Applies To:
Show Versions
BIG-IQ Security
- 4.2.0
Overview: BIG-IQ ASM
BIG-IQ ASM enables enterprise-wide management and configuration of multiple BIG-IP devices from a central management platform. You can centrally manage BIG-IP devices and security policies, and import policies from files on those devices.
For each device discovered, an additional virtual server is created to hold all security policies that are not related to any virtual server on the device. To deploy a policy to a device, the policy must be attached to one of the device's virtual servers. Policies can be deployed to a device that already has the policy by overwriting it. If the policy does not yet exist on the device, you have the option to deploy it as a new policy attached to an available virtual server or as an inactive policy.
From this central management platform, you can perform the following actions through a REST API:
- Import ASM policies from files.
- Import ASM policies from discovered devices.
- Distribute policies to devices.
- Export policies, including an option to export policy files in XML format.
About BIG-IQ roles
Different users have different responsibilities. Therefore, system administrators need a way to differentiate between users to limit user privileges based on those responsibilities.
To assist administrators with this, the BIG-IQ ASM module provides these default roles:
- Administrator
- This role has access to all BIG-IQ modules, including ASM.
- ASM Manager
- This role has administrator-level rights for the BIG-IQ ASM module only.
Roles persist and are available after a BIG-IQ system failover. You can associate multiple roles with a given user.
About BIG-IQ users
BIG-IQ Application Security Manager(ASM) provides these default users:
- admin
- This user can assign roles to users, but cannot access the command shell or system console.
- root
- This user can access the system console.
Users persist and are available after a BIG-IQ system failover.
Creating users
- Log in with administrator credentials.
- At the top of the screen in the black banner, hover over System and click Users.
- Hover in the Users banner and click the + icon.
-
Edit the fields as required.
Option Description User name Enter the user's login name. Full Name Enter the user's actual name. This field can contain a combination of symbols, letters (upper and lowercase), numbers and spaces. Password Enter the password for this user. Confirm Password Retype the password. - Click Add to save your edits and create the user. Click Cancel to close the panel without saving your entries.
Associating users with roles
- Log in with administrator credentials.
- At the top of the screen in the black banner, hover over System and click Users.
- In the Users panel, click the user that you want to associate with a role and drag-and-drop the user onto the role (Roles panel). Conversely, you can also drag-and-drop the role onto the user.
Disassociating users from roles
- Log in with administrator credentials.
- At the top of the screen in the black banner, hover over System and click Users.
- In the Roles panel, hover over the role that contains the user you want to disassociate and click the gear icon.
- To the right of Active Users, view the list of users associated with the role.
- Click the x icon next to the user that you want to disassociate from the role.
- Click Save.
