The process of designating a device for central management by BIG-IQ Application Security Manager(ASM) is known as discovery.
Once a BIG-IP device is discovered, all security policies and virtual servers on the device come under management by the BIG-IQ system.
For each device discovered, the system creates an extra virtual server to hold all policies not related to any virtual server in the discovered device.
After discovery, BIG-IQ ASM enables a view of devices and properties, policies, and virtual servers associated with those devices and a way to perform device-specific and policy-specific actions.
To view devices under management by BIG-IQ ASM, navigate to the Devices panel.
|Device Address||Enter the internal self IP for the BIG-IP device.|
|User Name||Enter the user's login name. For example: admin.|
|Password||Enter the password for this user.|
|Auto Update Framework||Select this check box to force an update of the REST framework on
the BIG-IP device.
Certain BIG-IQ system components should be installed and kept up-to-date on all BIG-IP devices brought under central management. These components provide a REST framework that supports the required Java-based management services.
|Check box||Clear this check box (the default setting) to ensure that the discovery process does not overwrite the source of imported policies already on the BIG-IQ system.|
Device properties are displayed for informational purposes and are read-only, except the check box.
|Host Name||Fully-qualified domain name (FQDN), identified at discovery time.|
|Management Address||Management address of the BIG-IP device, used for communication between it and the BIG-IQ system.|
|Version||Version and hotfix level of the device under management.|
|Check box||Used during discovery or rediscovery processes to allow (or prevent) the overwriting of imported policies that already exist on BIG-IQ ASM.|
Once configurations are in sync between BIG-IP devices and the BIG-IQ Application Security Manager (ASM) system, there is seldom a need to rediscover a BIG-IP device.
However, some scenarios that might require rediscovery include:
If any of these scenarios occur, you must rediscover to reconcile any changes with the configuration maintained on BIG-IQ ASM. If you do not reconcile changes, a subsequent deployment process will overwrite any changes made locally.
The rediscovery process is modal. This means that once rediscovery starts, the process blocks you from performing any other tasks or interacting with BIG-IQ ASM in any way until the process completes or is canceled.
During rediscovery, a Cancel Task button appears in the dialog box after the task has identified the device and started importing policies. If you click Cancel Task, the import is canceled and management authority over the device is rescinded.
If a policy has identified the device being rediscovered as its source, the policy source type is changed to FILE, which means that the device retains the policy's source file and it can be deployed to other devices.