Manual Chapter : Licensing and Initial Setup

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.3.0
Manual Chapter

Default administrator and root user names and passwords

You access BIG-IQ with the following administrative user roles and a default password. For security purposes, you should change these passwords after you license the system (during initial setup), and at regular intervals.

Default User Type Default Password Access Rights / Role
admin admin This user type can access all aspects of the BIG-IQ system from the system's user interface.
root default This user has access to all aspects of the BIG-IQ system from the system's console command line.

Open ports required for device management

F5® BIG-IQ® Centralized Management must have bilateral communication with the devices in your network to successfully manage them. For this communication, the following ports must be open to allow for the required two-way communication. You might have to contact a firewall or network administrator to verify that these ports are open (they are by default), or have them opened if they aren't.

Open Port Purpose
TCP 443 (HTTPS) and TCP 22 (SSH) Discovering, monitoring, configuring BIG-IP devices running versions 11.5.0-11.6.0
TCP 443 (HTTPS) Discovering, monitoring, configuring BIG-IP devices running versions 12.0.0 and later
TCP 443 (HTTPS) Replicating and synchronizing BIG-IQ systems

How do I license and do the basic setup to start using BIG-IQ?

F5® BIG-IQ® Centralized Management runs as a virtual machine in supported hypervisors, or on the BIG-IQ 7000 series platform. After you download the software image from the F5 Downloads site and upload it to BIG-IQ, you can license the system using the base registration key you purchased. The base registration key is a character string the F5 license server uses to provide BIG-IQ a license to access the features you purchased.

You license BIG-IQ in one of the following ways:

  • If the system has access to the Internet, you can have the BIG-IQ system contact the F5 license server and automatically activate the base registration key to get a license.
  • If the system is not connected to the Internet, you can manually license the BIG-IQ using the F5 license server web portal.
  • If the system is in a closed-circuit network (CCN) that does not allow you to export any encrypted information, you must open a case with F5 support at: https://support.f5.com/csp/my-support/home

When licensing BIG-IQ, you:

  1. Activate the license.
  2. Accept the EULA
  3. Specify the system personality (BIG-IQ Centralized Management or Data Collection Device).
  4. Specify a host name, and IP addresses for the management port, DNS server, and network time protocol (NTP) servers.
  5. Specify the master key pass phrase.
  6. Change the default admin and root passwords.

Automatic license and initial setup for BIG-IQ

You must have a base registration key before you can license the BIG-IQ® system. If you do not have a base registration key, contact the F5 Networks sales group (f5.com).
If the BIG-IQ® system is connected to the public internet, you can follow these steps to automatically perform the license activation and perform the initial setup.
  1. Use a browser to log in to BIG-IQ by typing https://<management_IP_address> , where <management_IP_address> is the address you specified for device management.
  2. In the Base Registration Key field, type or paste the BIG-IQ registration key.
    Important: If you are setting up a data collection device, you have to use a registration key that supports a data collection device license.
  3. In the Add-On Keys field, paste any additional license key you have.
  4. To add another additional add-on key, click the + sign and paste the additional key in the new Add-On Keys field.
  5. For the Activation Method setting, select Automatic, and click the Activate button.
  6. Click Next.
    If you are setting up this device for the first time, the Accept User Legal Agreement screen opens.
  7. To accept the license agreement, click the Agree button.
  8. Click the Next button at the bottom of the screen.
    If your license supports both BIG-IQ Data Collection Device and BIG-IQ Central Management Console, the System Personality screen displays. Otherwise the Management Address screen opens.
  9. If you are prompted with the System Personality screen, select the option you're licensed for, and then click OK. If you are not prompted, proceed to the next step.
    Important: You cannot undo this choice. Once you license a device as a BIG-IQ Management Console, you can't change your mind and license it as a Data Collection Device.
    The Management Address screen opens.
  10. In the Hostname field, type a fully-qualified domain name (FQDN) for the system.
    You cannot change this name after you add it. The FQDN can consist of letters and numbers, as well as the characters underscore ( _ ), dash ( - ), or period ( . ).
  11. In the Management Port IP Address and Management Port Route fields, type the IP address for the management port IP address and route.
    Note: The management port IP address must be in Classless Inter-Domain Routing (CIDR) format. For example: 10.10.10.10/24.
  12. Specify what you want the BIG-IQ to use for the Discovery Address.
    • To use the management port, select Use Management Address.
    • To use the internal self IP address, select Self IP Address, and type the IP address.
      Important: If you are configuring a data collection device, you must use the internal self IP address.
      Note: The self IP address must be in Classless Inter-Domain Routing (CIDR) format. For example: 10.10.10.10/24.
  13. In the DNS Lookup Servers field, type the IP address of your DNS server.
    You can click the Test Connection button to verify that BIG-IQ can reach that IP address.
  14. In the DNS Search Domains field, type the name of your search domain.
    The DNS search domain list allows the BIG-IQ system to search for local domain lookups to resolve local host names.
  15. In the Time Servers field, type the IP addresses of your Network Time Protocol (NTP) server.
    You can click the Test Connection button to verify that BIG-IQ can reach the IP address.
  16. From the Time Zone list, select your local time zone.
  17. Click the Next button at the bottom of the screen.
    The Master Key screen opens.
  18. For the Passphrase, type a phrase that satisfies the requirements specified on screen, and then type the same phrase for Confirm Passphrase.
    Important: You can enter this pass phrase only once. You cannot change it without resetting the device. The system uses the pass phrase to generate a Master Key. For you to configure High Availability or a Data Collection Device cluster, this pass phrase must be the same on all devices. If the pass phrase is not the same, you must reset and configure those devices with the same pass phrase.
  19. In the Old Password fields, type the default admin and root passwords, and then type a new password in the Password and Confirm Password fields.
  20. Click the Next button at the bottom of the screen.
    The screen Summary displays the details you just specified for this device configuration.
  21. If the details are as you intended, click Launch to continue; if you want to make corrections, use the Previous button to navigate back to the screen you want to change.

Manual license and initial setup for BIG-IQ

You must have a base registration key before you can license the BIG-IQ® system. If you do not have a base registration key, contact the F5 Networks sales group (f5.com).
If the BIG-IQ® system is not connected to the public internet, you can follow these steps to contact the F5 license web portal then perform the initial setup.
  1. Use a browser to log in to BIG-IQ by typing https://<management_IP_address> , where <management_IP_address> is the address you specified for device management.
  2. In the Base Registration Key field, type or paste the BIG-IQ registration key.
    Important: If you are setting up a data collection device, you have to use a registration key that supports a data collection device license.
  3. In the Add-On Keys field, paste any additional license key you have.
  4. For the Activation Method setting, select Manual and click the Generate Dossier button.
    The BIG-IQ system refreshes and displays the dossier in the Device Dossier field.
  5. Select and copy the text displayed in the Device Dossier field.
  6. Click the Access F5 manual activation web portal link.
    The Activate F5 Product site opens.
  7. Into the Enter your dossier field, paste the dossier.
    Alternatively, if you saved the file, click the Choose File button and navigate to it.
    After a pause, the screen displays the license key text.
  8. Click Next.
    If you are setting up this device for the first time, the Accept User Legal Agreement screen opens.
  9. To accept the license agreement, select I have read and agree to the terms of this license, and click Next. button.
    The licensing server creates the license key text.
  10. Copy the license key.
  11. In the License Text field on BIG-IQ, paste the license text.
  12. Click the Activate License button.
  13. Click the Next button at the bottom of the screen.
    If your license supports both BIG-IQ Data Collection Device and BIG-IQ Central Management Console, the System Personality screen displays. Otherwise the Management Address screen opens.
  14. If you are prompted with the System Personality screen, select the option you're licensed for, and then click OK. If you are not prompted, proceed to the next step.
    Important: You cannot undo this choice. Once you license a device as a BIG-IQ Management Console, you can't change your mind and license it as a Data Collection Device.
    The Management Address screen opens.
  15. In the Hostname field, type a fully-qualified domain name (FQDN) for the system.
    You cannot change this name after you add it. The FQDN can consist of letters and numbers, as well as the characters underscore ( _ ), dash ( - ), or period ( . ).
  16. In the Management Port IP Address and Management Port Route fields, type the IP address for the management port IP address and route.
    Note: The management port IP address must be in Classless Inter-Domain Routing (CIDR) format. For example: 10.10.10.10/24.
  17. In the DNS Lookup Servers field, type the IP address of your DNS server.
    You can click the Test Connection button to verify that BIG-IQ can reach that IP address.
  18. In the DNS Search Domains field, type the name of your search domain.
    The DNS search domain list allows the BIG-IQ system to search for local domain lookups to resolve local host names.
  19. In the Time Servers field, type the IP addresses of your Network Time Protocol (NTP) server.
    You can click the Test Connection button to verify that BIG-IQ can reach the IP address.
  20. From the Time Zone list, select your local time zone.
  21. Click the Next button at the bottom of the screen.
    The Master Key screen opens.
  22. For the Passphrase, type a phrase that satisfies the requirements specified on screen, and then type the same phrase for Confirm Passphrase.
    Important: You can enter this pass phrase only once. You cannot change it without resetting the device. The system uses the pass phrase to generate a Master Key. For you to configure High Availability or a Data Collection Device cluster, this pass phrase must be the same on all devices. If the pass phrase is not the same, you must reset and configure those devices with the same pass phrase.
  23. Click the Next button at the bottom of the screen.
    The Password screen opens.
  24. In the Old Password fields, type the default admin and root passwords, and then type a new password in the Password and Confirm Password fields.
  25. Click the Next button at the bottom of the screen.
    The screen Summary displays the details you just specified for this device configuration.
  26. If the details are as you intended, click Launch to continue; if you want to make corrections, use the Previous button to navigate back to the screen you want to change.