for a managed BIG-IP device, you must first complete the following tasks:
  • Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
  • Discover and import the managed BIG-IP device
  • Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
To discover and import a configuration and deploy configurations to a managed BIG-IP device, users must belong to one of the following RBAC roles:
  • Admin
  • Access Manager
  • Access Deployer
This text appears when you use the full prereq. But it can also be used independently.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, select
    Configuration
    , then on the left side of the screen, click
    ACCESS
    Access Groups
    .
  3. Click the name of an Access group.
    A new screen displays the group's properties.
  4. Enter a
    Partition
    . The default is
    Common
    . You can also enter a custom path to a partition you have created. Only users with access to a partition can view the objects that the partition contains. If the object resides in the
    Common
    partition, all users can access it.
  5. Click
    Shared resources
    .
    The screen displays a list of resources, with
    ACCESS POLICIES
    selected.
  6. Select the type of resource that you want to change.
    The screen displays a list of resources of that type on the right.
  7. At the top of the screen, select
    Access Reporting
    .
    A Summary report (for all devices and a default timeframe) starts to generate and display.
  8. From the left, select any report that you want to run.
  9. At the top left of the screen, from the
    ACCESS GROUP/DEVICES
    list, either select one of the first two options (
    All Devices
    and
    All Managed Devices
    ) or select one or more of the other options (
    <
    Access group name
    >
    ,
    <
    Cluster display name
    >
    , or
    <
    Device name
    >
    ).
    • All Managed Devices
      Includes all Access devices that are currently discovered.
    • <
      Access group name
      >
      Select to include all devices in the Access group.
    • <
      Cluster display name
      >
      Select to include the devices in the cluster.
    • <
      Device name
      >
      Select to include the device. You can select any device from
      Managed Devices
      ,
      <
      Access group name
      >
      , or
      <
      Cluster display name
      >
      .
  10. From the
    TIMEFRAME
    menu, specify a time frame:
    • Select a predefined time period. These range from
      Last hour
      to
      Last 3 months
      .
    • Set a custom time period. Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  11. To save report data in a comma-separated values (CSV) file, click the
    CSV Report
    button.
    The CSV file downloads.
  12. To refresh the data on this dashboard immediately, click
    Refresh
    . To configure an automatic refresh, click the arrow next to it and then select
    1 minute
    ,
    5 minutes
    , or
    10 minutes
    . You can also
    Disable
    automatic refresh from this menu.
  13. To add this device to a new cluster:
    If a device is not a member of a Sync-Failover group that you configured to support an Active-Standby configuration for APM, do not add it to a cluster.
    If the device is the first member of a Sync-Failover group that you have added to the BIG-IQ system, add it to a new cluster. It does not matter whether this device is the Active or the Standby member of the group.
    1. From the
      Cluster Display Name
      list, select
      Create New
      , and then type a new name for this new cluster.
      A cluster name must be unique on the BIG-IQ system. It does not need to match the name of the Sync-Failover group on the BIG-IP device. However, it makes sense to chose a name that is similar, because when you add the additional members to the group, you must add it to the same cluster.
    2. Select an option from
      Deployment Settings
      :
    • Initiate BIG-IP DSC sync when deploying configuration changes (Recommended)
      Select this option to prompt BIG-IQ to start the DSC synchronization process so that any configuration change made to this device is synchronized with other members of the DSC. This option makes sure all members of the DSC have the most current configuration.
    • Ignore BIG-IP DSC sync when deploying configuration changes
      Select this option to have BIG-IQ deploy any configuration changes for this device to all cluster members. Use this option only if this device is not configured in a DSC Sync-Failover device group, or if any members of the cluster are disabled.
  14. To add this device to an existing cluster:
    If the device is the second member of a Sync-Failover group that you have added to the BIG-IQ system, add the device to the existing cluster for that Sync-Failover group.
    1. From the
      Cluster Display Name
      list, select
      Use Existing
      , and then select the cluster from the list.
    2. Select an option from the
      Deployment Settings
      :
    • Initiate BIG-IP DSC sync when deploying configuration changes (Recommended)
      Select this option to prompt BIG-IQ to push any configuration changes to this device to other members of the DSC. This option makes sure all members of the DSC have the most current configuration.
    • Ignore BIG-IP DSC sync when deploying configuration changes
      Select this option to have BIG-IQ deploy any configuration changes for this device to all cluster members. Use this option only if this device is not configured in a DSC Sync-Failover device group, or if any members of the cluster are disabled.
  15. For Access Policy Manager (APM), select the
    Create a snapshot of the current configuration before importing
    check box to save a copy of the device's current configuration.
    You are not required to create a snapshot, but it is a good idea in case you have to revert to the previous configuration for any reason.
  16. For Local Traffic (LTM), select the
    Create a snapshot of the current configuration before importing
    check box to save a copy of the device's current configuration.
    You are not required to create a snapshot, but it is a good idea in case you have to revert to the previous configuration for any reason.
  17. Click
    Monitoring
    DASHBOARDS
    Access
    User Summary
    .
    The User Summary screen displays, showing detailed information for specific users.
  18. Click
    Monitoring
    DASHBOARDS
    Access
    SWG
    .
    The screen displays the SWG analytics screen. By default, the screen displays statistics from the past hour. You can adjust the time settings using the controls found at the top of the screen.
  19. Click
    Monitoring
    DASHBOARDS
    Access
    Access Summary
    .
    The Summary report is an example of the type of report that presents high-level data, and provides access to underlying data.
    BIG-IQ starts to generate and display a Summary report (for all devices and using a default timeframe).
  20. Click
    Applications
    ALERT MANAGEMENT
    Alert Rules
    .
    BIG-IQ displays the list of alert rules configured on this system.
  21. Click
    Applications
    ALERT MANAGEMENT
    Active Alerts
    .
  22. Click
    Monitoring
    DASHBOARDS
    Access
    Federation
    OAuth
    .
    BIG-IQ displays a list of all triggered alerts.
  23. Click
    Monitoring
    DASHBOARDS
    Access
    Federation
    OAuth
    Authorization Server
    Server Performance
    .
    BIG-IQ opens the Authorization Server Performance screen.
  24. Click
    Monitoring
    DASHBOARDS
    Access
    Federation
    OAuth
    Authorization Server
    Tokens
    .
    BIG-IQ opens the Token Summary screen.
  25. Click
    Monitoring
    DASHBOARDS
    Access
    Federation
    SAML
    .
  26. Click
    Monitoring
    DASHBOARDS
    Access
    Federation
    SAML
    SP
    .
  27. Click
    Monitoring
    DASHBOARDS
    Access
    Federation
    SAML
    IdP
    .
  28. Click
    Monitoring
    DASHBOARDS
    Access
    Sessions
    Denied
    .
  29. Click
    Monitoring
    DASHBOARDS
    Access
    Sessions
    .
  30. Click
    Monitoring
    DASHBOARDS
    Access
    Sessions
    Active
    .
    The screen displays a list of active sessions for all devices.
  31. Click
    Monitoring
    DASHBOARDS
    Access
    Secure Web Gateway
    .
    A Summary report (for all devices and a default timeframe) starts to generate and display.
  32. Use the
    Log Levels
    menu to sort by message severity. Selecting
    Emergency
    will show only the most severe warnings, and selecting
    Debug
    will display the lowest severity messages.
  33. To exit the nested view or to move up one level, select the breadcrumbs links at the top of the dashboard you want to navigate to.
  34. To view details for a specific session, click the ID under the
    Session ID
    column.