After you complete the initial hardware configuration, using the LCD panel, a computer connected to the WANJet appliance's serial port, or a secure shell (SSH), you can set up the WANJet appliance using a browser-based interface, called the Web UI. By default, you can access the Web UI from any computer that is connected to the network, and can run a web browser.
This chapter describes how to log on to the WANJet Web UI and perform the basic configuration required for the WANJet appliance to start processing traffic. This basic configuration is also covered on the Quick Start Card that ships in the box with the WANJet appliance. If you have already performed the basic configuration steps on the Quick Start Card, you do not need to repeat them.
After you finish installing and configuring the WANJet appliance, you use the Web UI to administer the appliance and perform additional configuration. You need to log on to the Web UI of each WANJet appliance using the admin account to fully configure it.
Another account called roadmin is available to log on to the Web UI with read-only access to the configuration settings. You log on the same as you do for the admin account using roadmin as the user name and default password.
For example, if the IP address of the appliance is 192.168.168.102, type https://192.168.168.102:10000 in the web browser. (If you set up the Management port, use the Management IP address instead of the IP address of the WANJet appliance.)
The Welcome screen opens where you can log on.
For example, if the IP address of the appliance is 192.168.168.102, type https://192.168.168.102:10000 in the web browser.
The Welcome screen opens where you can log on.
When you log on to the Web UI of a WANJet appliance, that appliance is considered to be the local WANJet appliance. All other WANJet appliances are remote WANJets appliances in relation to the one you are working on.
When you are logged on to the WANJet appliance, it remains available as long as you are using the Web UI. The WANJet appliance automatically logs you off after 30 minutes of inactivity.
The first screen that you see when you log on to the Web UI is the WANJet Status screen, which displays in the main browser frame. This screen displays a brief summary of the status, IP address, alias, and software version of each remote WANJet appliance. Figure 4.1 shows the parts of the Web UI.
For instructions on obtaining additional remote status information, refer to Status report , located in Chapter 8.
The Web UI, below the F5 logo, displays a variety of status indicators and shortcuts. This area, called the dashboard, is always visible, regardless of where you are in the Web UI.
The dashboard displays the following information:
For more information about each link, click the word Active on the screen to display the Remote Status report. For more information, see Status report , located in Chapter 8.
The navigation pane is the area on the left of the screen, below the dashboard. It includes five sections that you can expand:
To view other Web UI screens, expand a section in the navigation pane, on the left side of the screen, and click an option. Information displays in the main area of the screen. For example, if a step says to go to the Optimization Policy screen, expand Optimization and click Optimization Policy. The WANJet Optimization Policy screen replaces the WANJet Status screen in the main browser frame.
The main screen is the area of the Web UI that contains reports showing information about WANJet appliance operations, or fields where you can configure how the WANJet appliance works.
The following links always appear at the top right of the Web UI:
To maintain the security of the WANJet appliance, you should log off when you are done using it. Figure 4.2 shows the location of the Logout button. The WANJet appliance automatically logs you off after 30 minutes of inactivity for added security.
You must activate the license associated with your WANJet appliance after setting the addresses. The WANJet appliance cannot optimize traffic until the license is activated. If you followed the instructions in the Quick Start Card, you may have already activated the license. (If the license is already activated, the WANJet Status screen displays License: OK.)
You can activate the license automatically or by using the manual procedure. You only need to activate the license once. When you update the WANJet appliance in the future, the license information is retained.
The license purchased for the WANJet appliance is associated with the bandwidth of the WAN link. To increase the bandwidth of that link, you need to contact F5 to obtain a new license, then activate it.
Automatic activation is the easiest method (and is the default method) because the WANJet appliance directly contacts the F5 licensing server and handles the activation. However, in certain cases, you may need to manually activate the license. For example, follow the manual procedure if the WANJet appliance does not have a direct connection to the Internet, or if it resides behind a firewall that does not allow for a direct Internet connection. You can try the automatic method first, and if you receive a message concerning a connection failure, then try the manual method.
To manually activate the license, you need an administrative workstation with a connection to the WANJet appliance and the Internet.
You must set up WANJet appliances in pairs, with one appliance on each side of the WAN link. You can perform the configuration steps for both appliances either on each physical appliance, or from a single computer by logging on to the Web UI remotely.
Figure 4.3 shows two WANJet appliances that are deployed in a point-to-point configuration.
The WANJet appliances in this example are connected as follows:
For this example, basic WANJet appliance configuration includes the following steps:
You configure WANJet appliances in pairs to optimize the traffic that flows between them. A pair of WANJet appliances consists of a local WANJet appliance and a remote WANJet appliance, one on either side of a WAN link. A typical configuration might include one WANJet appliance in a data center where company servers reside, and a second WANJet appliance on the other side of the WAN in an office where employees work.
You can start by naming the first WANJet appliance in the pair.
If your local area network has multiple subnets connected through a router, you need to configure the local router IP address and add the local subnets that you want to optimize to the WANJet appliance. You can add specific subnets, or you can optimize all local subnets.
Once the WAN link between the WANJet appliance pair is up, subnet specifications are automatically exchanged between the appliances. So, for example, the local subnets specified on WANJet1 appear as remote subnets on WANJet2, and local subnets on WANJet 2 appear as remote subnets on WANJet 1.
Before performing the following steps, verify that you require additional subnets, and decide whether you want to optimize all of them or selected subnets.
Where /24 means that the first 24 bits of the address must match the local subnet address and the address of any host in the subnet is defined by the last 8 bits of the address. For example, 126.96.36.199 is a valid address for the subnet defined in this configuration example.
After you finish adding subnets to the first WANJet appliance, define the second appliance as a remote WANJet appliance of the first one.
After you finish configuring the first WANJet appliance, you can configure the second WANJet appliance in the pair. The second WANJet appliance must already be installed as described in the Quick Start Card included in the shipping box.
If you have defined a LAN router and added subnets for WANJet1, you must do the same for WANJet2, unless WANJet2 is on a simpler LAN. Refer to steps 1-11 in Configuring multiple subnets , for instructions.
After you have named the second WANJet appliance, define the first appliance as a remote WANJet appliance on the second WANJet appliance.
When the WAN link is established between the WANJet pair, the two WANJet appliances automatically exchange subnet specifications. For example, the local subnets that you specify for WANJet A become remote subnets for WANJet A in WANJet B's Remote WANJet appliance configuration information.
You can test the connectivity between the local and remote WANJet appliances by viewing the following details on each:
For additional information about WANJet appliance reports, such as those described in the following procedures, see Chapter 8, Monitoring Performance .
In the navigation pane, expand Reports and click Status.
A green light displays next to the IP address for remote WANJet appliances that are enabled and connected.
To view diagnostics
The initial configuration steps described in this chapter are only the minimal steps you need to take to establish a WAN link between two WANJet appliances and start optimizing traffic between the two.
When you have completed the initial configuration steps, we recommend (but do not require) that you perform additional administrative tasks, such as the following:
You can also fine-tune the optimization policies for the WANJet appliances. Refer to Creating optimization policies , located in Chapter 6.
One of the first steps we recommend for troubleshooting the WANJet appliance is to create a system snapshot immediately. It provides detailed information about the WANJet appliance, including:
Refer to System Snapshots , located in Chapter 8, for information on taking a system snapshot. You can provide the system snapshot to the F5 Networks Technical Support team to help resolve technical issues.
Some common problems are listed in Table 4.1 . If you are experiencing an issue that is not included in the following table, contact http://www.f5.com/customer_support/ for assistance.
I cannot ping the WANJet appliance.
Verify that the computer from which you are pinging has a valid network connection.
Try pinging other known devices.
Verify that you are using the correct IP address for the appliance, by reading it from the LCD display.
I can ping the WANJet appliance, but I cannot ping the WAN gateway.
Verify that the cabling is connected properly, as described in the Quick Start Card.
Make sure that you connected the gateway router to the WANJet appliance's WAN port, using the supplied crossover cable.
I cannot see that the WANJet appliance is optimizing traffic, or the optimization is extremely low.
Review your configuration of local and remote subnets at both appliances. You might have heavy traffic on a subnet that is not included in the WANJet appliance's configuration. You must include all subnets for which traffic should be optimized.
My browser connection times out when I attempt to access the Web UI.
Check to see that you are accessing the correct URL for the Web UI. If you enter just http:// followed by the WANJet appliance's IP address, it will not work. You must connect to port 10000 using the secure HTTPS protocol. For example: https://188.8.131.52:10000/
When I attempt to access the Web UI, I get a Page Not Found error.
If you are certain that you entered the URL correctly and the WANJet appliance appears to be running, it may indicate that the computer from which you are running your web browser does not have access to the Web UI. Although the default setting grants access to all machines, that setting can be changed to limit access based on IP address.
Use the LCD to add your computer's IP address to the list for access. After that, use the Web UI to change the access settings. For instructions, see Granting Web UI access , located in Chapter 5.
I can access the Login screen for the Web UI, but my browser connection times out when I try to log on.
This issue can occur when the WANJet appliance is not able to access the RADIUS authentication server or when the Timeout and NRetry variables are set too high. See To configure the WANJet appliance for remote RADIUS authentication , located in Chapter 5.
Log on as a local user, using the admin user name and a default password of admin (note that the local administrator may have changed the default password). After you are logged in, in the navigation pane, expand Security and click Remote Authentication, and verify that RADIUS authentication is enabled.
Review the Timeout and NRetry values. F5 Networks recommends a value of 3 for each of these settings. If these settings are too high, authentication might take a long time to fail, causing the connection to time out. For information, see Configuring remote authentication , located in Chapter 5.
The Link LED (for the WAN or LAN port) does not light up.
Verify that the cables are installed properly on the WANJet appliance.
Check to see if the ports on the WAN router and the LAN switch connected to the WANJet appliance are set to autonegotiate. If either port is forced to a specific link speed and duplex value, you must set the WANJet port to match this value. For information about resetting the NIC configuration (link speed and duplex value) for a WANJet port, see Changing the interface speed , located in Chapter 6.
F5 Networks strongly recommends that if you force the link for one of the WANJet ports, you force the link for both ports. This prevents link problems in pass-through mode if power to the WANJet device is lost.