F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5 rSeries Systems: Administration and Configuration
  3. System Settings
Manual Chapter : System Settings

Applies To:

Show Versions Show Versions

F5OS-A

  • 1.0.1, 1.0.0
Manual Chapter

System Settings

System settings overview

You can access system settings in the webUI.

Display system alarms and events from the webUI

The Alarms & Events screen lists alert information for system components (such as PSU, firmware, and LCD) that have currently crossed a performance or health threshold. Use this screen to identify the specific component that is affected.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Alarm & Events
    .
  3. Choose from one of these actions:
    • To refresh the alarms or events list, click the
      Refresh
       icon on the right of the screen.
    • To display events result by time preference, click the down arrow next to the
      Refresh
       icon and select a value from the list. The default value is one hour. For example, select five minutes to display any event that occurred in the last five minutes.
    • To display events by severity, select a value from the
      Severity
       list. The default value is WARNING.
    Option
    Description
    Emergency
    Emergency system panic messages
    Alert
    Serious errors that require administrator intervention
    Critical
    Critical errors, including hardware and file system failures
    Error
    Non-critical, but possibly important, error messages
    Warning
    Warning messages that should be logged and reviewed
    Notice
    Messages that contain useful information, but might be ignored
    Informational
    Messages that contain useful information, but might be ignored
    Debug
    Detailed messages used for troubleshooting

Configure a management interface from the webUI

You can view or change settings for the management interface from the webUI.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Management Interface
    .
    The
    Management IP Address
    ,
    Interface Settings
    ,
    Interface Statistics
     sections are shown.
  3. Management IP Address
    DHCP
    , select either Enabled or Disabled.
  4. Management IP Address
    Address
    , select either IPv4, IPv6, or IPv4 & IPv6.
    A corresponding IPv4 or IPv6 (or both) address form appear to enter IP address information.
    1. Enter an IPv4 or IPv6 address.
    2. Enter a number from 1-32 for the length of the prefix.
    3. Enter the Gateway IP address.
  5. On Interface Settings, enter the following information:
    1. For
      State
      , select Enabled or Disabled.
    2. For
      Auto-negotiation
      , select Enabled or Disabled.
      If you enable Auto-negotiation, you get the Port Speed and Duplex Mode automatically set.
    3. For
      Port Speed
      , select a speed.
    4. For
      Duplex Mode
      , select FULL or HALF.
  6. On Interface Statistics, enter the following information:
    1. For
      Data Format
      , select Unformatted or Normalized.
    2. For
      Auto Refresh
      , select Disabled or a time increment of 10, 20, 30, 60, 180, or 300 seconds.
      You can click the refresh button to update this setting.
  7. Click
    Reset
     to update settings.
  8. Click
    Save
    .

Software management overview

The Software Management screen on the webUI includes options for uploading, importing and updating Base OS software for the system.

Manage Base OS software images from the webUI

You can manage software images from the webUI.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Software Management
    .
  3. To add a Base OS image by importing from the URL:
    1. Click
      Import
      .
    2. For
      URL
      , type the URL of the remote image server.
      F5 recommends that the remote host be an HTTPS server with PUT/POST enabled and have a valid CA-signed certificate. You can opt to select the
      Ignore Certificate Warnings
       check box if you want to skip the certificate check.
    3. For
      Username
      , type the user name for an account on the remote image server, if required.
    4. For
      Password
      , type the password for the account, if required.
    5. Select
      Ignore Certificate Warnings
       to skip the certificate check.
    6. Click
      Add Image
      .
    Depending on the image file size and network availability, the import might take a few minutes. When the import is successful, the software image is listed in the webUI.
  4. To add a Base OS image that you have downloaded to your local workstation:
    1. Click
      Upload
      .
    2. Navigate to the image file and select it.
    3. Click
      Open
      .
  5. To delete a Base OS image, select the image and click
    Delete
    .
    Software images that are in use cannot be deleted.
View the status of image imports under
Image Import Status
, which shows information about
Remote Host
,
File
,
Status
, and
Time
.

Update Base OS software images from the webUI

Before you begin, you must also have added or uploaded an updated software image before you can do the update.
You can update Base OS software while the system is up and running from the webUI.
During a software update, there is an interruption to traffic, so F5 recommends that you perform the update during a maintenance window
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Software Management
    .
  3. In the Update Base OS Software section, for
    Update Software
    :
    • To install a full F5OS-A version release, select
      Bundled
      .
    • To install F5OS-A and service version releases independently, select
      Unbundled
      .
  4. For
    ISO Image
    , select the full version release ISO image from the drop-down.
    This field is available when
    Bundled
     is selected.
  5. For
    Base OS Version
    , select the F5OS version from the drop-down.
    This field is available when
    Unbundled
     is selected.
  6. For
    Service Version
    , select the service version release from the drop-down.
    This field is available when
    Unbundled
     is selected.

Configure DNS from the webUI

You can configure DNS for the system from the webUI. This is used for name resolution such as when setting up the system.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    DNS
    .
  3. Under
    DNS Lookup Servers
    , specify the name servers that the system uses to validate DNS lookups, and resolve host names. For each name server you want to add:
    1. Click
      Add
      .
    2. For
      Lookup Server
      , type the IP address of the name server that you want to add to the list.
    3. Click
      Save & Close
      .
  4. Under
    DNS Search Domains
    , specify the domains that the system searches for local domain lookups and to resolve local host names. For each domain you want to add:
    1. Click
      Add
      .
    2. For
      Search Domain
      , type the domain name of the name server that you want to add to the list. For example, DNSsearch.com
    3. Click
      Save & Close
      .
DNS lookup servers and search domains are now specified for the system.

Configure log settings from the webUI

You can add and display information about configured remote log servers from either the system controller or chassis partition webUIs. You can also change the log severity level for individual software components and services.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Log Settings
    .
  3. To add access to a
    Remote Log Server
    , click
    Add
    .
  4. In the
    Server
     field, type the IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN) of the remote server.
  5. In the
    Port
     field, type the port number of the remote server.
    The default port value is 514.
  6. For
    Protocol
    , select
    UDP
     or
    TCP
     to choose between TCP or UDP input.
  7. From the
    Facility
     list, select
    LOCAL0
    .
    F5OS supports only the LOCAL0 logging facility. All logs are directed to this facility, and it is the only one that you can use for remote logging.
  8. From the
    Severity
     list, select the severity level of the messages to log.
    Option
    Description
    Emergency
    Emergency system panic messages
    Alert
    Serious errors that require administrator intervention
    Critical
    Critical errors, including hardware and file system failures
    Error
    Non-critical, but possibly important, error messages
    Warning
    Warning messages that should be logged and reviewed
    Notice
    Messages that contain useful information, but might be ignored
    Informational
    Messages that contain useful information, but might be ignored
    Debug
    Verbose messages used for troubleshooting
  9. Click
    Save & Close
    .
  10. On the Log Settings screen, review the software component log levels for individual software components and adjust them as needed. Click
    Save
     if you made changes.
    The log levels determine at what level events (and all higher levels) are logged for each service.
    Informational
     is the default so all except debug-level events are logged.
  11. To delete a remote log server, select the server and click
    Delete
    .

File utilities overview

You can use File Utilities to import, export, download, or delete files asynchronously depending on which directory you select to work in. All file transfers are done using the HTTPS protocol.

File import

You can import a file from an external server into the system from either the webUI or the CLI. HTTPS is the supported protocol. The remote host should be an HTTPS server with PUT/POST enabled and have a valid CA-signed certificate.
If you want to import the contents of a tar file, you need to extract the contents first before you can import them onto the
F5
 system.
You can import files into these directories on the system:
  • configs
  • images/import
  • images/staging
  • images/tenant

File download

You can download files in these directories from the system to your local workstation from the webUI:
  • configs
  • diags/core
  • diags/crash
  • diags/shared
  • log/confd
  • log/system

File upload

You can upload files in these directories from your local workstation to the system from the webUI:
  • configs
  • images/staging
  • images/tenant

File export

You can export a file from the system to an external server from either the webUI or the CLI. HTTPS is the supported protocol. The remote host should be an HTTPS server with PUT/POST enabled and have a valid CA-signed certificate.
You can export files into these directories from the system:
  • configs
  • log/confd
  • log/controller
  • log/host
  • diags/core
  • diags/crash
  • diags/shared
  • images/import
  • images/staging
  • images/tenant

File deletion

You can delete files (to which you have file permissions) on the system only from the
diags/shared
 or
configs
 directories from either the webUI or the CLI.

Import or export files from the webUI

File Utilities are available in the webUI. You can use File Utilities to import, export, and/or delete files asynchronously depending on which directory you select to work in. All file transfers are done using HTTPS protocol.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    File Utilities
    .
  3. From the
    Base Directory
     list, browse the directories and click subfolders to view their contents and the commands that are available from each one.
    From a subfolder, click the left arrow next to the path to navigate back to the main folder.
  4. To import a file:
    1. Click
      Import
      .
    2. In the popup, type the
      URL
       of the file to import.
    3. Provide the
      Username
       and
      Password
       only if required by the remote host.
    4. Select
      Ignore Certificate Warnings
       if you want to skip warnings when importing files (such as if the remote host does not have a valid CA-signed certificate).
    5. Click
      Import File
       to begin the import.
  5. To export a file:
    1. Select the file and click
      Export
      .
    2. In the popup, type the
      Server URL
       for where to export the file.
    3. Provide the
      Username
       and
      Password
       only if required by the remote host.
    4. Select
      Ignore Certificate Warnings
       if you want to skip warnings when importing files.
    5. Click
      Export File
       to begin the export.
  6. To delete a file, select the file and click
    Delete
    .
    You can delete files from the
    diags/shared
     directory.
You can view the status of a file transfer operation to view its progress and see if it was successful. If an operation fails, hover over the warning icon to see the error that occurred.
A runtime error displays in the File Transfer status area, if an invalid operation is performed.

Configure time settings from the webUI

After the system license is activated, you can configure Network Time Protocol (NTP) servers and time zone. The NTP server ensures that the system clock is synchronized with Coordinated Universal Time (UTC). You can specify a list of servers that you want the system to use when updating the time on network systems. You can configure time settings for the system from the webUI.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Time Settings
    .
  3. To synchronize the system clock with an NTP server, for
    NTP Service
    , click
    Enabled
    .
    The
    NTP Service
     is set to
    Disabled
    , by default.
  4. To specify an
    NTP server
    :
    1. Click
      Add
      .
    2. In the
      NTP Server
       field, type the IPv4 address, IPv6 or the Fully Qualified Domain Name (FQDN) of the NTP server.
      If specifying an FQDN, you must configure a resolvable DNS server for the system.
    3. Click
      Save & Close
      .
  5. To set the time zone, select the time zone area from the
    Locations
     list.
  6. Click
    Save
    .

Certificate management overview

Before
rSeries
 systems can exchange data with one another, they need to exchange device certificates, that is, digital certificates and keys used for secure communication.
If you are using LDAP with transport layer security (TLS) for user authentication, you can choose to require TLS Certificate Validation in the authentication settings. You can add a certificate and key into the system, and when you create a certificate signing request (CSR), it saves the generated key and certificate to these directories:
  • system/aaa/tls/config/key
  • system/aaa/tls/config/certificate

View a certificate from the webUI

Before you can install device certificates, you must enable LDAP as an authentication method in the system (
USER MANAGEMENT
Auth Settings
).
You can view a certificate from the webUI.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Certificate Management
    .
  3. To display a
    TLS Certificate
    , a
    TLS Key
     that was previously installed, or the
    TLS Details
    , click
    Show
    .
    A text area opens and displays the certificate, key, or details.

Create a self-signed certificate from the webUI

Before you can install device certificates, you must enable LDAP as an authentication method in the system (
USER MANAGEMENT
Auth Settings
).
You can create or view a self-signed certificate from the webUI.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Certificate Management
    .
  3. Click
    Create Certificate
    .
    A form appears to enter certificate information.
  4. In the
    Name
     field, enter a name for the certificate. For example, the server's hostname.
  5. In the
    Email
     field, enter the email address for the certificate contact.
  6. In the
    City
     field, enter the city or locality name.
  7. In the
    State
     field, enter the state, county, or region.
  8. In the
    Country
     field, enter the two-letter country code. For example, US for United States.
  9. In the
    Organization
     field, enter the certificate originator name. For example, your company's name.
  10. In the
    Unit
     field, enter the organizational unit name. For example, IT.
  11. In the
    Version
     field, specify the version number for the certificate.
  12. In the
    Days Valid
     field, specify the number of days the certificate is valid.
  13. In the
    Key Type
     field, choose ECDSA or RSA as your key type.
  14. In the
    Store TLS
     field, choose whether to store your TLS information.
  15. Click
    Save
    .

Create a Certificate Signing Request (CSR) from the webUI

Before you can install device certificates, you must enable LDAP as an authentication method in the system (
USER MANAGEMENT
Auth Settings
).
You can create and view CSRs from the webUI.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Certificate Management
    .
  3. To create a
    Certificate Signing Request
    , click
    Create CSR
    .
    A form appears to enter certificate information.
  4. In the
    Name
     field, enter a name for the certificate. For example, the server's hostname.
  5. In the
    Email
     field, enter the email address for the certificate contact.
  6. In the
    City
     field, enter the city or locality name.
  7. In the
    State
     field, enter the state, county, or region.
  8. In the
    Country
     field, enter the two-letter country code. For example, US for United States.
  9. In the
    Organization
     field, enter the certificate originator name. For example, your company's name.
  10. In the
    Unit
     field, enter the organizational unit name. For example, IT.
  11. In the
    Version
     field, specify the version number for the certificate.
  12. Click
    Save
    .

Generate system reports (QKView) from the webUI

If you have any concerns about your system operation, you can use the
qkview
 utility to generate a system report to collect configuration and diagnostic information from the
rSeries
 system. The QKView report contains machine-readable (JSON) diagnostic data and combines the data into a single compressed tar.gz format file. You can upload the QKView file to F5 iHealth where you can get help to verify proper operation of the system, with troubleshooting and understanding any issues you might be having, and ensure that the system is operating at its maximum efficiency.
You can generate a QKView report from the webUI. The report contains diagnostic information, such as configuration data, log files, and platform information.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    System Reports
    .
    The System Reports screen displays. A list of QKView reports that were previously generated are shown with any reports that were uploaded to iHealth.
  3. To generate a system report, click
    Generate QKView
     in the upper right corner of the screen.
    The Generate QKView box displays these additional options:
    Option
    Description
    Filename
    Specify a name for the file to which QKView data is written. The default filename is <
    system-name
    >.qkview.
    Timeout Value
    Specify the time in seconds after which to stop QKView collection. The default value is 0, which indicates no timeout.
    Max File Size
    Exclude all files greater than the specified size (in MB). The range is from 2 MB to 1000 MB. The default value is 500 MB.
    Max Core Size
    Exclude core files greater than this size (in MB). The range is from 2 MB to 1000 MB. The default value for maximum core size is 25 MB.
    Exclude Cores
    Specify whether core files should be excluded from QKView. The default is to include core files.
    The system runs many commands to collect the diagnostic information, so generating the report might affect its performance.
    It takes a few minutes for the system to finish creating the report and list it on the screen. The QKView Status changes to
    File generated successfully
     when it is done.
  4. If you want to upload the report to the F5 iHealth server, select the check box next to the QKView name, and click
    Upload to iHealth
    .
    To do the upload, the system must have DNS configured, and have Internet access to these services using the HTTPS/443 remote service/port:
    • api.f5.com
    • ihealth-api.f5.com
    The QKView tar file uploads to iHealth, where you can get help to diagnose the health and proper operation of the system.
  5. To delete a QKView report, select it and click
    Delete
    .

Back up system configuration from the webUI

You can back up the system configuration from the webUI.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Configuration Backup
    .
  3. Click
    Create
    .
    The Create Configuration Backup popup opens.
  4. In the
    Name
     field, type a name for the backup (for example, system-12-21-21).
  5. Click
    Create
    .
    The backup is created and added to the list.
  6. To delete a backup file, select the file and click
    Delete
    .
System configuration backups are stored in
configs/
. Backups should be stored on off the system.
You can restore configurations from the CLI. For more information on saving and restoring the configuration, see the
Complete backup and restore overview
 section.

System licensing overview

You can activate a license for the
rSeries
 system from either the CLI or webUI. There is one license per
rSeries
 system, which is also used by any tenants.
There are two ways to license the system:
Automatically
If your system is connected to the Internet, use the Automatic method to prompt the system to contact the F5 license server and activate the license.
Manually
If your system is not connected to the Internet, use a management workstation that is connected to the Internet to retrieve an activation key from
F5
 and then transfer it to the system.
Adding or reactivating a license on an active
rSeries
 system might impact traffic on tenants. Traffic processing will stop briefly on the tenants, and then restart automatically. This occurs when the tenant receives a new or reactivated license causing a configuration reload on the tenants. For more information, see these other references:

System licensing from the webUI

License the system automatically from the webUI

You can license a system using the automatic method from the webUI, as long as the system has Internet access.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Licensing
    .
  3. For the
    Base Registration Key
     field, the registration key is auto-populated.
    You can choose to overwrite this field with a new registration key by clicking
    Reactivate
     and overwriting the field.
  4. For the
    Add-On Keys
     field, the associated add-on keys are auto-populated.
    You can choose to change these keys by clicking
    Reactivate
     and then click
    +
     or
    x
     to add or remove additional add-on keys.
  5. For the
    Activation Method
    , select
    Automatic
    .
  6. Click
    Activate
    .
    The End User License Agreement (EULA) displays.
  7. Click
    Agree
     to accept the EULA.
The system is now licensed. If a base registration key or add-on key fails to activate, try re-activating the license or contact support.f5.com.

License the system manually from the webUI

You can license a system without access to the Internet using the manual activation method from the webUI.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    Licensing
    .
  3. For the
    Base Registration Key
     field, the registration key is auto-populated.
    You can choose to overwrite this field with a new registration key by clicking
    Reactivate
     and overwriting the field.
  4. For the
    Add-On Keys
     field, the associated add-on keys are auto-populated.
    You can choose to change these keys by clicking
    Reactivate
     and then click
    +
     or
    x
     to add or remove additional add-on keys.
  5. For the
    Activation Method
    , select
    Manual.
  6. For the
    Device Dossier,
     click
    Get Dossier
    .
    The system refreshes and displays the dossier.
  7. Copy the dossier text in the
    Device Dossier
     field.
  8. Click
    Click here to access F5 Licensing Server
    .
    The Activate F5 Product page displays.
  9. Paste the dossier in the
    Enter Your Dossier
     field.
  10. Click
    Next
    .
    The license key text displays.
  11. Copy the license key text.
    Alternatively, you can use the F5 license activation portal at activate.f5.com/license.
  12. In the
    License Text
     field, paste the license key text.
  13. Click
    Activate
    .
    The End User License Agreement (EULA) displays.
  14. Click
    Agree
     to accept the EULA.
The system is now licensed. If a base registration key or add-on key fails to activate, try re-activating the license or contact support.f5.com.

General system configuration overview

You can configure general system settings for the
rSeries
 system, such as system hostname, message of the day (MOTD) banner, and appliance mode. Depending on which setting you want to configure, you can use either the CLI or the webUI.

Configure hostname and MOTD from the webUI

You can configure the hostname and a message of the day (MOTD) banner for the system from the webUI.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    General
    .
  3. For
    Hostname
    , type a custom hostname for the system.
  4. For
    MOTD Banner
    , type any text to be used as a MOTD when users log in to the system.
  5. Click
    Save
    .

Appliance mode overview

You can run the system in
appliance mode
. Appliance mode adds a layer of security removing user access to Root and Bash. Enabling appliance mode disables all Root and Bash shell access for the system.
You can enable appliance mode at each of these levels:
  • System
  • Tenant
Appliance mode is disabled at all levels, by default. You can enable it from the webUI or the CLI. The appliance mode option for the system is available to users with admin access under
SYSTEM SETTINGS
General
 in the webUI. For tenants, it is available in the webUI under
TENANT MANAGEMENT
Tenant Deployments
.
These are the effects of enabling appliance mode at each of the different levels.
System-level appliance mode
  • Root or Bash access is disabled on the system.
  • Console access: Root or Bash access is disabled on the system. Users can log in to the system CLI from the console using an admin account.
Tenant appliance mode
  • Root access to the tenant is disabled by all means. Bash access is disabled for users (with a terminal shell flag enabled) inside the tenant.
  • Users can access the tenant only through the webUI or the CLI.
  • Tenant console access: Users can log in to the CLI from the virtual console using an admin account (with a terminal shell flag enabled).

Configure appliance mode from the webUI

You can enable appliance mode if you want to disable all root and Bash shell access.
From the webUI, appliance mode disables root and Bash access. You can enable or disable the appliance mode.
The appliance mode option for tenants is available in the chassis partition webUI under
TENANT MANAGEMENT
Tenant Deployments
.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    General
    .
  3. For
    Appliance Mode
    , select
    Enabled
     to enable it, or
    Disabled
     to disable it (the default).
  4. Click
    Save
    .
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information