Manual Chapter : BIG-IP FireGuard Controller guide v3.3: Introduction

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 3.3.1 PTF-06, 3.3.1 PTF-05, 3.3.1 PTF-04, 3.3.1 PTF-03, 3.3.1 PTF-02, 3.3.1 PTF-01, 3.3.0
Manual Chapter



Getting started

Before you start installing the controller, we recommend that you browse the Administrator Guide and find the load balancing solution that most closely addresses your needs. Briefly review the basic configuration tasks and the few pieces of information you should gather in preparation for completing the tasks, such as IP addresses and host names.

Once you find your solution and gather the necessary network information, turn to the Installation Guide for hardware installation instructions, and then return to the Administrator Guide to follow the steps for setting up your chosen solution.

Choosing a solution

Most firewall configurations are of one of four types, each of which is described below. In this guide, you can find a chapter devoted to each one of the common configurations that includes:

  • An overview of the configuration
  • A task summary, itemizing the tasks you must follow to implement the configuration
  • A diagram depicting a sample implementation of the configuration, with sample IP addresses and device names
  • Detailed instructions for the configuration tasks

Balancing traffic outbound to the Internet

This chapter describes load balancing a set of firewalls where clients in a network behind the firewall set request information from Internet servers.

Balancing traffic inbound to enterprise servers

This chapter describes a load balancing solution where clients on the Internet request information from a pair of enterprise servers behind the enterprise's set of firewalls.

Firewall load balancing for two-way traffic

This chapter discusses a unique load balancing scenario where BIG-IP Controllers load balance both inboun and outbound firewall traffic. In this scenario, clients on the Internet request information from an intranet behind the enterprise's set of firewalls, generating inbound traffic, and users behind the firewalls request information from Internet servers, generating outbound traffic.

Incorporating destination processing into two-way traffic firewall load balancing

This chapter also discusses load balancing for two-way traffic through firewalls, but it incorporates the destination processing feature, and it also uses a redundant system to load balance inbound traffic from the firewalls to the enterprise servers. In this scenario, clients on the Internet request information from a pair of enterprise servers behind the enterprise's set of firewalls, and users behind the firewalls request information from Internet servers.

Choosing a configuration tool

The BIG-IP Controller platform offers both web-based and command line configuration tools, so that users can work in the environment that they are most comfortable with.

The First-Time Boot utility

All users will use the First-Time Boot utility, a wizard that walks you through the initial system set up. The First-Time Boot utility automatically starts the first time you turn the controller on, and it prompts you to enter basic system information including a root password and the IP addresses that will be assigned to the network interfaces. The Installation Guide provides detailed information about the specific pieces of information that the First-Time Boot utility prompts you to enter.

The Configuration utility

The Configuration utility is a web-based administrative application that you use to configure and monitor the load balancing setup on the BIG-IP Controller. In the Configuration utility, you can view, change, or add any setting supported by the BIG-IP Controller. You can also monitor current system performance, and download administrative tools such as the SNMP MIB or the SSH client. The Configuration utility requires Netscape Navigator version 4.7 or later, or Microsoft Internet Explorer version 4.1 or later.

The bigpipe and bigtop command line utilities

The bigpipeTM utility is the command line counter-part to the Configuration utility. Using bigpipe commands, you can configure virtual servers, open ports to network traffic, and configure a wide variety of features. To monitor the BIG-IP Controller, you can use certain bigpipe commands, or you can use the bigtopTM utility, which provides real-time system monitoring. You can use the command line utilities directly on the BIG-IP Controller, or you can execute commands via a remote shell, such as the SSH client (included with the global release only), or a Telnet client (for countries restricted by cryptography export laws). The BIG-IP Controller Reference Guide provides detailed information about command line syntax.

Using the Administrator Kit

The BIG-IP® Controller Administrator Kit provides simple steps for quick, basic configuration, and also provides detailed information about more advanced features and tools, such as the bigpipe command line utility. The information is organized into the guides described below.

  • Installation Guide
    The Installation Guide walks you through the basic steps needed to get the hardware plugged in and the system connected to the network. Most users turn to this guide only the first time that they set up a BIG-IP Controller. The Installation Guide also covers general network administration issues, such as setting up common network administration tools including Sendmail.
  • Administrator Guide
    The Administrator Guide provides examples of common load balancing solutions supported by the particular type of BIG-IP Controller you purchased. For example, in the BIG-IP HA Controller Administrator Guide, you can find everything from a basic web server load balancing solution to a firewall load balancing solution.
  • Reference Guide
    The Reference Guide provides basic descriptions of individual BIG-IP objects, such as pools, nodes, and virtual servers. It also provides syntax information for bigpipe commands, configuration utilities, configuration files, and system utilities.
  • F-Secure SSH User Guide
    This guide is distributed only with BIG-IP Controllers that support the F-Secure SSH client (a tool used for remote command line access). It provides information about setting up and using the SSH client.

Stylistic conventions

To help you easily identify and understand certain types of information, all F5 Networks administrative documentation uses the stylistic conventions described below.

Warning: All examples in F5 Networks documentation use only non-routable IP addresses. When you set up the solutions we describe, you must use IP addresses suitable to your own network in place of our sample addresses.

Identifying new terms

When we first define a new term, the term is shown in bold italic text. For example, a virtual server is a the combination of an IP address and port that maps to a set of back-end servers.

Identifying references to objects, names, and commands

We apply bold text to a variety of items to help you easily pick them out of a block of text. These items include web addresses, IP addresses, utility names, and portions of commands, such as variables and keywords. For example, the bigpipe vip command requires that you include at least one <node> variable.

Identifying references to other documents

We use italic text to denote a reference to another document. In references where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about bigpipe commands in the bigpipe Command Reference section of the BIG-IP Controller Reference Guide.

Identifying command syntax

We show actual, complete commands in bold Courier text. Note that we do not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. For example, the following command sets the BIG-IP Controller load balancing mode to Round Robin:

bigpipe lb rr

Table 1 explains additional special conventions used in command line syntax.

Command line syntax conventions
Item in text Description
\ Continue to the next line without typing a line break.
< > You enter text for the enclosed item. For example, if the command has <your name>, type in your name.
| Separates parts of a command.
[ ] Syntax inside the square brackets is optional.
... Indicates that you can type a series of items.

Finding additional help and technical support resources

In addition to this administrator guide, you can find technical documentation about the BIG-IP Controller in the following locations:

  • Release notes
    The release note for the current version of the BIG-IP Controller is available from the web server on the BIG-IP Controller. The release note contains the latest information for the current version, including a list of new features and enhancements, a list of fixes, and, in some cases, a list of known issues.
  • Online help for BIG-IP Controller features
    You can find help online in three different locations:
    • The web server on the BIG-IP Controller has PDF versions of the guides included in the Administrator Kit. BIG-IP Controller upgrades replace these guides with updated versions as appropriate.
    • The web-based Configuration utility has online help for each screen. Simply click the Help button in the toolbar.
    • Individual bigpipe commands have online help, including command syntax and examples, in standard UNIX man page format. Simply type the command followed by the question mark option (-?), and the BIG-IP Controller displays the syntax and usage associated with the command.
  • Third-party documentation for software add-ons
    The web server on the BIG-IP Controller contains online documentation for all third-party software included with the BIG-IP Controller, such as GateD.
  • Technical support via the World Wide Web
    The F5 Networks Technical Support web site,, provides the latest technical notes, answers to frequently asked questions, updates for administrator guides (in PDF format), and the AskF5 natural language question and answer engine. To access this site, you need to obtain a customer ID and a password from the F5 Help Desk.

What's new in version 3.3

The BIG-IP Controller offers the following major new features in version 3.3, in addition to many smaller enhancements.

BIG-IP e-Commerce Controller

The BIG-IP e-Commerce Controller is a new member of the BIG-IP product family. You can use the BIG-IP e-Commerce Controller to process SSL connections to your network. This controller contains a specific set of software and hardware features that accelerate SSL connections.

BIG-IP Cache Load Balancer

This version of the BIG-IP Controller is available as the BIG-IP Cache Controller. The BIG-IP Cache Controller version contains a specific set of features from the BIG-IP Controller that maximizes the efficiency of caches in your network. In addition to the load balancing features available with this controller, this version of the controller has new rule syntax that provides the ability to redirect HTTP requests to caches in your network. These features include:

  • Cacheable content determination
    This feature enables you to determine the type of content you cache on the basis of any combination of elements in the header of an HTTP request.
  • Content affinity
    This feature assures that the same cache serves the same content subset even when caches become temporarily unavailable or when caches are added to or deleted from the cache pool.
  • Hot content load balancing
    When configured, this feature identifies highly requested content and redirects these requests to a hot pool for load balancing.
  • Intelligent cache population
    When configured, this feature allows caches to retrieve content from other caches in addition to the origin web server.

Performance enhancements

This version of the BIG-IP Controller includes internal performance enhancements. These enhancements improve the overall performance of the BIG-IP Controller.

Learning more about the BIG-IP Controller product family

The BIG-IP Controller platform offers many different software systems. These systems can be stand-alone, or can run in redundant pairs, with the exception of the BIG-IP e-Commerce Controller, which is only available as a stand-alone system. You can easily upgrade from any special-purpose BIG-IP Controller to the BIG-IP HA Controller, which supports all BIG-IP Controller features.

  • The BIG-IP LB Controller
    The BIG-IP LB Controller provides basic load balancing features.
  • The BIG-IP FireGuard Controller
    The BIG-IP FireGuard Controller provides load balancing features that maximize the efficiency and performance of a group of firewalls.
  • The BIG-IP Cache Controller
    The BIG-IP Cache Controller uses content-aware traffic direction to maximize the efficiency and performance of a group of cache servers.
  • The BIG-IP e-Commerce Controller
    The BIG-IP e-Commerce Controller uses SSL acceleration technology to increase the speed and reliability of the secure connections that drive e-commerce sites.
  • The BIG-IP HA Controller
    The BIG-IP HA Controller provides all features from the basic BIG-IP LB Controller to the advanced BIG-IP FireGuard, BIG-IP Cache Controller, and BIG-IP e-Commerce Controller products.

    Note: BIG-IP Controllers distributed outside of the United States to a select few countries, regardless of system type, do not support encrypted communications. They do not include the F-Secure SSH client, nor do they support SSL connections to the BIG-IP web server. Instead, you can use the standard Telnet, FTP, and HTTP protocols to connect to the unit and perform administrative functions.