Applies To:

Show Versions Show Versions

Manual Chapter: Device Management
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: BIG-IQ device management

The process of designating a device for central management by BIG-IQ Application Security Manager(ASM) is known as discovery.

Once a BIG-IP device is discovered, all security policies and virtual servers on the device come under management by the BIG-IQ system.

For each device discovered, the system creates an extra virtual server to hold all policies not related to any virtual server in the discovered device.

After discovery, BIG-IQ ASM enables a view of devices and properties, policies, and virtual servers associated with those devices and a way to perform device-specific and policy-specific actions.

To view devices under management by BIG-IQ ASM, navigate to the Devices panel.

Discovering devices

Before discovering one or more BIG-IP devices, required BIG-IQ components must be installed and kept up-to-date on those BIG-IP devices. See the Auto Update Framework check box in the following procdure.
Once a device is under central management, information about the device and objects stored on the device are located in the BIG-IQ database, which is the authoritative source for all configuration objects.
Note: Do not manage the BIG-IP device locally. If you make changes locally, you (or another administrator) might overwrite those changes when performing a deployment from the BIG-IQ system.
  1. To begin the discovery process, navigate to the Devices panel. At first login, this panel is empty because there are no discovered devices.
  2. Hover in the Devices banner and click the + icon to display the property fields for a new device.
  3. Edit the property fields as required.
    Option Description
    Device Address Enter the internal self IP for the BIG-IP device.
    User Name Enter the user's login name. For example: admin.
    Password Enter the password for this user.
    Auto Update Framework Select this check box to force an update of the REST framework on the BIG-IP device.

    Certain BIG-IQ system components should be installed and kept up-to-date on all BIG-IP devices brought under central management. These components provide a REST framework that supports the required Java-based management services.

    Check box Clear this check box (the default setting) to ensure that the discovery process does not overwrite the source of imported policies already on the BIG-IQ system.
  4. Click Add.
After discovery, the BIG-IP device is listed in the Devices panel by its FQDN and internal self IP address.

Monitoring device health and performance

Before you can view device properties and health, you must discover at least one device.
With the BIG-IQ system, you can easily assess the health and performance of your network.
  1. Navigate to the Devices panel.
  2. Hover in the banner of the device you want to monitor and when the gear icon appears, click it to expand the panel.
  3. In the expanded panel, view health data under device properties.

Displaying policy properties

With BIG-IQ ASM, you can easily view device properties.
  1. To display properties for an individual device, hover over the banner for that device (in the Devices panel).
  2. Click the gear icon to display and expand the panel containing device properties.

Device properties

Device properties are displayed for informational purposes and are read-only, except the check box.

Device property Description
Host Name Fully-qualified domain name (FQDN), identified at discovery time.
Management Address Management address of the BIG-IP device, used for communication between it and the BIG-IQ system.
Product Product identification.
Version Version and hotfix level of the device under management.
Status Active/Inactive.
Check box Used during discovery or rediscovery processes to allow (or prevent) the overwriting of imported policies that already exist on BIG-IQ ASM.

About rediscovering devices

Once configurations are in sync between BIG-IP devices and the BIG-IQ Application Security Manager (ASM) system, there is seldom a need to rediscover a BIG-IP device.

However, some scenarios that might require rediscovery include:

  • Additions, deletions, or changes made to self IPs or virtual servers on the BIG-IP device.
  • Changes to security policies made locally on the BIG-IP device.
  • Updates made to the BIG-IP device's software that need to be recognized by BIG-IQ ASM.

If any of these scenarios occur, you must rediscover to reconcile any changes with the configuration maintained on BIG-IQ ASM. If you do not reconcile changes, a subsequent deployment process will overwrite any changes made locally.

The rediscovery process is modal. This means that once rediscovery starts, the process blocks you from performing any other tasks or interacting with BIG-IQ ASM in any way until the process completes or is canceled.

During rediscovery, a Cancel Task button appears in the dialog box after the task has identified the device and started importing policies. If you click Cancel Task, the import is canceled and management authority over the device is rescinded.

Rediscovering devices

If configuration fall out of sync between BIG-IQ ASM and managed BIG-IP devices, you can rediscover devices to bring the systems back into sync.
  1. To begin the rediscovery process, navigate to the Devices panel.
  2. Hover in the banner for the device you want to rediscover, and then click the gear icon to display the expanded panel containing device properties and actions. You cannot change any properties displayed on this screen.
  3. In the expanded panel, click Rediscover.
You have completely removed the BIG-IP device and all related entities (policies and virtual servers) and rediscovered the device.

If a policy has identified the device being rediscovered as its source, the policy source type is changed to FILE, which means that the device retains the policy's source file and it can be deployed to other devices.

Removing devices

BIG-IQ ASM provides a way to rescind management authority (RMA) over BIG-IP devices. RMA removes the device and all related entities from the BIG-IQ database.
  1. To begin the removal process, navigate to the Devices panel.
  2. Hover in the Devices banner and click the gear icon to display the expanded Properties panel.
  3. In the expanded Properties panel, click Remove.
The BIG-IP device and all related entities (security policies and virtual servers) are removed from the BIG-IQ system and the BIG-IP device can be managed locally.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Additional Comments (optional)