The process of designating a device for central management by BIG-IQ Web Application Security is known as discovery.
Once a BIG-IP device is discovered, all security policies and virtual servers on the device come under management by the BIG-IQ system.
For each device discovered, the system creates an extra virtual server to hold all policies not related to any virtual server in the discovered device.
After discovery, BIG-IQ Web Application Security enables a view of devices and properties, policies, and virtual servers associated with those devices and a way to perform device-specific and policy-specific actions.
To view all devices managed by BIG-IQ Web Application Security, navigate to the Devices panel.
|Device Address||Enter the internal self IP for the BIG-IP device.
Note: Each managed device must be configured with a communication route from its internal self IP or management IP address to a BIG-IQ system internal self IP address on a configured BIG-IP VLAN. Otherwise, discovery will fail. F5 recommends that you use a self IP address (on the BIG-IP device) in order to gain access to additional functionality that is not provided through the management port.
|User Name||Enter the user's login name. For example: admin.|
|Password||Enter the password for this user.|
|Auto Update Framework||Select this check box to force an update of the REST framework on
the BIG-IP device.
Certain BIG-IQ system components should be installed and kept up-to-date on all BIG-IP devices brought under central management. These components provide a REST framework that supports the required Java-based management services.
|Check box||Clear this check box (the default setting) to ensure that the discovery process does not overwrite the source of imported policies already on the BIG-IQ system.|
Device properties are displayed for informational purposes and are read-only, except the check box options.
|Host Name||Fully-qualified domain name (FQDN), identified at discovery time.|
|Management Address||Management address of the BIG-IP device, used for communication between it and the BIG-IQ system.|
|Version||Version and hotfix level of the device under management.|
|Check box||Used during discovery or rediscovery processes to allow (or prevent) the overwriting of imported policies that already exist on BIG-IQ Web Application Security.|
|Signature file properties||Description|
|Version||Device current signature file version.|
|Auto update enabled||Check box used to enable automatic Update & push for signature files.|
Once configurations are in sync between BIG-IP devices and the BIG-IQ Web Application Security system, there is seldom a need to rediscover a BIG-IP device.
However, some scenarios that might require rediscovery include:
If any of these scenarios occur, you must rediscover to reconcile any changes with the configuration maintained on BIG-IQ Web Application Security. If you do not reconcile changes, a subsequent deployment process will overwrite any changes made locally.
The rediscovery process is modal. This means that once rediscovery starts, the process blocks you from performing any other tasks or interacting with BIG-IQ Web Application Security in any way until the process completes or is canceled.
If a policy has identified the device being rediscovered as its source, the policy source type is changed to FILE, which means that the device retains the policy's source file and it can be deployed to other devices.