Applies To:

Show Versions Show Versions

Manual Chapter: Performing Basic Configuration Tasks
Manual Chapter
Table of Contents   |   Next Chapter >>

About basic networking configuration terms

This list summarizes some basic networking configuration terms that you should know before you start configuring the BIG-IP® system and using Application Security Manager™.

HTTP class profile
An HTTP class profile with application security enabled on it. The class determines which traffic the Application Security Manager inspects. When you create an HTTP class that has application security enabled, the system automatically creates a corresponding security policy.
pool
A pool contains the web server or application server resources which host the web application that you want to protect with a security policy. You can create a local traffic pool, and then assign the pool to a virtual server. On Application Security Manager systems, you can create a pool as part of creating a security policy.
self IP address
An IP address that you associate with a VLAN, to access hosts in that VLAN. You create a self IP address and associate it with a VLAN.
virtual server
The virtual server processes incoming traffic for the web application you are securing. When you create a virtual server, you assign the HTTP class and pool to it. On Application Security Manager systems, you can create a virtual server, pool, and HTTP class as part of creating a security policy.
VLAN (virtual local area network)
A logical grouping of network devices. You create a VLAN and associate the physical interfaces on the BIG-IP system with the VLAN. You can use a VLAN to logically group devices that are on different network segments.

About basic networking configuration tasks

You must configure the BIG-IP system on your network before you can run the Application Security Manager™ (ASM™) Deployment wizard to create a security policy. Which specific tasks you need to perform depend on your company's networking configuration, and which of the other BIG-IP system features are in use.

For using ASM, the minimum networking configuration tasks that you need to perform are creating a VLAN and a self-IP for the system. During the process of creating a security policy, the system can help you complete other necessary configuration tasks, such as automatically creating an HTTP class with Application Security enabled, and creating a new virtual server and pool. For complex networking configurations that also use other BIG-IP features, you need to perform additional tasks described in the respective documentation.

Task summary

Creating a VLAN

VLANs represent a collection of hosts that can share network resources, regardless of their physical location on the network.
  1. On the Main tab, click Network > VLANs. The VLAN List screen opens.
  2. Click Create. The New VLAN screen opens.
  3. In the Name field, type a unique name for the VLAN.
  4. For the Interfaces setting, click an interface number from the Available list, and use the Move button to add the selected interface to the Untagged list. Repeat this step as necessary.
  5. Click Finished. The screen refreshes, and displays the new VLAN in the list.

Creating a self IP address for a VLAN

Ensure that you have at least one VLAN configured before you create a self IP address.
Self IP addresses enable the BIG-IP® system, and other devices on the network, to route application traffic through the associated VLAN.
  1. On the Main tab, click Network > Self IPs. The Self IPs screen opens.
  2. Click Create. The New Self IP screen opens.
  3. In the Name field, type a unique name for the self IP.
  4. In the IP Address field, type an IPv4 or IPv6 address. This IP address should represent the address space of the VLAN that you specify with the VLAN/Tunnel setting.
  5. In the Netmask field, type the network mask for the specified IP address.
  6. From the VLAN/Tunnel list, select the VLAN to associate with this self IP address. If creating a self IP address for an address space:
    • On the internal network, select the VLAN that is associated with an internal interface or trunk.
    • On the external network, select the VLAN that is associated with an external interface or trunk.
  7. Use the default values for all remaining settings.
  8. Click Finished. The screen refreshes, and displays the new self IP address in the list.
The BIG-IP system can now send and receive TCP/IP traffic through the specified VLAN.

About additional networking configuration

Depending on your network environment, you may need to configure the following additional networking features on the BIG-IP® system before you start creating security policies.

  • DNS
  • SMTP
  • NTP
  • Routes
  • Packet filters
  • Spanning tree
  • Trunks
  • ARP
  • Redundant systems

Several Application Security features require that the DNS server is on the DNS lookup server list (System > Configuration > Device > DNS). For example, integrating vulnerability assessment tools, web scraping mitigation, and external anti-virus protection usually require you to configure DNS servers on the BIG-IP system.

Table of Contents   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)