F5 Networks BIG-IP®
system is a port-based, multilayer switch that supports virtual local area network (VLAN) technology. Because hosts within a VLAN can communicate at the data-link layer (Layer 2), a BIG-IP system reduces the need for routers and IP routing on the network. This in turn reduces equipment costs and boosts overall network performance. At the same time, the BIG-IP systems multilayer capabilities enable the system to process traffic at other OSI layers. The BIG-IP system can perform IP routing at Layer 3, as well as manage and secure TCP, UDP, and other application traffic at Layers 4 through 7. The following software modules provide comprehensive traffic management and security for all traffic types. The modules are fully integrated to provide efficient solutions to meet any network, traffic management, and security needs.
The BIG-IP system includes local traffic management features that help
you make the most of network resources such as web servers. Using the powerful Configuration utility, you can customize the way that the BIG-IP system processes specific types of protocol and application traffic. By using features such as virtual servers, server pools, profiles, and iRulesTM
, you ensure that traffic passing through the BIG-IP system is processed quickly and efficiently, while meeting all of your security needs. For more information, see the Configuration Guide for BIG-IP® Local Traffic Management
| || |BIG-IP Application Security Manager The Application Security Manager provides web application and web
services protection from application-layer attacks. The Application Security Manager protects Web applications from both generalized and targeted application layer attacks including buffer overflow, SQL injection, cross-site scripting, and parameter tampering.
The chapters in this guide provide step-by-step procedures for creating and
deploying three types of security policies for web applications and web services. For example, Chapter 5, Creating a Security Policy for Web Services
, describes how to configure and deploy a security policy for an XML-based web services application. Before you start configuring a security policy for your application, we recommend that you review the available documentation for the Application Security Manager.
In addition to this implementations guide, there are several other
documentation resources for the BIG-IP system. The entire documentation set for current (and past) releases is available on the F5 Technical Support web site, in the AskF5SM
Knowledge Base. You can access the technical support web site either from the Welcome screen in the Configuration utility, or from the web address, http://support.f5.com
. The documentation set is organized into the following documents and guides.
The platform guides include information about the physical BIG-IP
system. They also contain important environmental warnings and hazardous substance reports.
This guide provides detailed information about installing upgrades to the
BIG-IP system. It also provides information about licensing the BIG-IP system software and connecting the system to a management workstation or network.
| || |BIG-IP® Network and System Management Guide This guide contains any information you need to configure and maintain
the network and system-related components of the BIG-IP system. With this guide, you can perform tasks such as configuring VLANs, assigning self IP addresses, creating administrative user accounts, and managing a redundant system.
This guide contains any information you need for configuring the BIG-IP
system to manage local network traffic. With this guide, you can perform tasks such as creating virtual servers and load balancing pools, configuring application and protocol profiles, implementing health monitors, and setting up remote authentication.
This guide contains detailed configuration information for the application
security components of the BIG-IP system. With this guide, you can perform tasks such as creating application security classes, configuring security policies web applications and web services, and monitoring application security events.
All examples in this documentation use only private IP addresses. When you
set up the configurations we describe, you must use IP addresses suitable to your own network in place of our sample IP addresses.
When we first define a new term, the term is shown in bold italic text. For
example, a referrer
is a web page that calls other web objects, such as image files.
We refer to all products in the BIG-IP product family as BIG-IP systems.
We refer to the software modules by their name, for example, we refer to the Local Traffic Manager module as simply the Local Traffic Manager. If configuration information relates to a specific hardware platform, we note the platform.
We apply bold text to a variety of items to help you easily pick them out of a
block of text. These items include web addresses, IP addresses, utility names, most controls in the Configuration utility, and portions of commands, such as variables and keywords. For example, click the Apply Policy
button to make the security policy active.
We use italic text to denote a reference to another document. In references
where we provide the name of a book as well as a specific chapter or section in the book, we show the book name in bold, italic text, and the chapter/section name in italic text to help quickly differentiate the two. For example, you can find information about local traffic virtual servers in the Configuration Guide for BIG-IP® Local Traffic Management
, Chapter 2, Configuring Virtual Servers
We show actual, complete commands in bold Courier text. Note that we do
not include the corresponding screen prompt, unless the command is shown in a figure that depicts an entire command line screen. Table 1.1
explains additional special conventions used in command line syntax.
The Configuration utility is the browser-based graphical user interface for
the BIG-IP system. In the Configuration utility, the Main tab provides access to the application security configuration objects, as well as the network, system, and local traffic configuration objects. The Help tab contains context-sensitive online help for each screen.
shows the Welcome screen of the Configuration utility.
| || |The identification and messages area
The identification and messages area of the Configuration utility is the screen region that is above the navigation pane, the menu bar, and the body. In this area, you find the system identification, including the host name, and management IP address. This area is also where certain system messages display, for example Activation Successful, which appears after a successful licensing process.
| || |The navigation pane
The navigation pane, on the left side of the screen, contains the Main tab, the Help tab, and, the Search tab. The Main tab provides links to the major configuration objects. The Help tab provides context-sensitive help for each screen in the Configuration utility. The Search tab provides a quick way to locate local traffic objects.
| || |The menu bar
The menu bar, which is below the identification and messages area, and above the body, provides links to the additional configuration objects within each major object.
| || |The body
The body is the screen area where the configuration settings display.
In the Application Security
section of the navigation pane, the first time you click an object with the link icon (
), the Configuration utility opens a second screen that contains only application security configuration objects. To differentiate between the two instances, next to the F5 logo in the identification and messages area, the screen shows either BIG-IP®
or Application Security
. In this document, we refer to the navigation pane of the BIG-IP Configuration utility as simply the navigation pane. We refer to the navigation pane for the application security Configuration utility as the Application Security navigation pane.
| || |Microsoft®
Internet Explorer, version 5.0, 5.5, and 6.0
The Configuration utility has online help for each screen. The online help
contains descriptions of each control and setting on the screen. Click the Help tab in the left navigation pane to view the online help for a screen.
The Welcome screen in the Configuration utility contains links to many
useful web sites and resources, including the F5 Networks Knowledge Base, the F5 Solution Center, the F5 DevCentral web site, plug-ins, SNMP MIBs, and SSH clients.
The F5 Technical Support web site, http://support.f5.com
, provides the latest documentation for the product, including:
BIG-IP® Network and System Management Guide