F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Security
  4. BIG-IQ Web Application Security Administration
  5. Device Management
Manual Chapter : Device Management

Applies To:

Show Versions Show Versions

BIG-IQ Security

  • 4.3.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Overview: BIG-IQ device management

The process of designating a device for central management by BIG-IQ Web Application Security is known as discovery.

Once a BIG-IP device is discovered, all security policies and virtual servers on the device come under management by the BIG-IQ system.

For each device discovered, the system creates an extra virtual server to hold all policies not related to any virtual server in the discovered device.

After discovery, BIG-IQ Web Application Security enables a view of devices and properties, policies, and virtual servers associated with those devices and a way to perform device-specific and policy-specific actions.

To view all devices managed by BIG-IQ Web Application Security, navigate to the Devices panel.

Discovering devices

Before discovering one or more BIG-IP devices, required BIG-IQ components must be installed and kept up-to-date on those BIG-IP devices.
Once a device is under central management, information about the device and objects stored on the device are located in the BIG-IQ database, which is the authoritative source for all configuration objects.
Note: Do not manage the BIG-IP device locally. If you make changes locally, you (or another Administrator) might overwrite those changes when performing a deployment from the BIG-IQ system.
  1. To begin the discovery process, navigate to the Devices panel. At first login, this panel is empty because there are no discovered devices.
  2. Hover over the Devices header and click the + icon to display the property fields for a new device.
  3. Edit the property fields as required.
    Option Description
    Device Address Enter the internal self IP for the BIG-IP device.
    Note: Each managed device must be configured with a communication route from its internal self IP or management IP address to a BIG-IQ system internal self IP address on a configured BIG-IP VLAN. Otherwise, discovery will fail. F5 recommends that you use a self IP address (on the BIG-IP device) in order to gain access to additional functionality that is not provided through the management port.
    User Name Enter the user's login name. For example: admin.
    Password Enter the password for this user.
    Auto Update Framework Select this check box to force an update of the REST framework on the BIG-IP device.

    Certain BIG-IQ system components should be installed and kept up-to-date on all BIG-IP devices brought under central management. These components provide a REST framework that supports the required Java-based management services.
    Check box Clear this check box (the default setting) to ensure that the discovery process does not overwrite the source of imported policies already on the BIG-IQ system.
  4. Click Add.
After discovery, the BIG-IP device is listed in the Devices panel by its FQDN and internal self IP address.

Monitoring device health and performance

Before you can view device properties and health, you must discover at least one device.
With the BIG-IQ system, you can easily assess the health and performance of your network.
  1. Navigate to the Devices panel.
  2. Hover over the banner of the device you want to monitor and when the gear icon appears, click it to expand the panel.
  3. In the expanded panel, view health data under device properties.

Displaying policy properties

With BIG-IQ Web Application Security, you can easily view device properties.
  1. To display properties for an individual device, hover over the header for that device (in the Devices panel).
  2. Click the gear icon to display and expand the panel containing device properties.

Device properties

Device properties are displayed for informational purposes and are read-only, except the check box options.

Device properties Description
Host Name Fully-qualified domain name (FQDN), identified at discovery time.
Management Address Management address of the BIG-IP device, used for communication between it and the BIG-IQ system.
Product Product identification.
Version Version and hotfix level of the device under management.
Status Active/Inactive.
Check box Used during discovery or rediscovery processes to allow (or prevent) the overwriting of imported policies that already exist on BIG-IQ Web Application Security.
Signature file properties Description
Version Device current signature file version.
Auto update enabled Check box used to enable automatic Update & push for signature files.

About rediscovering devices

Once configurations are in sync between BIG-IP devices and the BIG-IQ Web Application Security system, there is seldom a need to rediscover a BIG-IP device.

However, some scenarios that might require rediscovery include:

  • Additions, deletions, or changes made to self IPs or virtual servers on the BIG-IP device.
  • Changes to security policies made locally on the BIG-IP device.
  • Updates made to the BIG-IP device's software that need to be recognized by BIG-IQ Web Application Security.

If any of these scenarios occur, you must rediscover to reconcile any changes with the configuration maintained on BIG-IQ Web Application Security. If you do not reconcile changes, a subsequent deployment process will overwrite any changes made locally.

The rediscovery process is modal. This means that once rediscovery starts, the process blocks you from performing any other tasks or interacting with BIG-IQ Web Application Security in any way until the process completes or is canceled.

Rediscovering devices

If configurations fall out of sync between BIG-IQ Web Application Security and managed BIG-IP devices, you can rediscover devices to bring the systems back into sync.
  1. To begin the rediscovery process, navigate to the Devices panel.
  2. Hover in the header for the device you want to rediscover, and then click the gear icon to display the expanded panel containing device properties and actions. You cannot change any properties displayed on this screen.
  3. In the expanded panel, click Rediscover. During rediscovery, a Cancel Task button appears in the dialog box after the task has identified the device and started importing policies. If you click Cancel Task, the import is canceled and management authority over the device is rescinded.
You have completely removed the BIG-IP device and all related entities (policies and virtual servers) and rediscovered the device.

If a policy has identified the device being rediscovered as its source, the policy source type is changed to FILE, which means that the device retains the policy's source file and it can be deployed to other devices.

Removing devices

BIG-IQ Web Application Security provides a way to rescind management authority (RMA) over BIG-IP devices. RMA removes the device and all related entities from the BIG-IQ database.
  1. To begin the removal process, navigate to the Devices panel.
  2. Hover in the Devices header and click the gear icon to display the expanded Properties panel.
  3. In the expanded Properties panel, click Remove.
The BIG-IP device and all related entities (security policies and virtual servers) are removed from the BIG-IQ system and the BIG-IP device can be managed locally.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information