How to: Provision WAF, DNS, or Access modules for a managed BIG-IP Next instance

Disable or enable modules on your BIg-IP Next instance to manage the dedidated resources used on your instance.

When a managed BIG-IP Next instance is licensed for the Web Application Firewall (WAF) module is enabled by default.

Note: Review the impact of disabling or re-enabling a WAF module on an instance.


  • To manage BIG-IP Next instances, you must have Administrator or Instance Manager user credentials. Users with Application Manager and Auditor credentials have read-only access to all application service information. For more information about user roles, see How to: Assign standard roles to users.

  • You must disable all deployed WAF or Access application services to the instance if your are disabling the module. If any security policies are deployed, de-provisioning from the instance will fail.

  • You cannot provision DNS simultaneously with WAF or Access on the same instance. If either WAF or Access modules are provisions, and have active, deployed policies, DNS provisioning will fail. If neither WAF nor Access are provisioned, provisioning DNS will automatically disable WAF and Access modules.


  1. Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and click Infrastructure.

  2. Click the name of BIG-IP Next instance you want to disable WAF for.

  3. On the left, select Provision.
    The Provisioning screen opens.

  4. Deselect or select:

    1. The Enable WAF on this instance option.

    2. The Enable Access on this instance option.

    3. The Enable DNS on this instance option.

  5. Click Save.


The module provisioning is changed for the selected BIG-IP Next instance. You can re-enable Access or WAF modules if DNS is disabled.