Applies To:

Show Versions Show Versions

Manual Chapter: FirePass® Controller version 6.0 Getting Started Guide: Working with the FirePass Controller
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


3

Working with the FirePass Controller


Configuring the FirePass controller

After you have finished setting up the FirePass controller, and you have completed the initial configuration, you need to configure other aspects of the FirePass controller. You perform these additional configuration tasks using the various screens in the Administrative Console.

To begin configuring network settings

  1. Log on to the FirePass controller using the administrative account you created during Quick Setup.
    For more information, see Logging on to the FirePass controller Administrative Console .
  2. In the navigation pane of the Administrative Console, click Device Management, expand Configuration, and click Network Configuration.
    The Network Configuration screen opens with the IP Config tab selected. This is the starting point for further configuration tasks.

For more information on additional configuration tasks that you can perform, refer the FirePass Controller Administrator Guide and the online help for the screen associated with each configuration task.

Updating during configuration tasks

As you set up new functions on the FirePass controller, or when you modify existing configurations, you might see an Update button on the screen. Be sure to click the Update button whenever you make a change on any screen that has an Update button. Then you must use the Finalize screen to review and commit any changes that you make to the configuration.

For more information about the finalization process, search for "finalize" in the FirePass controller online help.

Configuring user access to favorites

By default, users are allowed to access only the favorites that you, as the administrator, have defined. As the administrator, you can give users permission to define their own favorites, or to open direct connections. You do this in the Master Group Settings screen for each adapter. Although the exact text for the check box varies by screen, you clear the check box that indicates that access is limited to favorites only.

For example, in the Portal Access : Web Applications : Master Group Settings screen, the check box is labeled Limit Web Applications Access to Intranet Favorites only, with no direct addressing (for Extranets, partner and customer access, etc.).

Verifying your configuration settings

After you have completed the Quick Setup process and have performed additional configuration tasks on the FirePass controller, you can follow the procedures in this section to verify your configuration settings. For more information, refer to the FirePass Controller Administrator Guide and the online help for each screen.

To test client access to the FirePass controller

  1. On a computer that is located outside the company firewall, start a web browser.
    The web browser home page opens.
  2. In the web browser address bar, type
    https://<fully qualified domain name>/admin/
    where <fully qualified domain name> is the name you specified in your external DNS server.
    The logon screen opens.
Note: Be sure to include the ending slash (/) character when you specify the administrative URL.
  1. In Username, type the administrative logon name you supplied during the Quick Setup process.
  2. In Password, type the administrative password you supplied during the Quick Setup process.
  3. Click Go.
    The Welcome screen opens.

To create a new user for logging on

  1. In the navigation pane of the Administrative Console, click Users and click User Management.
    The User Management screen opens.
  2. In the Create user accounts by list, verify that individual entry is selected, and click Go.
    The new user screen opens.
  3. Verify that Default is selected in the Master Group list.
    If it is not, select Default, and click Change.
  4. In Logon, type user1.
  5. In First Name, type Joe.
  6. In Last Name, type User.
  7. Specify values for all other fields.
    Make a note of the password. You will use it in the next procedure.
  8. Click Add User.

To verify user logon configuration

  1. Log out of the Administrative Console and open a new browser window.
    The web browser home page opens.
  2. In the web browser address bar, type
    https://<fully qualified domain name>/
    where <fully qualified domain name> is the name you specified in your external DNS server.
    The logon screen opens.
  3. In Username, type user1.
  4. In Password, type the password you specified in the previous procedure, and then click Logon.
    You should see Joe User's home page.
    On the left side of the screen are some icons for access modes (webifyers) and on the right side is a single section called Network Access, which contains a link labeled with the name you specified during the Quick Setup process.

To test Network Access

This test applies only if you are using Network Access.

  1. While you are still logged on as Joe User, use the browser to attempt to access an internal company web site.
    The attempt should fail.
  2. In the right side of the Joe User's home page, click the link for Network Access
    A popup window presents a security warning about the certificate.
  3. Accept the security warning.
    Another popup window presents a series of messages that track the progress of the load operation, ending with the message
    Network Access connection successfully established.
  4. Attempt to access the internal website again.
    It should work this time.
  5. Click the x button in the popup window to disconnect.
  6. Click logout to log out.
Note

After you have configured the FirePass controller, you should create a snapshot and a backup of your configuration. For more information, refer to Using the snapshot utility and Backing up and restoring configuration settings .

Updating FirePass controller software

You can use the online update feature to check for newer versions of the FirePass software, and quickly upgrade to the latest release. You can update the FirePass controller online, or you can update offline, by downloading an upgrade file from F5 Networks.

This section describes how to upgrade to the most current software. Later sections describe some standard tasks, such as shut down and restarts, and explain how to back up configuration settings using the backup feature, how to revert to an earlier software version using the snapshot and backup tools, and how to restore the factory default settings.

Note

Before starting the upgrade process, refer to the release notes associated with this release.

Locking out new user sessions

The system administrator can set up a feature called User Session Lockout, which displays a message to users to alert them that maintenance is occurring. For more information, refer to the FirePass Controller Administrator Guide and the online help for the product.

Updating the FirePass controller online

The FirePass controller provides one-click software upgrades.

If a new version is available, the Online Update page indicates the version's availability. To get the new version, follow the instructions provided in the Online Update page.

Important

Before upgrading the software, back up the FirePass controller configuration. For more information, see Backing up and restoring configuration settings . In addition, use the Snapshot tool to back up the entire controller configuration. For more information, refer to Using the snapshot utility .

To access the Online Update screen

  1. In the navigation pane in the Administrative Console, click Device Management, expand Maintenance, and click Online Update.
    The Online Update screen opens.
  2. Follow the instructions or select a file from the list of available updates.

The FirePass controller downloads the update package and restarts the controller.

Warning

Be sure to separately update all cluster and failover units. All units must be running the same version for clustering and failover to work properly.

Updating the FirePass controller offline

To update the software offline, you either need to get the update image from your local F5 representative, or your support contract might entitle you to obtain local update images directly from the F5 web site.

To update the FirePass controller from a local file

  1. In the navigation pane in the Administrative Console, click Device Management, expand Maintenance, and click Local Update.
    The Local Update screen opens.
  2. Click the Browse button, select the file you want, and click Open.
  3. Type in the password corresponding to the file. (Obtain this password from F5 Networks customer support.)
  4. Click Submit.
  5. Wait for the update to complete.
    Three status bars indicate download status, install status, and rebooting status.
    When the update completes, the system automatically reboots.
  6. Log on again with administrative privileges.
  7. In the navigation pane in the Administrative Console, click Device Management, and click Current Settings.
    The Current Settings screen opens.
  8. Verify that the new version was installed by checking information on the Current Settings screen, including the version and build number, and all hotfixes that have been applied.

Performing other configuration tasks

This section describes how to perform common configuration tasks such as shutting down and restarting the FirePass controller, resetting the FirePass controller to the factory default settings, and using the snapshot tool to create and restore a snapshot of the FirePass controller system.

Shutting down the controller

It is important that you know how to safely shut down the FirePass controller. Incorrectly shutting down can cause the controller to become unstable, requiring that you return the controller to its factory default settings.

Using the shutdown option

Always use the Shutdown option before turning off the power on the FirePass controller.

To shut down the FirePass controller

  1. In the navigation pane in the Administrative Console, click Device Management, expand Maintenance, and click Restart Services.
    The Restart Services screen opens.
  2. Click the link for Shutdown Controller to shut down the FirePass controller.
    The Shutdown Controller screen opens, with a warning that lists the number of active sessions. If you confirm shut down at this point, the FirePass controller terminates these sessions without warning.
  3. Click the Shutdown button to initiate the shutdown.
Warning

Do not use the power switch to shut down the FirePass controller without following the proper shutdown procedures described in this section. If you incorrectly power down the controller, it can result in an unstable state, requiring that you return the controller to its factory default settings.

Knowing when to turn off the FirePass controller

How to tell when it is safe to turn off the controller depends on the model you have.

  • FirePass 1000 and the FirePass 1200
    The controller emits three successively-lower-pitched tones. After you hear the three tones, it is safe to power down the controller.
  • FirePass 4100
    The LCD displays the message Press the X key to power off.
    The X key is located on the keypad on the front panel of the controller. Figure 2.4 shows the FirePass 4100 LCD panel control buttons. Press the X key and hold it for approximately five seconds until the lights on the front panel of the controller go out. At this point, the LCD displays the message F5 Power standby mode. Press Enter to command power on. You can now open the front panel door of the FirePass 4100 and turn off the power switch.

Tip


If you are running the FirePass 1200 in a noisy environment, you might not hear the tones. Always check the FirePass 1200 LEDs to determine status. For more information about the FirePass 1200 LED status indicators, see Understanding the LEDs on the FirePass 1200 .

Restarting the controller

You can restart the controller to reboot the hardware when the controller is in an abnormal state.

To restart the FirePass controller

  1. In the navigation pane in the Administrative Console, click Device Management, expand Maintenance, and click Restart Services.
    The Restart Services screen opens.
  2. Click the link for Restart Controller to reboot the hardware.
    The Restart Controller screen opens, with a warning that lists the number of active sessions.
    Depending on the state of the FirePass controller before the restart, confirming the operation might affect active sessions.
  3. Click the Restart button to confirm the reboot operation.

Restoring factory default settings

Sometimes, when implementing and testing new configurations, it is necessary to revert to the factory default settings. Follow the procedures listed here to restore the factory default configuration settings.

To reset the configuration to the factory default settings

  1. Connect a workstation to the serial port of the FirePass controller using a null-modem cable.
  2. Configure a communications program, such as HyperTerminal or XTerm, using the following settings:
    • Baud rate: 19200
    • Data bits: 8
    • Parity: none
    • Stop bits: 1
    • Flow control: hardware
  3. Start the serial connection.
    The screen changes to show a logon prompt.
  4. Type maintenance at the logon prompt, and then press Enter.
    A screen of conditions for using the Maintenance Console opens.
  5. Review the conditions and press Enter to continue.
    A screen of maintenance options opens.
  6. Using the arrow keys, navigate to option 1: Reset settings and/or admin password, make sure the OK option is selected, and press Enter.
    A screen for resetting options opens.
  7. Using the arrow keys, navigate to option 1: Reset settings and admin password, make sure the OK option is selected, and press Enter.
    The FirePass controller presents the reset warning screen.
  8. Review the information on the reset warning screen before continuing.
  9. In response to the question Reset FirePass to default values (full reset)?, type yes and press Enter.
    The system presents a prompt for resetting the FirePass controller IP defaults.
  10. In response to the question Change the default FirePass IP settings?, type yes and press Enter.
    The system presents a prompt for specifying the FirePass controller name.
  11. In response to the prompt FirePass server name, type the name of the FirePass controller and press Enter, or press Enter without specifying a name to use the default firepass.company.xyz.
    The system presents a prompt for specifying the FirePass controller IP address.
  12. In response to the prompt FirePass IP address, type the IP address of the FirePass controller and press Enter, or press Enter without specifying an IP address to use the default 192.168.1.99.
    The system presents a prompt for specifying the FirePass controller IP mask.
  13. In response to the prompt FirePass IP mask, type the subnet mask of the FirePass controller and press Enter, or press Enter without specifying an IP address masl to use the default 255.255.255.0.
    The system presents a prompt for specifying the DNS server IP address.
  14. In response to the prompt DNS server IP address, type the DNS server IP address of the FirePass controller and press Enter, or press Enter without specifying an IP address to use the default
    192.168.1.1.
    The system presents a prompt for specifying the Gateway IP address.
  15. In response to the prompt Gateway IP address, type the gateway IP address for the FirePass controller and press Enter, or press Enter without specifying an IP address to use the default 192.168.1.1.
    The system presents a summary screen of the changes.
  16. In response to the confirmation prompt, type yes and press Enter.
  17. Wait while the reset process completes and the FirePass controller reboots.
  18. Log on to the system using the value you specified for FirePass IP address, followed by the suffix /admin/. For example,
    https://192.168.1.99/admin/
  19. Reactivate the license.
    For information about reactivating the license, see the online help for the Activate License screen.

Using the snapshot utility

You can use the snapshot feature to back up the current system software. You can later use this image to restore the system to a previous version.

The snapshot utility creates an image of the system, including the configuration settings. However, the FirePass controller takes itself offline during snapshot creation. In addition, the FirePass controller stores only one snapshot at any given time. For this reason, we recommend that you also periodically back up your configuration settings. For more information about the backup and restore feature, see Backing up and restoring configuration settings .

Important

When you create a snapshot, the FirePass controller goes offline into maintenance mode. You must use a workstation that is physically connected to the FirePass controller (that is, not a workstation on the network) to complete the snapshot-creation operation.
Note

You can revert to the factory default settings for the FirePass controller. For more information, see Restoring factory default settings .

Creating a snapshot

When you create a snapshot of your system settings, the snapshot is stored on the FirePass controller. You can have only one snapshot stored on the FirePass controller at a time. When you create a new snapshot, it overwrites the previous snapshot without warning, after you confirm the creation operation.

To create a snapshot of your configuration settings

  1. Connect a workstation to the serial port of the FirePass controller using a null-modem cable.
  2. Configure a communications program, such as HyperTerminal or XTerm, using the following settings:
    • Baud rate: 19200
    • Data bits: 8
    • Parity: none
    • Stop bits: 1
    • Flow control: hardware
  3. Start the serial connection.
    The screen changes to show a logon prompt.
  4. Type maintenance at the logon prompt, and then press Enter.
    A screen of conditions for using the Maintenance Console opens.
  5. Review the conditions and press Enter to continue.
    A screen of maintenance options opens.
  6. Using the arrow keys, navigate to option b: Create/restore FirePass snapshot and press Enter.
    A confirmation screen opens.
  7. At the confirmation prompt, press Enter.
    The FirePass controller boots into recovery mode.
  8. Type maintenance at the logon prompt, and then press Enter.
    A screen of conditions for using the Maintenance Console opens.
  9. Review the conditions and press Enter to continue.
    A screen of maintenance options opens.
  10. Select Create FirePass snapshot and press Enter.
    Snapshot creation begins immediately, overwriting any existing snapshot.
  11. During snapshot creation, the FirePass controller shows a status screen. You cannot halt an in-progress operation.

  12. After the operation completes, select option 0, Exit and Reboot FirePass in normal mode to exit from maintenance mode.

Restoring a snapshot

When you take a snapshot of your configuration settings, the snapshot is stored on the FirePass controller and can be retrieved by following this procedure.

To restore a snapshot

  1. Connect a workstation to the serial port of the FirePass controller using a null-modem cable.
  2. Configure a communications program, such as HyperTerminal or XTerm, using the following settings:
    • Baud rate: 19200
    • Data bits: 8
    • Parity: none
    • Stop bits: 1
    • Flow control: hardware
  3. Start the serial connection.
    The screen changes to show a logon prompt.
  4. Type maintenance at the logon prompt, and then press Enter.
    A screen of conditions for using the Maintenance Console opens.
  5. Review the conditions and press Enter to continue.
    A screen of maintenance options opens.
  6. Using the arrow keys, navigate to option b: Create/restore FirePass snapshot and press Enter.
    A confirmation screen opens.
  7. At the confirmation prompt, press Enter.
    The FirePass controller boots into recovery mode.
  8. Type maintenance at the logon prompt, and then press Enter.
    A screen of conditions for using the Maintenance Console opens.
  9. Review the conditions and press Enter to continue.
    A screen of maintenance options opens.
  10. Select one of the following options and press Enter:
    • Revert FirePass to last working configuration snapshot
      This option restores FirePass controller using the a snapshot you created.
    • Revert FirePass to factory default snapshot
      This option restores FirePass controller using a snapshot of the base operating system at the time the unit was shipped. The factory-defaults snapshot does not contain your current configuration.
  11. Review the revert confirmation warnings, select Yes, and press Enter to start the restore operation.
  12. During the snapshot-restore operation, the FirePass controller shows a status screen. You cannot halt an in-progress operation.

  13. After the operation completes, select option 0, Exit and Reboot FirePass in normal mode to exit from maintenance mode.
Warning

If you choose to use the factory default snapshot, it erases all of your configuration settings and restores the factory default settings.

In addition to periodically creating a snapshot of the FirePass controller, we recommend that you also perform regular backups of your configuration settings. For information on creating and restoring backups, see Backing up and restoring configuration settings , following.

Backing up and restoring configuration settings

The backup feature captures configuration settings on your FirePass controller. We recommend that you perform regular backups manually, or that you configure an FTP server for automatic backup every night.

You use the backup feature in conjunction with the snapshot utility to preserve and restore content and settings on the FirePass controller. Each has its own function:

  • The backup process saves configuration settings that you have made, but not the system settings.
  • The snapshot feature saves the system settings in addition to the configuration settings.

In addition to this difference, while the snapshot tool stores the configuration file on the FirePass controller, the backup process places the backed up files on the hard drive of a computer or FTP server you specify, so you can create a special folder for multiple backups.

We recommend that, in addition to regularly backing up your configuration settings, that you also create periodic snapshots of your FirePass controller. For information on creating and restoring snapshots, see Using the snapshot utility .

Creating a backup manually

You can create a backup of your current configuration any time you want to capture the current configuration settings. Backups include the FirePass controller global settings, as well as all user accounts and groups, Network Access, Portal Access, and Application Access settings, configured favorites, and network configuration. You can also back up the logs.

To create a backup manually

  1. In the navigation pane of the Administrative Console, click Device Management, expand Maintenance, and click Backup/Restore.
    The Backup / Restore screen opens.
  2. Click the link Create a backup of your current configuration.
  3. Wait while the FirePass controller creates the backup file.
    The browser presents a dialog box that contains options for opening or saving the backup file.
  4. Select the option that saves the backup file.
    The system presents a standard save-as dialog box.
  5. Navigate to the folder on your hard drive where you want to place the backup file. You might want to create a new folder where you can keep all of your backup files.
  6. Review the backup file name.
    A typical backup file name appears similar to the following example:
    backup-bip065695s-URM-5_51-20060119182912.zip
    You can change the name to a more meaningful one so you can locate it later when you want to restore the configuration.
  7. Click OK.
Note

If you select the link Create a backup of your current configuration and log messages, the backup also includes all FirePass controller logs.

Configuring for automatic backup to an FTP server

You can set up the FirePass controller to perform automatic nightly backups to an FTP server.

To configure automatic, nightly backups to an FTP server

  1. In the navigation pane of the Administrative Console, click Device Management, expand Maintenance, and click Backup/Restore.
    The Backup / Restore screen opens.
  2. Check Perform nightly backups to FTP server.
    The screen refreshes to reveal additional options.
  3. Specify the destination FTP server address and Target directory
  4. Check Partial backup to back up the FirePass controller IP address, web services configurations and webifyer settings, user accounts, and favorites, or clear the option to also include applications logs, and logon details logs.
    Neither backup type includes HTTP logs or system logs.
  5. In Username, type the account name to use when logging onto the FTP site to create the backup
  6. In Password, type the account password to use when logging onto the FTP site to create the backup
  7. In Confirm Password, type the password again.
  8. Click Save.

You can test the automated backup settings by clicking Backup now.

Note

Backed up files are protected with strong encryption, and are checked for integrity prior to being restored. Because they are encrypted, it is safe to use unprotected FTP for file transfer, and to store the files on public file shares.

Restoring backups

You can restore backed up configuration files any time you want to revert to a previously saved version of your configuration.

To restore your configuration settings from a backup

  1. In the navigation pane of the Administrative Console, click Device Management, expand Maintenance, and click Backup/Restore.
    The Backup / Restore screen opens.
  2. Click the Browse button.
    The system presents a standard open-file dialog box.
  3. Navigate to the file that you want to restore.
    Backup file names appear similar to the following example:
    backup-bip065695s-URM-5_51-20060119182912.zip
  4. Click Open.
    The backup file name you select now appears in the box next to the Browse button.
  5. Click the link Restore your saved configuration.
    Wait while the FirePass controller retrieves backup information and presents the configuration settings from the file you selected.
    If you see an error message, return to the Backup / Restore screen, make sure you specify a valid backup file, and click the link again.
  6. To also include IP addresses and other network settings, check Restore Networking Configuration.
  7. To also include user accounts and group definitions, check
    Restore Users and Groups Settings.
  8. To continue, click Restore.
    To cancel the restore operation, click Abort.
Warning

Backing up and restoring across FIPS-compliant systems restores only the user accounts and groups configuration. The operation does not restore network settings and certificates.
Important

Although you can use the backup functions to restore FirePass controller configurations from one platform type to another (for example, from a FirePass 1200 to a FirePass 4100), the process restores only global settings, user accounts, groups, webifyer settings, and favorites configurations. It does not restore the network configuration and certificates.
Note

You can restore the IP configuration between identical models only, for example, restoring from one FirePass 4100 to another.



Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)