This implementation describes how to upload antivirus and firewall libraries from OPSWAT to one BIG-IP Access Policy Manager device, and to install an antivirus and firewall library to that device, or to multiple devices in a device group.
To download OPSWAT OESIS library updates, you must have an account with OPSWAT, and be able to download software updates.
To synchronize installation between multiple devices, you configure a Sync-Only device group, which includes the devices between which you want to synchronize installation of updates. Device group setup requires establishing trust relationships between devices, creating a device group, and synchronization of settings.
When you have more than one BIG-IP device in a local trust domain, you can synchronize BIG-IP configuration data among those devices by creating a device group. A device group is a collection of BIG-IP devices that trust each other and synchronize their BIG-IP configuration data. If you want to exclude certain devices from ConfigSync, you can simply exclude them from membership in that particular device group.
You can synchronize some types of data on a global level across all BIG-IP devices, while synchronizing other data in a more granular way, on an individual application level to a subset of devices.
Before you configure device trust, you should consider the following:
The configuration process for a BIG-IP system entails adding the OPSWAT library update to one system, then installing it to that same system, or to a device group. You must pre-configure a device group to install the update to multiple systems.
Before you begin this task, verify that:
You perform this task to establish trust among devices on one or more network segments. Devices that trust each other constitute the local trust domain. A device must be a member of the local trust domain prior to joining a device group.
By default, the BIG-IP software includes a local trust domain with one member, which is the local device. You can choose any one of the BIG-IP devices slated for a device group and log into that device to add other devices to the local trust domain. For example, devices A, B, and C each initially shows only itself as a member of the local trust domain. To configure the local trust domain to include all three devices, you can simply log into device A and add devices B and C to the local trust domain. Note that there is no need to repeat this process on devices B and C.