Now that you have installed the software on the BIG-IP®
system, you are ready to configure the system. If you rolled forward a configuration from a previous software version, you can modify settings and properties of existing objects using the command line or the Configuration utility. If you are starting with a blank configuration, the first step after installation is running the Setup utility, which you must run initially from the Configuration utility.
When you access the Configuration utility, you specify the management IP
address as the application URL. If you have not yet configured your workstation for access to the BIG-IP system through the management interface, see Configuring the management interface
| |At the logon prompt, type admin
for the user name, and admin
for the password (or, if you changed these, use the values you specified).
The Configuration utility opens.
Once you open a browser session to the Configuration utility, you can log on
and run the Setup utility to begin the initial configuration of the BIG-IP system. The Setup utility covers basic networking configuration options such as system host name and IP address, static and floating self IP addresses, interfaces, and VLANs, time zone setting, administration accounts for root
access to the command line and admin
access to the Configuration utility, and other basic options for managing the device.
The Setup utility guides you through initial system set up, including
specifying a root password, administrative password, and the IP addresses to be assigned to the management port.
You can run the Setup utility from the Configuration utility Welcome screen
by clicking Run the Setup Utility
. The Configuration utility opens to one of several locations, depending on where you are in the process of installation and licensing:
When you install the software or upgrade a version, you might already have
an active license. If so, you can proceed to configure everything from the command line without ever accessing the Configuration utility. The first time you access the Configuration utility, however, the system starts the Setup utility, even if you have already configured all of the network settings the Setup utility needs. You can prevent the system from starting the Setup utility by setting a db
When you run the Setup utility, you set up some administrative accounts.
Specifically, you set up the root
, and support
accounts. The root
accounts are for use by BIG-IP system administrators, while the support
account is for F5 Networks support personnel who require access to customer systems for troubleshooting purposes. For more information about these administrative accounts, see the TMOS® Management Guide for BIG-IP® Systems
In addition to administrative accounts, the Setup utility guides you through
the process of specifying other basic networking settings, such as the management IP address and port, the host name for the system, and settings for redundant system configurations. You can also elect to provide default VLAN information, or you can skip that step and configure those options on your own.
After you have activated the license on the system, the Configuration utility
prompts you for the basic configuration information for managing the system. This required information includes the following settings.
A basic description for each setting follows, to assist you in specifying
settings on the Setup platform settings screen. You can also view the online help for setting definitions.
The management IP address, netmask, and management route that you
assign to the unit (or cluster, on a multi-bladed chassis) provide access to the Configuration utility, and function as an identifier for the peer unit in a redundant system configuration. The preferred default IP address is 192.168.1.245
. The alternate IP address is 192.168.245.245
. The default netmask is 255.255.255.0
This is the name of the system. You must enter a fully qualified domain
name (FQDN) for the system. This field allows only letters, numbers, and the characters underscore ( _
), dash ( -
) and period ( .
The host IP address is the IP address that you want to associate with the host
name. You can select Use Management Port IP Address
to associate the host name with the management port's IP address. This is the default setting. Select Custom Host IP Address
to type an IP address other than the management port's IP address.
A high availability system, or redundant system
, consists of two units or blades that share configuration information, and serve as failover peers. If the system you are configuring is not a member of a redundant system, select Single Device
. If the system is a member of a redundant system, select Redundant Pair
Important: Beginning with version 10.0.0 of the software, a redundant system
configuration must contain failover peer management addresses for each unit. If you roll forward a redundant system configuration from version 9.3.x or 9.4.x, the units start up in an offline state because each one needs a failover peer management address. To configure the failover peer management addresses, navigate to the Network Failover screen, available under High Availability
on the System menu in the navigation pane, and specify the management IP address of the peer unit in the Peer Management Address
field. Then do the same on the other unit in the redundant system. Once you specify both IP addresses, the system should operate as expected.
This setting identifies a member in a redundant system. The default number
. If this is the first member in the redundant system, use the default. When you configure the second member in the redundant system, select 2
. The system uses these settings to determine which member becomes active first, should both peers come online simultaneously.
The time zone you select typically represents the location of the system.
However, some networks specify a time zone to accommodate a more international aspect of the organization, such as Greenwich Mean Time (GMT), or the time zone representing the corporate headquarters. The system uses the time zone for the date and time of events recorded in logs.
Note: If you change the time zone, we recommend that you reboot the system to
ensure that all of the services are in sync. If you do not reboot, it does not affect traffic or management functionality, but there is a possibility that some timestamps might be logged or displayed incorrectly, depending on which service has been restarted and which has not.
account provides only console access to this system. Type the password for the built-in account, root
. In the Confirm
box, retype the password that you typed in the Password
box. If you mistype the password confirmation, the system prompts you to retype both entries.
account provides only browser access to the system. Type the password for the built-in account, admin
. In the Confirm
box, retype the password that you typed in the Password
box. If you mistype the password confirmation, the system asks you to retype both entries.
This setting enables the built-in account, support
, for access to the system's command line and browser interface. If you activate the account, you must also supply a password and password confirmation. The technical support staff uses the support
account to analyze the system if you need assistance with troubleshooting issues.
If you have enabled SSH access, you can specify the IP address or address
range for other systems that can use SSH to communicate with the system. To grant unrestricted SSH access to all IP addresses, select *All Addresses
. To specify a range, select Specify Range
, and then type an address or address range in the box, to restrict SSH access to a block of IP addresses. For example, to restrict access to only systems on the 192.168.0.0
network, type 192.168.*.*
Once you have licensed the system, and configured the basic management
settings, the configuration options screen opens in the Configuration utility. The configuration options screen contains two options for creating the traffic management configuration.
| || |Basic Network Configuration
This configuration method starts the basic network configuration wizard. When you click the Next
button, the wizard guides you through a basic network configuration that includes an internal and external VLAN, and interface configuration.
| || |Advanced Network Configuration
If you already know the types of configurations you want to create, you can click the Finished
button to exit the Setup utility. Use this configuration method when you want to create a custom VLAN configuration. If you use this method, after you click the Finished
button, open the Network
section on the Main tab of the navigation pane. The Network
section provides access to the objects you commonly configure for traffic management, such as interfaces, routes, self IP addresses, VLANs, and so on.
The license you receive from F5 Networks determines what software
modules the BIG-IP system can support. The license ensures that you can activate all software modules you have purchased. An F5 license is applicable for the life of the system, or until you reactivate it, for example, by purchasing additional modules. The modules available for this version of the software include Local Traffic (LTM), Global Traffic (GTM), Link Controller (LC), Application Security (ASM), Protocol Security (PSM), WebAccelerator (WAM), and WAN Optimization (WOM).
When you have multiple modules on a BIG-IP system, you must portion
CPU, memory, and disk space among the modules to make the modules functional. This process of assigning CPU, memory, and disk space to licensed software modules is called provisioning
. Provisioning and licensing work together to make sure that software modules are accessible and appropriately provided with system memory and disk space.
You can determine which modules your license supports by checking the
License screen, available in the System
section on the Main tab of the navigation pane.
If you have a license for a module that you have not provisioned, the system
posts an alert in the identification and messages area of the Configuration utility: Licensed yet unprovisioned: <modulename>
, to let you know that you do not have provisioning specified for that module.
The system provides provisioning settings on the Resource Provisioning
screen, available in the System
section on the Main tab of the navigation pane.
When you click Resource Provisioning
, the system presents a screen containing a color graph representing the current allocations for CPU cycles, system memory, and disk space (if the system uses Logical Volume Management (LVM) formatting), along with a section representing each module installed on the system. Each module has associated with it a unique color, which the allocation graph uses to visually represent the modules CPU, memory, and disk provisioning.
The system designates unlicensed modules with an (Unlicensed)
label. The system also uses the (Unlicensed)
label to represent modules whose licenses have expired.
, following, shows a sample screen representing a system provisioned for Local Traffic Manager, Application Security Manager, and the WebAccelerator system.
| || |The Dedicated
setting specifies that this is the only active module. If you select the Dedicated
setting for one module, the system resets other modules to the None (Disabled)
setting. The Dedicated
provisioning setting is primarily applicable for Application Security Manager and WebAccelerator systems installed in standalone configurations, that is, when a system contains no other installed modules, including Local Traffic Manager.
| || |The Nominal
setting allocates CPU, memory, and disk space in a way that is applicable for most typical configurations.
| || |The Minimum
setting allocates the smallest amount of CPU, memory, and disk space to the corresponding module.
| || |The None (Disabled)
setting indicates that there is no allocated CPU, memory, or disk space. When you select the None (Disabled)
setting, the system allocates no CPU, memory, or disk space to the module. This is a typical setting for unlicensed modules. Depending on what you select or change, the system might require a reboot after provisioning or deprovisioning a module.
You can provision modules for which you are not licensed. This enables you
to configure the system prior to obtaining a license. When you provision modules you are not licensed for, the system posts an alert in the identification and messages area of the Configuration utility: Provisioned yet unlicensed: <modulename>
to let you know that you do not have a valid license for that module.
If you roll forward a configuration containing a licensed module, the system
provisions the module at level Nominal
. If you have more than one module licensed, the system provisions them all at level Nominal
If you are rolling forward a standalone configuration of Application Security
Manager (available only on a BIG-IP 4100) or the WebAccelerator system (available only on a BIG-IP 4500), the system uses the Dedicated
provisioning level for the standalone module, and removes provisioning from all other modules, including Local Traffic Manager.
Once you finish running the Setup utility for the first time, and you
provision any modules, you can continue configuring the system. For information about how to configure the BIG-IP system, you can reference the online help, available on the Help tab for each screen, and the associated guides, available in the AskF5SM
Knowledge Base, at https://support.f5.com
. We recommend that you start with the TMOS® Management Guide for BIG-IP® Systems
Each module has an associated configuration guide, which we recommend
that you review. For example, if you are running the WAN Optimization Module, you should review the Configuration Guide for the BIG-IP® WAN Optimization Module
Note: If you rolled forward a configuration, you should check to make sure that
the configuration contains all of the objects you expect. In general, the upgrade process takes care of this for you, but you should always check to make sure the configuration contains all objects and settings you expect. For example, if you roll forward a configuration that contained the WebAccelerator system, the system presents the following message after the installation operation finishes: The WAM configuration being restored is version 9.4.3 but the current installation is version 10.0.0. The restored 9.4.3 WAM config files may require manual merging if they had been customised, and will NOT overwrite the 10.0.0 files. If your configuration had not been customised no merge is required.