Add F5 BIG-IP load balancers

Relevant for: AFA Administrators

This topic describes how to add F5 load balancers to AFA, including LTM-only devices and LTM and AFM devices.

If you have both LTM and AFM devices, and you do not need FireFlow support, use the LTM and AFM option. If you have only an LTM device, or if you have both but need FireFlow support, use the LTM-only option.

In this topic:

F5 BIG-IP LTM-only device support

This section describes how AFA connects to F5 BIG-IP LTM-only load balancers.

• Device permissions
• Add an F5 BIG-IP LTM-only device to AFA
• F5 LTM support data collection commands

Device permissions

The user connecting to the F5 device can have any role, but the User Partition must be ALL.

Terminal access must be set to tmsh or Advanced shell.

Add an F5 BIG-IP LTM-only device to AFA

This procedure describes how to add an F5 BIG-IP LTM-only device to AFA.

Do the following:

1. Access the Devices Setup page. For details, see Access the DEVICES SETUP page.
2. On the vendor and device selection page, select F5 > BIG-IP LTM Only.

3. Complete the fields as needed, and then click Finish.

   Access Information

   Type	F5 BIG-IP LTM Only This field is read-only.
   Host	Enter the host name or IP address of the device.
   User Name	Enter the user name to use for SSH access to the device.
   Password	Enter the password to use for SSH access to the device.

   Close ⌃
   Geographic Distribution

   Select the remote agent that should perform data collection for the device.

   To specify that the device is managed locally, select Central Manager.

   This field is relevant when a Geographic Distribution architecture is configured. For more details, see Configure a distributed architecture.

   Close ⌃
   Baseline Configuration Compliance

   To enable generation of Baseline Compliance Reports for this device, select the baseline compliance profile to use.

   The drop-down list includes all baseline compliance profiles in the system. For more details, see Customize baseline configuration profiles.

   To disable Baseline Compliance Report generation for this device, select None.

   Close ⌃
   Route Collection

   Specify how AFA should acquire the device's routing information:

   • Automatic. AFA will automatically generate the device's routing information upon analysis or monitoring.

   • Static Routing Table (URT). AFA will take the device's routing information from a static file you provide. For details, see Specify routing data manually.

   Close ⌃
   Remote Management Capabilities

   This area enables you to select a define a data transfer method. Only SSH is supported, using either the default or a custom port.

   Define the following as needed:

   Custom Port

   To specify a custom port, select this option and type the port. This option is only relevant when SSH is selected.

   Number of allowed encryption keys

   Enter the permitted number of different RSA keys received from this device's IP address. Different RSA keys may be sent from the same IP address in cases of cluster fail-over, device operating system upgrades, etc. For example, if a cluster fail-over occurs, the secondary node will send a new RSA key from the same IP address to AFA. If this number is set to 1, the connection to the node will fail, resulting in a failed analysis. Default = unlimited

   Close ⌃
   Log Collection and Monitoring

   Define the following as needed:

   Log collection method	Specify the log collection method that AFA should use when collecting audit logs for the F5 load balancer, by selecting one of the following: Extensive (Default): Not applicable. Intelligent Policy Tuner (IPT) is not available for F5 devices. Standard: Use Syslog data for the Change History report page. IPT is disabled. None. Disables the other Log Collection and Monitoring fields. Note: This device type supports audit logs only.
   Syslog-ng server	If you selected Standard or Extensive in the Log collection method field, you must specify the syslog-ng server. For details, see Specify a Syslog-ng server.
   Additional firewall identifiers	Enter any additional IP addresses or host names that identify the device. When adding multiple entries, separate values by a colon (:). For example: 1.1.1.1:2.2.2.2:ServerName. This is relevant when the device is represented by multiple or non-standard device identifiers in the logs, for example, in cases of firewall clusters or non-standard logging settings. If AFA receives logs with an identifier it does not recognize, the logs will not be processed. Note: This field is only relevant for the parent device, and not for sub-systems. For more details, see Add additional device identifiers for sub-systems
   Log collection frequency (minutes)	Enter the interval of time in minutes, at which AFA should collect logs for the device. The default value is 60.

   Close ⌃
   Options

   Real-time change monitoring	Select this option to enable real-time alerting upon configuration changes. For more details, see Configure real-time monitoring,
   Set user permissions	Select this option to set user permissions for the device.

   Close ⌃

   The new device is added to the device tree.

4. If you selected Set user permissions, the Edit users dialog box appears.

   In the list of users displayed, select one or more users to provide access to reports for this account.

   To select multiple users, press the CTRL button while selecting.

   Click OK to close the dialog.

A success message appears to confirm that the device is added.

F5 LTM support data collection commands

The F5 LTM support data collection commands are:

Back to top

F5 BIG-IP LTM and AFM support

This section describes how AFA connects to F5 BIG-IP LTM and AFM devices.

• Network connection
• Device permissions
• Add an F5 BIG-IP LTM and AFM to AFA

Network connection

The following diagram shows an ASMS Central Manager or Remote Agent connecting to a F5 BIG-IP LTM and AFM device.

Device permissions

ASMS requires an Administrator role on all partitions to access your F5 BIG-IP LTM and AFM device for basic analysis and change management. Additionally, Tmsh for terminal access is required for Baseline Compliance functionality.

For more details, see F5 BIG-IP LTM+AFM - data collection authentication method in AlgoPedia.

Add an F5 BIG-IP LTM and AFM to AFA

This procedure describes how to add an F5 BIG-IP LTM and AFM device to AFA, and should be used when your device uses AFM and you do not need FireFlow support.

Do the following:

1. Access the Devices Setup page. For details, see Access the DEVICES SETUP page.
2. On the vendor and device selection page, select F5 > BIG-IP LTM and AFM.

3. Complete the fields as needed, and then click Finish.

   Access Information

   Type	F5 BIG-IP LTM and AFM This field is read-only.
   Host	Enter the host name or IP address of the device.
   User Name	Enter the user name to use for access to the device.
   Password	Enter the password to use for access to the device.
   Retrieve credentials from CyberArk vault	Select this check box to authenticate the device with a CyberArk Vault instead of saving the device credentials on the AlgoSec server. When selected, also enter the following CyberArk details for the device being authenticated via CyberArk: Platform (Policy ID) Safe Folder Object Note: These options only appear when CyberArk is configured in AFA. For details, see Integrate AFA and CyberArk.

   Close ⌃
   Geographic Distribution

   Select the remote agent that should perform data collection for the device.

   To specify that the device is managed locally, select Central Manager.

   This field is relevant when a Geographic Distribution architecture is configured. For more details, see Configure a distributed architecture.

   Close ⌃
   Baseline Configuration Compliance

   To enable generation of Baseline Compliance Reports for this device, select the baseline compliance profile to use.

   The drop-down list includes all baseline compliance profiles in the system. For more details, see Customize baseline configuration profiles.

   To disable Baseline Compliance Report generation for this device, select None.

   Close ⌃
   Route Collection

   Specify how AFA should acquire the device's routing information:

   • Automatic. AFA will automatically generate the device's routing information upon analysis or monitoring.

   • Static Routing Table (URT). AFA will take the device's routing information from a static file you provide. For details, see Specify routing data manually.

   Close ⌃
   Log Collection and Monitoring

   Define the following as needed:

   Log collection method	Specify the log collection method that AFA should use when collecting audit logs for the F5 load balancer, by selecting one of the following: Extensive (Default): Not applicable. Intelligent Policy Tuner (IPT) is not available for F5 devices. Standard: Use Syslog data for the Change History report page. IPT is disabled. None. Disables the other Log Collection and Monitoring fields. Note: This device type supports audit logs only.
   Syslog-ng server	If you selected Standard or Extensive in the Log collection method field, you must specify the syslog-ng server. For details, see Specify a Syslog-ng server.
   Additional firewall identifiers	Enter any additional IP addresses or host names that identify the device. When adding multiple entries, separate values by a colon (:). For example: 1.1.1.1:2.2.2.2:ServerName. This is relevant when the device is represented by multiple or non-standard device identifiers in the logs, for example, in cases of firewall clusters or non-standard logging settings. If AFA receives logs with an identifier it does not recognize, the logs will not be processed. Note: This field is only relevant for the parent device, and not for sub-systems. For more details, see Add additional device identifiers for sub-systems
   Log collection frequency (minutes)	Enter the interval of time in minutes, at which AFA should collect logs for the device. The default value is 60.

   Close ⌃
   Options

   Real-time change monitoring	Select this option to enable real-time alerting upon configuration changes. For more details, see Configure real-time monitoring.
   Set user permissions	Select this option to set user permissions for the device.

   Close ⌃

4. If you selected Set user permissions, the Edit users dialog box appears.

   In the list of users displayed, select one or more users to provide access to reports for this account.

   To select multiple users, press the CTRL button while selecting.

   Click OK to close the dialog.

A success message appears to confirm that the device is added.

Back to top