BIG-IP Security Essentials

F5 Control-Plane Security Onion Lab Guide

Welcome to the BIG-IP Security Essentials lab guide.

This guide provides a structured, hands-on approach to securing the BIG-IP control plane (TMUI, SSH, iControl REST/SOAP, and related services) using a layered Outer → Middle → Core defense model.

The content is based on F5 security best practices, DevCentral guidance, and iHealth diagnostics, and is intended for use in lab, training, and operational hardening environments.

Audience

This guide is intended for:

• Network and security engineers

• Platform administrators

• Operations and hardening teams

• Training and lab participants

Learning Objectives

After completing this guide, you will be able to:

• Understand the BIG-IP control-plane security model

• Apply layered security controls using the Security Onion framework

• Implement enterprise authentication and protocol hardening

• Validate configurations using F5 iHealth diagnostics

• Establish continuous monitoring and response procedures

Getting Started

• Overview
• Roadmap
• iHealth Integration and Validation

Security Onion Modules

• Outer Layer – Boundary and Access Isolation
• Middle Layer – Authentication and Protocol Hardening
• Core Layer – Privilege, Survivability, and System Integrity

Operational Resources

• Operational Security Checklist
• References and Source Material