Manual Chapter : Discover and import IPS services

Applies To:

BIG-IQ Centralized Management

  • 8.4.0
back-action Add A BIG-IP Device To The BIG-IQ Inventory

Discover and import IPS services

You must ensure that you have the proper licenses for AFM and IPS on the managed BIG-IP device. You must have access to the BIG-IQ Advanced Shell. If you do not have access, contact F5 support at https://support.f5.com.

To manage IPS (Intrusion Prevention System) within BIG-IQ CM (console node), you must first change the default settings that block initial discovery for the host BIG-IP device. This requires setting protocolInspectionDisabled to false in the file /var/config/rest/config/restjavad.properties.json. Once you have enabled IPS discovery, you need to re-discover and re-import AFM services to the appropriate BIG-IP devices.

Note: If you have a standby console nodes, complete steps 2-3 of the following process for the standby node.

  1. Log into the BIG-IQ Advanced Shell (console node) using ssh.

  2. In the restjavad.properties.json file, locate the “afm” property.

  3. In the “afm” property, locate the “ips” property.

    If the “ips” property does not exist, you can add this property using the example provided in step 4. Ensure that the “protocolInspectionDisabled” property is included within “ips”.

  4. Ensure the value for “protocolInspectionDisabled” is false.

    The following example shows a possible configuration of the

    ...
"afm" :
    {
...
        "ips" : {
            "protocolInspectionDisabled": false
        }
...
    },
...

  5. Restart the restjavad process using the following command:

    bigstart restart restjavad

  6. In the BIG-IQ UI, re-discover and re-import AFM services, for each licensed device by going to Devices > BIG-IP DEVICES.

    Note: To perform a bulk re-discovery and re-import for all services, on multiple devices, see Re-discover and re-import services in bulk.

  7. Select the device name.

  8. On the left, click SERVICES.

  9. In the Network Security (AFM) area, click the Re-discover or Discover button.

  10. In the Network Security (AFM) area click the Re-import or Discover button.

After the services re-import/import, the BIG-IP Devices inventory list includes the AFM service (see Devices > BIG-IP DEVICES). You can now manage this BIG-IP device’s IPS services from BIG-IQ.