Manual Chapter : Managing Groups

Applies To:

Show Versions Show Versions

BIG-IQ Security

  • 4.4.0
Manual Chapter

About groups

In BIG-IQ Security, groups are:
  • Specific to BIG-IQ. Groups do not exist on BIG-IP devices. There is no discovery of groups on BIG-IP devices or distribution of groups to BIG-IP devices.
  • Used for navigation and deployment purposes only.

When you have many BIG-IP devices to manage, you can group devices, which helps you visualize and manage large numbers of devices.

You can use the panel filtering options to show the devices you are interested in. Then, you can save this group with a name and description. Subsequently, you can select this group or any group saved earlier. You can easily delete other user-created groups.
Note: There are some system-created groups that cannot be deleted.

You can also filter the Devices panel (devices and groups) by typing text in the Filter field and pressing the Enter key. Clear the filter by clicking the X to the right of the text in the gray box under the filter.

System-defined groups (the Firewall Group and cluster groups) do not allow users to edit their memberships directly. Devices are added to these groups through the discovery process and deleted from this groups using the Remove button on the device's Properties panel.

You can arrange user-defined groups in a hierarchy of groups and subgroups.

System-defined groups always appear at the top of the hierarchy (root) and cannot contain child groups.

Adding devices to groups

After device discovery, you can create groups to organize devices into a visual hierarchy for ease of identification and management.
  1. From the Create Group panel, complete the fields as appropriate.
    Option Description
    Group Name Name of the group. Must be unique across all groups. Give the group a name that will assist you in remembering the group's purpose, managing the group, or identify the group.
    Description Optional description for the group. Descriptions can contain useful information about groups.
    Parent Group >Accept the default (root) or select another group from the dropdown list to reside at the top of the group hierarchy.
    Available Devices Begin typing to see the list of available devices. Select an available device and click Add Device to add a device to the table.
  2. Click Save.
The device is added to the group and appears in the Devices panel.

Managing groups

After adding a BIG-IP device to a pre-existing group, you can manage the group through the Group Properties screen. This means you can change the group hierarchy, add or remove devices from groups, delete groups, and modify group descriptions.

Changing group hierarchy

From the Group Properties screen, you can change the hierarchy of groups and subgroups through the Parent Group list.

Note: System-defined groups always appear at the top of the hierarchy (root) and cannot contain subgroups.

To change group hierarchy:

  1. From the Parent Group list, select root (the default) or another group to reside at the top of the hierarchy.
  2. Click Save.

Adding or removing devices from groups

System-defined groups (the Firewall Group and cluster groups) do not allow users to edit memberships directly. Devices are added to these groups through the discovery process and deleted from these groups using the Remove button on the device's Properties screen.

To add a device to a group:

  1. In the Available Devices field, begin typing and the list of available devices appears.
  2. Select an available device and click Add Device. The device is added to the table.
  3. Click Save. The device is added to the group.

To remove a device from a group:

  1. In the table below the Available Devices field, click the X at the end of the row containing the device you want to remove. The device is removed from the table.
  2. Click Save. The device is removed from the group.

Deleting groups

Note: You can delete user-created groups; there are some system-created groups that cannot be deleted.

To delete a group:

  1. Click the Delete button.
  2. When prompted, confirm the deletion by clicking Delete.

This action permanently removes the group from BIG-IQ Network Security.

Modifying group descriptions

To modify the group description, type a description in the Description field, or modify the existing description and click Save. The description could be written to help you remember the purpose of the group, or it could contain other useful information about the group.