Applies To:Show Versions
BIG-IQ Centralized Management
Initial Connections for BIG-IQ Centralized Management
- Menu FinderTo quickly locate a particular menu item, click the grid icon in the left corner of the screen and type a term in the field. This search is a simple text search. BIG-IQ displays links to all screens and on line help that contains that term anywhere in the string.
- Customized system user preferencesYou can specify the amount of time that passes before BIG-IQ logs you out when the system is idle, what default screen displays when you log back in, or change your password by clicking the arrow at the upper-right corner of the screen and selectUser Preferences.
- Global search, related content, and preview paneBIG-IQ has a robust and interactive global search feature that allows you to easily find a specific content and related content. From any screen, you can click the magnifying glass icon in the upper-right corner of the screen and type a search string. Search results are grouped by content type. From the results, you can click an object to go directly to that object's properties screen in BIG-IQ.
- Product documentation, F5 modules for Ansible, and online helpTo access BIG-IP, API, Ansible documentation, and F5 modules for Ansible, click the book icon in the upper-right corner of any screen.
- Online helpTo view the context-sensitive online help, click the question mark in the upper-right corner on any screen.
- FiltersFor each screen that contains a list, you can use a context-sensitive filter to search on a term, and then narrow your search further to view only those items that are relevant to you at the moment. For example, say you wanted to see local traffic and network audit logs. You can use the search on local traffic, and further refine what is displayed by filtering again on network audit logs.
- Customized log in screenTo customize your log in screen for users (for example, if you want to provide special guidance or make sure all users see a certain message), you can navigate to, click theEditbutton and type your message (up to 8,192 characters) in theCustom Login Messagefield.
- Flexible access to objects and configuration optionsFor some objects, you can view and edit settings that are located in other places in the user interface, without having to stop what you're doing and navigate to another part of BIG-IQ. For example, you could be editing a firewall policy and find an address list in the toolbox that you want to look at. Right there, you can click the address to access the details, and then view or edit it as you want.You can also configure some types of objects from different places in BIG-IQ, depending on what your user role is or what work flow you're in. For example, you can create an access group from the Configuration area of BIG-IQ, as well as from the Devices area. This makes it convenient for you to access during other tasks you're doing in different areas of BIG-IQ.
- Customizing and sorting columnsYou can customize the columns that display in each screen that has a list by clicking the gear icon at the top right side of the screen, next to the filter, hiding any information that isn't important to you. You can also rearrange columns by dragging and dropping them to a different location or sort objects by clicking the arrow at the top of a column. This helps you to focus on only those attributes that are relevant to you.
Configure static routes
Confirm connectivity between BIG-IQ solution components
Add a proxy for secure communication
- Communicate with the F5 licensing server when you use BIG-IQ to license BIG-IP devices.
- Send iHealth data to F5 for troubleshooting help.
- Route forwarded alerts.
- Download alert rules from the security operations center.
- Download ASM signature files.
- At the top of the screen, clickSystem.
- On the left, clickPROXIES.
- On the Proxies screen, clickAdd.
- If the BIG-IQ is in a high availability configuration, you can assign the proxy to either the active or standby device. ForProxied Device, select the hostname of the device for which you are creating this proxy.
- ForName, type a name for this proxy.The proxy name must match across all devices in the cluster. The proxy addresses and port can vary.
- ForAddress, type the IP address of the proxy server.
- ForPort, type the port that you want the proxy server to use.
- If the proxy server requires authentication, type theUser NameandPasswordfor the proxy.
- Select the check box next to the Functions (LicensingoriHealth) that you want BIG-IQ to use this proxy for.When you create a proxy, the BIG-IQ uses that proxy when it accesses FPS alerts or ASM signature files. BIG-IQ uses this proxy any time you use a function that requires outside the firewall communications .
- Click the plus sign in the upper right hand corner, and then repeat the preceding 4 steps to add a proxy for each data collection device in the cluster.Remember, the proxy name must match across all devices in the cluster. The proxy addresses and port can vary.
- ClickSave & Close.
- To use this proxy for a BIG-IQ used only as a license server, follow the task sequence laid out inDeploy BIG-IQ to use as a license manager for BIG-IP VE devicesonsupport.f5.com.
- To use this proxy to configure BIG-IQ authentication credentials for iHealth & Reports, refer toHow do I get access to send QKView files for my managed devices to the F5 iHealth diagnostics serveronsupport.f5.com.
Replace the default SSL certificate on a BIG-IQ system
Configure trusted certificates for outgoing SSL connections
- At the top of the screen, clickSystem.
- On the left, clickSSL CERTIFICATION VERIFICATION.
- ForVerify Hostsconfirm that theEnabledcheck box is enabled.
- UseVerify Usingto specify the type of certificate to use for end-user host verification.ChooseDescriptionWell-known certificate authoritiesBIG-IQ accepts certificates issued by any CA in its default trust store. If you choose this option, your task is complete.Certificates I provideBIG-IQ accepts only the certificates that you identify and import.If you import the certificate of a trusted CA, BIG-IQ will trust all certificate issued by that CA.
- ForImport Method, selectCreate New.
- Type aNamefor the first certificate you are adding.It's good practice to use a name that distinguishes this certificate from others you import. BIG-IQ stores and identifies this certificate by the name you specify here. That is, if the certificate you are importing is currently namedmycertificate.crt, but when you import it you name itf5.crt, BIG-IQ stores the certificate as you specified, tof5.crt.
- From theCertificate Sourcelist, selectUpload File.
- Click theChoose Filebutton, navigate to the certificate for the first component in your solution, and then clickOpen.
- ClickSave.BIG-IQ adds the certificate to the list of trusted certificates it uses to validate the certificates of the hosts it connects to.You might have to refresh your screen display the new certificate.
- Repeat steps 7 through 9 to add certificates for the remaining components in your system (each DCD, each BIG-IP, and the standby BIG-IQ). As you add each certificate, use a name to help you identify which component it belongs to.
- ClickSave & Close.The SSL Certificate Verification screen lists the certificates for all of the components in your BIG-IQ solution.