F5 Logo MyF5
Search
  1. MyF5 Home
  2. Managing BIG-IP Devices from BIG-IQ
  3. device-discovery-and-basic-management
  4. How do I start managing BIG-IP devices
  5. Add a single BIG-IP device
  6. Discover and import IPS services
Manual Chapter : Discover and import IPS services

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.4.0
Manual Chapter

Discover and import IPS services

You must ensure that you have the proper licenses for AFM and IPS on the managed BIG-IP device. You must have access to the BIG-IQ Advanced Shell. If you do not have access, contact F5 support at support.f5.com.
To manage IPS (Intrusion Prevention System) within BIG-IQ CM (console node), you must first change the default settings that block initial discovery for the host BIG-IP device. This requires setting
protocolInspectionDisabled
 to
false
 in the file
/var/config/rest/config/restjavad.properties.json
. Once you have enabled IPS discovery, you need to re-discover and re-import AFM services to the appropriate BIG-IP devices.
If you have a standby console nodes, complete steps 2-3 of the following process for the standby node.
  1. Log into the BIG-IQ Advanced Shell (console node) using ssh.
  2. In the
    restjavad.properties.json
     file, locate the
    "afm"
     property.
  3. In the
    "afm"
     property, locate the
    "ips"
     property.
    If the
    "ips"
     property does not exist, you can add this property using the example provided in step 4. Ensure that the "
    protocolInspectionDisabled
    " property is included within
    "ips"
    .
  4. Ensure the value for "
    protocolInspectionDisabled
    " is
    false
    .
    The following example shows a possible configuration of the 
    ...
"afm" :
    {
...
        "ips" : {
            "protocolInspectionDisabled": false
        }
...
    },
...
  5. Restart the restjavad process using the following command:
    bigstart restart restjavad
  6. In the BIG-IQ UI, re-discover and re-import AFM services, for each licensed device by going to
    Devices
    BIG-IP DEVICES
    .
    To perform a bulk re-discovery and re-import for all services, on multiple devices, see
    Re-discover and re-import services in bulk
    .
  7. Select the device name.
  8. On the left, click
    SERVICES
    .
  9. In the Network Security (AFM) area, click the
    Re-discover
    or
    Discover
     button.
  10. In the Network Security (AFM) area click the
    Re-import
    or
    Discover
     button.
After the services re-import/import, the BIG-IP Devices inventory list includes the AFM service (see
Devices
BIG-IP DEVICES
). You can now manage this BIG-IP device's IPS services from BIG-IQ.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information