Manual Chapter : Installing a Stand-alone DDoS Hybrid Defender

Applies To:

Show Versions Show Versions

F5 DDoS Hybrid Defender

  • 12.1.0
Manual Chapter

Overview: Installing a Stand-alone DDoS Hybrid Defender

You can install DDoS Hybrid Defender™ onto a dedicated system approved for the software. You must have assigned the management IP address on the LCD panel of the device, or with a hypervisor if you are using the Virtual Edition. This procedure is for installing a single, stand-alone DDoS Hybrid Defender system to protect against DDoS attacks. If you have two systems and want to install them for high availability, follow the steps described in Installing DDoS Hybrid Defender for High Availability.

Before you begin, make sure you have this information:

  • Base registration key
  • Internal and external self-IP addresses
  • Management IP address, network mask, and management route IP address
  • Passwords for the root and admin accounts
  • NTP server IP address (optional)
  • Remote DNS lookup server IP address (required for F5 Silverline® integration or if resolving host names)

Task Summary

Downloading DDoS Hybrid Defender

DDoS Hybrid Defender™ software is available from the F5 downloads web site. You need to download it onto your computer so you can install it onto the DDoS Hybrid Defender system.
  1. Log in to the F5 Downloads site, https://downloads.f5.com, and click the Find a Download button.
  2. In the Security F5 Product Family, locate the DDoS Hybrid Defender software, and click it.
  3. Select the product version and click DDoS_Hybrid_Defender.
  4. Read the End User Software License, and click the I Accept button if you agree with the terms.
  5. Click the f5-ddos-hybrid-defender rpm file to download it.
  6. Click the closest geographical location, and save the file on your local system.
    The software package is downloaded onto your system.
  7. Optionally, you can download the md5 file to verify the integrity of the rpm file.
The DDoS Hybrid Defender software package is now available on your local computer, and is ready for you to install onto the DDoS Hybrid Defender system. If setting up two systems for high availability, you should use the same package on both systems.

Performing initial setup

Before you begin, be sure to have the base registration key.
You need to perform an initial setup on your system before you can start to use DDoS Hybrid Defender™. Some of the steps vary, depending on the state your system is in when you begin, and whether you are using a physical device or a virtual edition.

If setting up two systems for high availability, you need to perform initial setup on both systems.

  1. If this is a new system, specify the management IP address using the LCD panel or command line on the physical device, or using the appropriate hypervisor on the virtual edition.
  2. From a workstation browser on the network connected to the system, type: https://<management_IP_address> .
  3. At the login prompt, type the default user name admin, and password admin, and click Log in.
    The Setup utility screen opens.
  4. Click Next.
    The License screen opens.
  5. In the Base Registration Key field, type or paste the registration key.
    You receive the registration key when you purchase DDoS Hybrid Defender. If you also have the add-on IP Intelligence service, specify the key in the Add-On Key field.
  6. For Activation Method, leave it set to Automatic unless the system does not have Internet access. In that case, click Manual and follow the instructions for manually licensing DDoS Hybrid Defender.
  7. Click Activate.
    The license is activated.
  8. Click Next; the device certificate is displayed, and click Next again.
    The Platform screen opens.
  9. For the Management Port Configuration setting, click Manual.
  10. The Management Port setting should include the management interface details that were previously set up.
  11. In the Host Name field, type the name of this system.
    For example, ddosdefender1.example.com.
  12. In the User Administration area, we strongly recommend that you change the Root and Admin Account passwords from the defaults. Type and confirm the new passwords.
    The Root account provides access to the command line, and the Admin account accesses the user interface.
  13. Click Next.
    The NTP (Network Time Protocol) screen opens.
  14. Optional: To synchronize the system clock with an NTP server, in the Address field, type the IP address of the NTP server, and click Add.
  15. Click Next.
    The DNS (Domain Name Server) screen opens.
  16. To resolve host names on the DDoS Hybrid Defender system, set up the DNS and associated servers (required for IP Intelligence):
    1. For the DNS Lookup Server List, in the Address field, type the IP address of the DNS server, and click Add.
    2. If you use BIND servers, add them to the BIND Forwarder Server List.
    3. For doing local domain lookups to resolve local host names, add them to the DNS Search Domain List.
  17. Click Finished.
If the system is connected to the Internet, it is now licensed and ready for you to install DDoS Hybrid Defender. If the system is not connected to the Internet, you have to manually activate the license.

Manually licensing DDoS Hybrid Defender

If the DDoS Hybrid Defender™ system is not connected to the Internet, use this procedure to manually activate the license. Otherwise, skip this task.

If setting up two systems for high availability, you have to activate the license on both systems.

  1. From a workstation on the network connected to the system, type: https://<management_IP_address> .
  2. At the login prompt, type the default user name admin, and password admin, and click Log in.
    The Setup utility screen opens.
  3. Click Next.
    The License screen opens.
  4. In the Base Registration Key field, type or paste the registration key.
    You receive the registration key when you purchase DDoS Hybrid Defender. If you also have the add-on IP Intelligence service, specify the key in the Add-On Key field.
  5. For the Activation Method setting, select Manual and click the Generate Dossier button.
    The dossier is displayed in the Device Dossier field.
  6. Select and copy the text displayed in the Device Dossier field, and click the Click here to access F5 Licensing Server link.
    Alternatively, you can navigate to the F5 license activation portal at https://activate.f5.com/license/.
  7. Click Activate License.
  8. Into the Enter your dossier field, paste the dossier.
    Alternatively, if you saved the file onto your system, click the Choose File button and navigate to the file.
    The license key text is displayed.
  9. Copy the license key, and paste it into the License Text field.
  10. Continue with the Setup Utility.

Installing DDoS Hybrid Defender

You need to have downloaded the DDoS Hybrid Defender™ software from F5, and completed the initial setup.
You can install DDoS Hybrid Defender on the system.
  1. Log in to DDoS Hybrid Defender with the administrator user name and password.
    The system displays the Welcome screen.
  2. On the Main tab, click DoS Protection.
    Because the software has not yet been installed, the Import Package screen opens.
  3. In the File Name setting, click Choose File and navigate to the DDoS Hybrid Defender software that you previously downloaded from F5, and click Open.
The DDoS Hybrid Defender software is installed. The next time you log in, you will be able to access the DoS Protection screens.
Next, you can begin configuring the network, then setting up DDoS Hybrid Defender to protect your networks and web applications from DoS attacks.

Configuring the network for a stand-alone device

You must first configure the network to create the workflow for DDoS Hybrid Defender™. You do this by configuring VLANs (virtual local area networks), and associating the physical interfaces on the system with them.
Note: If using the BIG-IP Virtual Edition, to set up the network as described here, you must create a security policy on the vSwitch. Configure the security policy to accept the Promiscuous Mode and Forged Transmits policy exceptions. For details about these options, see the VMware ESX or ESXi Configuration Guide.
  1. On the Main tab, click DoS Protection > Quick Configuration .
  2. On the menu bar, click Network Configuration.
  3. If your network relies on switch topology and all traffic ingress to DDoS Hybrid Defender is from one VLAN and traffic egress is through one VLAN, you can use the defaultVLAN setup. Otherwise, skip this step and go to the next one.
    1. Click defaultVLAN.
      This VLAN group contains two VLANs, one for external traffic and one for internal traffic.
    2. For the Internal and External fields, type a tag number (from 1 to 4094) for the VLAN.
      The system automatically assigns a tag number if you do not specify a value.
    3. For each VLAN, select the interface to use for traffic management, leave Untagged unselected, and click Add.
      Click Untagged to allow the interface to accept traffic only from that VLAN, instead of from multiple VLANs.
    4. In the IP Address/Mask field, type either an IPv4 or an IPv6 address.
      The self IP address is the address of the system on the internal interface that provides access to the internal network.
    5. Click Done Editing to save the default network configuration.
    The network is set up using the default network. You do not need to add VLANs.
  4. If DDoS Hybrid Defender connects to multiple VLANs or uses routed topology, instead of using the default network, configure the network in the VLAN area. Click Create and set up the VLAN as follows:
    1. Type a name, VLAN tag, then select the interface for the VLAN and click Add.
    2. In the IP Address/Mask field, type the IP address and mask in the form 10.10.10.10/22.
    3. After the IP address, specify the protocols and services from which this system (self-IP address) can accept traffic (port lockdown).
      Select Allow None to accept no traffic; Allow Default to accept default protocols and services only; and Allow All to activate TCP and UDP services.
    4. No Floating IP Address/Mask is needed if you are configuring just one DDoS Hybrid Defender system for this network.
    5. Click Done Editing to save the VLAN configuration.
    6. Create as many VLANs as you need to connect to DDoS Hybrid Defender.
  5. If your system is configured using routed mode and connects to other networks through additional routers, add the required routes so the traffic can reach its destination:
    1. Next to Routes, click Create.
    2. Type a name, destination IP address, netmask, and gateway IP address (this is the next hop router address).
    3. Click Done Editing to save the route.
  6. Click Update to save the network configuration.
DDoS Hybrid Defender is set up to work within your network for most typical configurations.
At this point, you can start configuring DDoS Hybrid Defender to protect against DDoS attacks. You can also set up remote logging and Silverline, if you are using those features.

Setting up remote logging

You can specify one remote logging destination on DDoS Hybrid Defender™. Set up remote logging if you want to consolidate statistics gathered from multiple appliances onto a Security Information and Event Management (SIEM) device, such as Arcsight or Splunk.

If setting up high availability, configure remote logging on the active device.

  1. On the Main tab, click DoS Protection > Quick Configuration .
  2. On the menu bar, click Logging.
  3. In the Remote Logging area, from the Format list, select the log format used on the remote logging server: Arcsight or Splunk.
  4. In the Destination IP Address field, type the IP address of the remote logging server.
  5. In the Port field, type the port number used for the remote logging server.
  6. Click Commit Changes to System to save the changes.
Event logs from DDoS Hybrid Defender are sent to the remote logging server in the format you specified.

Connecting with F5 Silverline

Connecting with F5 Silverline® is optional, and is available for customers who have an active F5 Silverline DDoS Protection subscription.
To integrate the F5 Silverline Cloud Platform with DDoS Hybrid Defender™ as a way to mitigate DDoS attacks, you need to register DDoS Hybrid Defender with F5 Silverline.

If setting up high availability, register with Silverline on the active device.

  1. On the Main tab, click DoS Protection > Quick Configuration .
  2. On the menu bar, click Silverline.
  3. In the Username field, type the user name for an active Silverline DDoS Protection account. For example, username@example.com.
  4. In the Password field, type the password for the Silverline DDoS Protection account.
  5. In the Service Address field, type the IP address or fully qualified domain name used to connect to the Silverline DDoS Protection service.
  6. Click Update to save the credentials.
    DDoS Hybrid Defender sends a registration request to the F5 Silverline Cloud Platform.
  7. Log in to the F5 Silverline customer portal (https://portal.f5silverline.com) and specify DDoS Hybrid Defender as an Approved Hybrid Signaling Device.
DDoS Hybrid Defender is now integrated with the Silverline Cloud Platform.
When configuring the device or objects to protect, you will need to select the Silverline check box to send information about DDoS attacks to the Silverline Cloud Platform.