The BIG-IQ® system is a tool that streamlines the management of F5 devices in your network. Because it is based on the same platform as BIG-IP® devices, it includes full product support, security patches, and internal and external security audits (AuthN and AuthZchecks).
Firewall managers use the BIG-IQ system to manage security firewalls for multiple devices from a central location. Firewall management includes discovering, editing, and deploying firewall configurations, as well as consolidating shared firewall objects. Once a firewall device is designated for central management, it is no longer managed locally unless there is an exceptional need.
Web-Application Security managers also use the BIG-IQ system to centrally manage policy files and attack-signature files. Multiple BIG-IP® devices can share the same policy and attack-signature files for filtering HTTP, HTTPS, and other web traffic for known attack patterns.
Network administrators use BIG-IQ Device to interact with all of the managed F5 devices in their network. This centralized management includes the ability upgrade F5 devices, update configurations, and reallocate licenses as needed.
Application Delivery Controller (ADC) offers you the flexibility to deploy software images, and configurations, and monitor and distribute licenses and license pools for managed BIG-IP devices.
To successfully manage devices in your network, including BIG-IQ peer systems, the BIG-IQ system requires communication over HTTPS port 443. The BIG-IQ administrator can provide fine-grained access to various roles, which are verified by authorization checks (AuthN and AuthZ). Authenticated users have access only to the resources explicitly granted by the BIG-IQ administrator. Additional security is provided through bidirectional trust and verification through key and certificate exchange and additional support for LDAP and RADIUS authentication.
The BIG-IQ system requires bilateral communication with the devices in your network in order to successfully manage them. For this communication, the following ports are open by default to allow for the required two-way communication.
|TCP 443 (HTTPS)||Discovering, monitoring, and configuring managed devices|
|TCP 443 (HTTPS) and TCP 22 (SSH)||Upgrade BIG-IP devices running version 11.4.0-11.6.0|
|TCP 443 (HTTPS)||Upgrade BIG-IP devices running version 12.0.0|
|TCP 443 (HTTPS)||Replicating and synchronizing BIG-IQ systems|
You can access all of the following BIG-IQ® system documentation from the AskF5™ Knowledge Base located at http://support.f5.com/.
|BIG-IQ® Centralized Management Virtual Editions Setup guides||BIG-IQ® Virtual Edition (VE) runs as a guest in a virtual environment using supported hypervisors. Each of these guides is specific to one of the hypervisor environments supported for the BIG-IQ system.|
|BIG-IQ® Centralized Management: Licensing and Initial Setup||This guide provides the network administrators with basic BIG-IQ system concepts and describes the tasks required to license and set up the BIG-IQ system in their network, including how to add users and assign roles to those users.|
|BIG-IQ® Centralized Management: Device||This guide provides details about how to deploy software images, licenses, and configurations to managed BIG-IP® devices.|
|BIG-IQ® Centralized Management: ADC||This guide provides details about how to centrally manage BIG-IP® Local Traffic Manager™ applications.|
|BIG-IQ®Centralized Management: Security||This guide contains information used to centrally manage BIG-IP® firewalls, policies, rule lists (as well as other shared objects), and users.|
|Platform Guide: BIG-IQ® 7000 Series||This guide provides information about setting up and managing the BIG-IQ 7000 hardware platform.|
|Release notes||Release notes contain information about the current software release, including a list of associated documentation, a summary of new features, enhancements, fixes, known issues, and available workarounds.|
|Solutions and Tech Notes||Solutions are responses and resolutions to known issues. Tech Notes provide additional configuration instructions and how-to information.|
The BIG-IQ® system interface is composed of panels. Each panel contains objects that correspond to a BIG-IQ feature. Depending on the number of panels and the resolution of your screen, some panels may be collapsed and show as colored bars on either side of the screen. You can cursor over the collapsed panels to locate the one you want, and click the panel to open. To associate items from different panels, click an object, and drag and drop it onto the object with which you want to associate it.