Applies To:

Show Versions Show Versions

Manual Chapter: Completing Post-Installation Tasks
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Now that you have installed the software on the BIG-IP® system, you are ready to configure the system. If you rolled forward a configuration from a previous software version, you can modify settings and properties of existing objects using the command line or the Configuration utility. If you are starting with a blank configuration, the first step after installation is running the Setup utility, which you must run initially from the Configuration utility.
When you access the Configuration utility, you specify the management IP address as the application URL. If you have not yet configured your workstation for access to the BIG-IP system through the management interface, see Configuring the management interface.
In the browsers address bar, type the following URL, where <default/alternate IP> is the IP address in use on the management interface IP address (as discovered in Determining which default IP address is in use).
At the logon prompt, type admin for the user name, and admin for the password (or, if you changed these, use the values you specified).
The Configuration utility opens.
Once you open a browser session to the Configuration utility, you can log on and run the Setup utility to begin the initial configuration of the BIG-IP system. The Setup utility covers basic networking configuration options such as system host name and IP address, static and floating self IP addresses, interfaces, and VLANs, time zone setting, administration accounts for root access to the command line and admin access to the Configuration utility, and other basic options for managing the device.
The Setup utility guides you through initial system set up, including specifying a root password, administrative password, and the IP addresses to be assigned to the management port.
You can run the Setup utility from the Configuration utility Welcome screen by clicking Run the Setup Utility. The Configuration utility opens to one of several locations, depending on where you are in the process of installation and licensing:
If the license on the system is updated, the system opens to the Setup utility choices screen. For information on configuring the system using the Setup utility, see Specifying settings in the Setup utility.
If you have completed installation, and you previously ran the Setup utility, the system opens to the Welcome screen. From here, you can provision the modules you have licensed (see Provisioning TMOS modules), or, if you have already completed provisioning, you can continue with additional system configuration (see Completing system configuration).
Important: Even if you typically use the command line to configure, you must first run the Setup utility from the browser-based Configuration utility before you can begin.
When you install the software or upgrade a version, you might already have an active license. If so, you can proceed to configure everything from the command line without ever accessing the Configuration utility. The first time you access the Configuration utility, however, the system starts the Setup utility, even if you have already configured all of the network settings the Setup utility needs. You can prevent the system from starting the Setup utility by setting a db key.
Note: If you have not already activated the license, you must use the browser-based Configuration utility to run the Setup utility to license the system for the first time. In that case, the system starts the Setup utility when you access the Configuration utility for the first time. For information about activating the license, see Activating the software license.
When you run the Setup utility, you set up some administrative accounts. Specifically, you set up the root, admin, and support accounts. The root and admin accounts are for use by BIG-IP system administrators, while the support account is for F5 Networks support personnel who require access to customer systems for troubleshooting purposes. For more information about these administrative accounts, see the TMOS® Management Guide for BIG-IP® Systems.
In addition to administrative accounts, the Setup utility guides you through the process of specifying other basic networking settings, such as the management IP address and port, the host name for the system, and settings for redundant system configurations. You can also elect to provide default VLAN information, or you can skip that step and configure those options on your own.
Note: As you proceed through the Setup utility, you can click the Help tab of the navigation pane for information about the settings on each screen.
After you have activated the license on the system, the Configuration utility prompts you for the basic configuration information for managing the system. This required information includes the following settings.
A basic description for each setting follows, to assist you in specifying settings on the Setup platform settings screen. You can also view the online help for setting definitions.
Note: Depending on the hardware you have and the settings you configure, you may see only some of the screen elements described here.
The management IP address, netmask, and management route that you assign to the unit (or cluster, on a multi-bladed chassis) provide access to the Configuration utility, and function as an identifier for the peer unit in a redundant system configuration. The preferred default IP address is The alternate IP address is The default netmask is
If you already specified the management interface IP address (for example, by using the procedure described in Adding an IP address, netmask, and default route using the LCD panel, or by using the config command on the command line), you do not need to do so again.
This is the name of the system. You must enter a fully qualified domain name (FQDN) for the system. This field allows only letters, numbers, and the characters underscore ( _ ), dash ( - ) and period ( . ).
The host IP address is the IP address that you want to associate with the host name. You can select Use Management Port IP Address to associate the host name with the management port's IP address. This is the default setting. Select Custom Host IP Address to type an IP address other than the management port's IP address.
A high availability system, or redundant system, consists of two units or blades that share configuration information, and serve as failover peers. If the system you are configuring is not a member of a redundant system, select Single Device. If the system is a member of a redundant system, select Redundant Pair.
Important: Beginning with version 10.0.0 of the software, a redundant system configuration must contain failover peer management addresses for each unit. If you roll forward a redundant system configuration from version 9.3.x or 9.4.x, the units start up in an offline state because each one needs a failover peer management address. To configure the failover peer management addresses, navigate to the Network Failover screen, available under High Availability on the System menu in the navigation pane, and specify the management IP address of the peer unit in the Peer Management Address field. Then do the same on the other unit in the redundant system. Once you specify both IP addresses, the system should operate as expected.
Note: In a redundant system that consists of two units, both units must be the same hardware platform. We do not support redundant systems consisting of differing hardware. For information about using VIPRION® systems, see the Configuration Guide for the VIPRION® System.
This setting identifies a member in a redundant system. The default number is 1. If this is the first member in the redundant system, use the default. When you configure the second member in the redundant system, select 2. The system uses these settings to determine which member becomes active first, should both peers come online simultaneously.
The time zone you select typically represents the location of the system. However, some networks specify a time zone to accommodate a more international aspect of the organization, such as Greenwich Mean Time (GMT), or the time zone representing the corporate headquarters. The system uses the time zone for the date and time of events recorded in logs.
Note: If you change the time zone, we recommend that you reboot the system to ensure that all of the services are in sync. If you do not reboot, it does not affect traffic or management functionality, but there is a possibility that some timestamps might be logged or displayed incorrectly, depending on which service has been restarted and which has not.
The root account provides only console access to this system. Type the password for the built-in account, root. In the Confirm box, retype the password that you typed in the Password box. If you mistype the password confirmation, the system prompts you to retype both entries.
The admin account provides only browser access to the system. Type the password for the built-in account, admin. In the Confirm box, retype the password that you typed in the Password box. If you mistype the password confirmation, the system asks you to retype both entries.
This setting enables the built-in account, support, for access to the system's command line and browser interface. If you activate the account, you must also supply a password and password confirmation. The technical support staff uses the support account to analyze the system if you need assistance with troubleshooting issues.
If you have enabled SSH access, you can specify the IP address or address range for other systems that can use SSH to communicate with the system. To grant unrestricted SSH access to all IP addresses, select *All Addresses. To specify a range, select Specify Range, and then type an address or address range in the box, to restrict SSH access to a block of IP addresses. For example, to restrict access to only systems on the network, type 192.168.*.*.
Once you have licensed the system, and configured the basic management settings, the configuration options screen opens in the Configuration utility. The configuration options screen contains two options for creating the traffic management configuration.
Basic Network Configuration
This configuration method starts the basic network configuration wizard. When you click the Next button, the wizard guides you through a basic network configuration that includes an internal and external VLAN, and interface configuration.
Advanced Network Configuration
If you already know the types of configurations you want to create, you can click the Finished button to exit the Setup utility. Use this configuration method when you want to create a custom VLAN configuration. If you use this method, after you click the Finished button, open the Network section on the Main tab of the navigation pane. The Network section provides access to the objects you commonly configure for traffic management, such as interfaces, routes, self IP addresses, VLANs, and so on.
Note: You can update the network configuration at any time by using the options that are available under the Network section on the Main tab of the navigation pane.
The license you receive from F5 Networks determines what software modules the BIG-IP system can support. The license ensures that you can activate all software modules you have purchased. An F5 license is applicable for the life of the system, or until you reactivate it, for example, by purchasing additional modules. The modules available for this version of the software include Local Traffic (LTM), Global Traffic (GTM), Link Controller (LC), Application Security (ASM), Protocol Security (PSM), WebAccelerator (WAM), and WAN Optimization (WOM).
When you have multiple modules on a BIG-IP system, you must portion CPU, memory, and disk space among the modules to make the modules functional. This process of assigning CPU, memory, and disk space to licensed software modules is called provisioning. Provisioning and licensing work together to make sure that software modules are accessible and appropriately provided with system memory and disk space.
You can determine which modules your license supports by checking the License screen, available in the System section on the Main tab of the navigation pane.
If you have a license for a module that you have not provisioned, the system posts an alert in the identification and messages area of the Configuration utility: Licensed yet unprovisioned: <modulename>, to let you know that you do not have provisioning specified for that module.
Important: Some modules require that you provision CPU, memory, and disk space before they are visible in the Configuration utility. If you do not see a module that you have licensed, first check to make sure you have provisioned CPU, memory, and disk space for it.
The system provides provisioning settings on the Resource Provisioning screen, available in the System section on the Main tab of the navigation pane.
When you click Resource Provisioning, the system presents a screen containing a color graph representing the current allocations for CPU cycles, system memory, and disk space (if the system uses Logical Volume Management (LVM) formatting), along with a section representing each module installed on the system. Each module has associated with it a unique color, which the allocation graph uses to visually represent the modules CPU, memory, and disk provisioning.
The system designates unlicensed modules with an (Unlicensed) label. The system also uses the (Unlicensed) label to represent modules whose licenses have expired.
Figure 4.1, following, shows a sample screen representing a system provisioned for Local Traffic Manager, Application Security Manager, and the WebAccelerator system.
The Dedicated setting specifies that this is the only active module. If you select the Dedicated setting for one module, the system resets other modules to the None (Disabled) setting. The Dedicated provisioning setting is primarily applicable for Application Security Manager and WebAccelerator systems installed in standalone configurations, that is, when a system contains no other installed modules, including Local Traffic Manager.
The Nominal setting allocates CPU, memory, and disk space in a way that is applicable for most typical configurations.
The Minimum setting allocates the smallest amount of CPU, memory, and disk space to the corresponding module.
The None (Disabled) setting indicates that there is no allocated CPU, memory, or disk space. When you select the None (Disabled) setting, the system allocates no CPU, memory, or disk space to the module. This is a typical setting for unlicensed modules. Depending on what you select or change, the system might require a reboot after provisioning or deprovisioning a module.
You can provision modules for which you are not licensed. This enables you to configure the system prior to obtaining a license. When you provision modules you are not licensed for, the system posts an alert in the identification and messages area of the Configuration utility: Provisioned yet unlicensed: <modulename> to let you know that you do not have a valid license for that module.
Important: If you provision CPU, memory, and disk space to a module whose license later expires, the system does not automatically reallocate that CPU, memory, and disk space. You should make sure to reprovision any CPU, memory, and disk space from modules with expired licenses to other modules whose licenses are currently active.
Warning: When provisioning multiple modules, you must provision the WAN Optimization Module last. WAN Optimization Module uses all of the free disk space remaining on the system, so provision all other modules first.
If you roll forward a configuration containing a licensed module, the system provisions the module at level Nominal. If you have more than one module licensed, the system provisions them all at level Nominal.
If you are rolling forward a standalone configuration of Application Security Manager (available only on a BIG-IP 4100) or the WebAccelerator system (available only on a BIG-IP 4500), the system uses the Dedicated provisioning level for the standalone module, and removes provisioning from all other modules, including Local Traffic Manager.
Important: If you are installing a license, but you are not rolling forward a configuration, the system does not provision any CPU, memory, or disk space. In order to see and access new modules you install, you must provision them first.
Once you finish running the Setup utility for the first time, and you provision any modules, you can continue configuring the system. For information about how to configure the BIG-IP system, you can reference the online help, available on the Help tab for each screen, and the associated guides, available in the AskF5SM Knowledge Base, at We recommend that you start with the TMOS® Management Guide for BIG-IP® Systems.
Each module has an associated configuration guide, which we recommend that you review. For example, if you are running the WAN Optimization Module, you should review the Configuration Guide for the BIG-IP® WAN Optimization Module.
Note: If you rolled forward a configuration, you should check to make sure that the configuration contains all of the objects you expect. In general, the upgrade process takes care of this for you, but you should always check to make sure the configuration contains all objects and settings you expect. For example, if you roll forward a configuration that contained the WebAccelerator system, the system presents the following message after the installation operation finishes: The WAM configuration being restored is version 9.4.3 but the current installation is version 10.0.0. The restored 9.4.3 WAM config files may require manual merging if they had been customised, and will NOT overwrite the 10.0.0 files. If your configuration had not been customised no merge is required.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)