When you want to deploy a Web Application Security configuration, or a Network Security configuration, you need to use one of the following built-in roles.
For more information on roles, refer to the role descriptions on the Roles screen (support.f5.com.) or refer to F5® BIG-IQ® Centralized Management: Authentication, Roles, and User Management on
When a firewall security policy or a web application security policy is deployed, that policy goes through several deployment states. Reviewing these states may be useful in understanding what occurred during deployment in order to diagnose a problem. Note that not all states may appear in the log, since what states are displayed depends on how the deployment was processed.
restjavad.n.log file to view deployment states for either a
firewall security policy or a web application security policy.
This table displays states that can occur during the deployment process, and a brief description of each state.
|CHECK_LICENSE||Licenses for BIG-IQ systems are checked to be valid.|
|CHECK_OTHER_RUNNING_TASKS|| Verifies that no tasks are running that could cause errors during deployment. Tasks
that could cause errors include:
|GET_DEVICES||Finds all devices managed by the BIG-IQ Security system.|
|CHECK_DEVICE_AVAILABILITY||Determines whether the devices to be deployed are available.|
|LOOKUP_CLUSTERS||Determines if any devices included in the deployment are part of a cluster, and if so, verifies that both devices in the cluster are configured with the same sync mode and sync failover group on the BIG-IP device.|
|REFRESH_CURRENT_CONFIG_SOAP||Using the SOAP API, refreshes the current configuration for all devices included in the deployment. This process adds any new configuration items from the BIG-IP device to the current configuration.|
|REFRESH_CURRENT_CONFIG_REST||Using the REST API, refreshes the current configuration for all devices included in deployment. This process adds any new configuration items from the BIG-IP device to the current configuration.|
|CREATE_SNAPSHOT||Creates a snapshot of the working configuration.|
|CREATE_DIFFERENCE||Generates the differences between the snapshot taken and the current configuration.|
|VERIFY_CONFIG||Verifies that devices to be deployed do not have configuration problems that could lead to deployment errors.|
|GET_CHILD_DEPLOY_DEVICES||Finds all devices managed by Shared Security objects. These devices are considered to be child deployments of a parent firewall security or web application security deployment.|
|START_CHILD_DEPLOY||Starts the deployment of devices managed by Shared Security objects.|
|WAIT_FOR_CHILD_DEPLOY||Waits for deployment of devices managed by Shared Security objects to complete.|
|CLEANUP_PREVIOUS_EVALUATE||Cleans up processing artifacts from the previous evaluation.|
|DISTRIBUTE_DSC_CLUSTERS||Distributes changes to devices identified as being in a cluster by the LOOKUP_CLUSTERS process and that are configured to use the BIG-IP Device Service Clustering (DSC) to keep the BIG-IP devices synchronized.|
|DISTRIBUTE_CONFIG||Distributes configuration changes to the specified devices.|
|DISTRIBUTE_CONFIG_SOAP||Using the SOAP API, distributes configuration changes to the specified devices.|
|DISTRIBUTE_CONFIG_REST||Using the REST API, distributes configuration changes to the specified devices.|
|FOLDBACK_DEPLOYED_ADDITIONS||Inserts any newly-added objects directly into the current configuration to that the BIG-IQ system will already know about those objects on the next refresh of the current configuration.|
|DONE||Indicates the deployment process has completed.|