F5 Logo MyF5
Search
  1. MyF5 Home
  2. Managing BIG-IP Devices from BIG-IQ
  3. device-discovery-and-basic-management
  4. How do I start managing BIG-IP devices
  5. Add BIG-IP devices to BIG-IQ and import their services in one step
Manual Chapter : Add BIG-IP devices to BIG-IQ and import their services in one step

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.4.0
Manual Chapter

Add BIG-IP devices to BIG-IQ and import their services in one step

To add multiple BIG-IP devices simultaneously, the devices must:
  • Be running the same BIG-IP software version and licensed for the same services.
  • Have the same user name and password.
  • Be using the same port.
    Before you can add BIG-IP devices to BIG-IQ, keep these things in mind:
    • The BIG-IP devices must be located in your network and running a compatible software version. Refer to K14592 for more information.
    • The BIG-IP management address must be open (typically this is on port 22 and 443), or any alternative IP address. Ports 22 and 443 and the management IP address are open by default on BIG-IQ.
    • The BIG-IQ you are discovering BIG-IP devices from must be using local authentication. You cannot discover BIG-IP devices from remotely-authenticated BIG-IQ because that requires a token.
    A BIG-IP device running versions 10.2.0 - 12.0.x is considered a
    legacy device
    , and cannot be added to the BIG-IQ system's inventory for management. Although version 12.1.x is supported, its features are limited, and it is recommended to upgrade to version 13.0 or later. If you were managing a legacy device in a previous version of BIG-IQ and upgrade, the legacy device displays as impaired with a yellow triangle next to it in the BIG-IP Devices inventory. To manage it, you must upgrade it to version 12.1.0 or later. For instructions, refer to the section titled,
    Upgrading a Legacy Device
    .
    For BIG-IP devices with ASM services, you can only add five devices at a time. If the BIG-IP device(s) provisioned with ASM is part of a DSC cluster, that device must also be a member of a sync-only device group, and ASM synchronization must be enabled for the device group. Without these DSC group settings, deploying changes to the ASM device can cause the cluster to get out of sync. For more information see K12200102, or the ASM Implementations chapter
    Automatically Synchronizing Application Security Configurations
     on
    support.f5.com
    .
    You cannot add multiple BIG-IP devices with SSLO services. You must add those BIG-IP devices individually. After you import a BIG-IP device with SSLO services, make future configuration changes only from BIG-IQ. If you make a change to the SSLO service configuration directly on the BIG-IP device, you cannot re-discover or re-import that device.
Use this procedure to add one or more BIG-IP devices in your network and import services in one step.
  1. At the top of the screen, click
    Devices
  2. Click the
    Add Device(s)
     button.
  3. For the Discovery Type setting, select
    Add BIG-IP device(s) and discover and import services in one step
    .
  4. To create a snapshot of the BIG-IQ configuration before importing services, select the
    Snapshot
     check box.
    Clear this check box if you are adding devices that are in an access group you just created. If you don't, BIG-IQ won't be able to add the device(s).
  5. If you do not want to import any services that you know have conflicts between the BIG-IQ working configuration and the BIG-IP current configuration, select the
    Do not import a service if it contains a shared object conflict between this BIG-IP device and BIG-IQ
     check box to skip any services that have conflicts.
    If you do not select this check box, BIG-IQ will not add the BIG-IP device with a conflict.
  6. Click the
    Add Device(s)
     button.
  7. For
    IP Address
    , type the IPv4 or IPv6 address of the device.
  8. Click the
    +
     button to add another IP address.
  9. Type the user name and password for these devices.
  10. In the
    Port
     box, type the management port for this BIG-IP device.
    The port number must be between 4 and 65535. In many cases, it's the default port 443.
    Chrome and Safari browsers don't allow access to web applications running on port 65535. So if you use port 65535 as the management port, you won't be able to access the BIG-IP device's interface from BIG-IQ when using Chrome or Safari. You can still discover and manage BIG-IP devices that are using port 65535.
  11. For the Target Silo setting, select
    Use an Existing Silo
     and select it, or select
    Create a New Silo
     and name it.
    When you select a silo other than
    Default
    , BIG-IQ displays only the LTM service. You cannot import services other than LTM to a silo.
  12. Select the check box next to each licensed service running on the device(s) you are adding.
  13. If BIG-IQ detects a conflict for services between the working configuration on BIG-IQ and the current configuration on BIG-IP, select a conflict resolution policy option for each object type.
    • Use BIG-IQ
      Keep the object settings in the BIG-IQ working configuration. The next time you deploy a configuration to that BIG-IP device, BIG-IQ overwrites the object settings to match the settings defined on BIG-IQ.
      Use BIG-IP
      Use the object settings from this BIG-IP device's configuration to replace the object in the BIG-IQ working configuration. The next time you deploy a configuration to your BIG-IP devices, BIG-IQ replaces that object settings for all of your managed BIG-IP devices to match the object settings on this BIG-IP device.
      Create Version
      For LTM monitors or profiles only, you can create and store a copy of the BIG-IP device's object(s), specific to the software version on that BIG-IP device. The next time you deploy a configuration, BIG-IQ replaces that object for all the managed BIG-IP devices running that specific version with the object on this BIG-IP. You can store multiple versions of LTM monitors or profiles. BIG-IQ deploys the appropriate stored version to your managed devices. BIG-IQ automatically resolves conflicts against the appropriate version the next time it imports services that contain LTM monitors or profiles.
  14. If you are collecting statistics, for
    Status
    select the
    Enabled
    check box and a zone from the
    Zone
     list.
    If you do not define a zone, this device sends its statistics to DCDs assigned to the default zone.
    Zones
    are names created to associate BIG-IP devices with one or more DCD systems to help segregate statistic traffic by network topology, load, availability, and so forth, for optimal statistics traffic routing.
  15. If this device is configured in a DSC group or you are creating a new DSC group, for the
    Cluster Properties
    , specify how to handle it:
    • Initiate BIG-IP DSC sync when deploying configuration changes (Recommended)
      : Select this option if you want this device to automatically synchronize configuration changes with other members in the DSC.
    • Allow deployment when DSC configured devices have changes pending ( Not Recommended)
      : Select this option if you want to deploy changes to this device even if there are changes pending for devices in the DSC group.
      This option is not recommended, because it can lead to unpredictable results.
    • Ignore BIG-IP DSC sync when deploying configuration changes
      : Select this option if you want to manually synchronize configurations changes between members in the DSC group.
  16. Click the
    Discover & import
     button.
You can now manage all devices you successfully added and discovered and imported services for.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information