Getting Started

Starting the Lab

Once you connect to the UDF course portal, you will land on the Documentation tab where you can find the link to the lab guide.

Once you have the lab guide open, click on the Deployment tab to access the various systems in the lab.


In order to complete this lab, you will find 2 ways to access the different systems in this lab.

  1. Going directly to the BIG-IQ CM or BIG-IP TMUI or WEB SHELL/SSH (RECOMMENDED).

    To access the BIG-IQ directly, click on the ACCESS button under BIG-IQ CM and select TMUI. The credentials to access the BIG-IQ TMUI are david/david and paula/paula as directed in the labs.


    To ssh into a system, you can click on WEB SHELL or SSH (you will need your ssh keys setup in the lab environment for SSH).

    You can also click on DETAILS on each component to see the credentials (login/password).

  2. From the lab embeded Google Chrome browser.

    In your lab deployment, click on the ACCESS button of the Ubuntu Lamp Server system and click on Google Chrome.

    You can also use XRDP as an alternative, click on the resolution that works for your laptop. When the RDP session launches showing Session: Xorg, simply click OK, no credentials are needed. Modern laptops with higher resolutions you might want to use 1440x900 and once XRDP is launched Zoom to 200%.


BIG-IQ User Interface

Once you connect to BIG-IQ, you can navigate in the following tabs:

  • Applications - Application Management (Legacy, AS3) and Cloud Environment
  • System - Manage all aspects for BIG-IQ and DCDs.
  • Devices - Discover, Import, Create, Onboard (DO) and Manage BIG-IP devices.
  • Deployment - Manage evaluation task and deployment for Configuration Management (none AS3)
  • Configuration - ADC and Security Object Management (ASM, AFM, APM, DDOS, SSLo config/monitoring)
  • Monitoring - Event collection per device, statistics monitoring, iHealth reporting integration, alerting, and audit logging.


Manage SSH Keys


You can also use the Web Shell to get to the system’s terminals of this lab (if you use the Web Shell, login as f5student first: su - f5student)

  1. Generate Key pair

If you do not have an existing key pair that you wish to use for access to UDF components, you’ll need to generate a new public / private key pair. On OSX or Linux, this can be done using the ssh-keygen utility:

ssh-keygen -t rsa -b 4096

Follow the prompts to specify the location where the public and private keys will be stored, and to specify a passphrase (if desired).

  1. Configure SSH Client

Configure your SSH client to use your private key to authenticate when connecting to the UDF SSH endpoint. How to configure this will differ based on which client you use. Please refer to your client’s documentation for detail.

  1. Add Public Key to UDF

Log in to the UDF, under Tools, click on the link Manage SSH Keys.

Enter your public SSH key (typically generated with a .pub extension) and a name for it, then select Save.

  1. Connect via SSH

You’ll find the URL and port on your component’s Access Methods tab. It should look similar to this:


  • If using OSX or Linux, you can paste this command directly into your terminal.
  • If using Windows, you’ll use the noted URL and port to configure a PuTTY session.


Depending on your SSH configuration, you may additionally need to specify which public key to send. The UDF SSH handler only attempts to validate the first key sent.

SCP is similar to the above. The example below is from OSX. Note that the default SCP version on OSX uses -P instead of -p to specify port:

scp -P 47000 ubuntu-16.04.2-server-amd64.iso

API Rest Client in Visual Studio Code

In case you need to use an API Rest Client for this lab, follow instructions to use the REST Client for Visual Studio Code.

Lab Diagram


List of instances & Credentials

The following table lists the virtual appliances in the lab along with their credentials to use.

System Version Description Credentials
BIG-IQ CM 8.2 Using BIG-IQ, you can centrally manage your BIG-IP devices, performing operations such as backups, licensing, monitoring, and configuration management.
  • admin/purple123 (local)
  • david/david (RadiusServer)
  • paula/paula (RadiusServer)
  • paul/paul (RadiusServer)
  • olivia/olivia (RadiusServer)
  • larry/larry (RadiusServer)
BIG-IQ DCD 8.2 A data collection device (DCD) is a specially provisioned BIG-IQ system that you use to manage and store alerts, events, and statistical data from one or more BIG-IP systems. admin/purple123
BIG-IP Boston 16.1 HA Pair admin/purple123
BIG-IP Seattle 16.1 Standalone admin/purple123
BIG-IP Paris 14.1 Standalone admin/purple123
BIG-IP San Jose 15.1 Standalone admin/purple123
SSLo Service TAP and L3   Maximize infrastructure investments, efficiencies, and security with dynamic, policy-based decryption, encryption, and traffic steering through multiple inspection devices. ubuntu/purple123
Venafi Trust Protection 20.1 Manages, secures and protects keys and certificates, delivering an enterprise-grade platform that provides enterprise-wide security, operational efficiency and organizational compliance. venafi/Purple123@123
LAMP Server Ubuntu 19.04
  • Radius, TACAx (auth)
  • xRDP/Google Chrome direct access for User Remote Desktop
  • AWX/Ansible Tower
  • GitLab
  • Splunk
  • Application Servers (Hackazon, dvmw, f5 demo app, arcadia, juice shop)
  • Traffic Generator (HTTP, Access, DNS, Security)
  • Visual Studio Code
  • Samba


  • Management Network
  • External Network
  • Internal Network
  • SSLo Inline L3 IN Network
  • SSLo Inline L3 OUT Network
  • SSLo TAP Network
  • Docker Internal Network
  • AWS Internal Network
  • Azure Internal Network

Application Services already deployed in this lab

Applications Application Services BIG-IQ Template used IP/WideIP Location User Access
airport_security security_site18_seattle AS3-F5-HTTPS-WAF-external-url-lb-template-big-iq-default-v2 Seattle Paula
security_site16_boston AS3-F5-HTTP-lb-traffic-capture-template-big-iq-default-v1 Boston
security_fqdn AS3-F5-DNS-FADING-A-type-template-big-iq-default-v1 Boston
IT_apps backend_site24tcp AS3-F5-TCP-lb-built-in-profile-template-big-iq-v1 Seattle Paula Legacy App Service (no template used) Boston Legacy App Service (no template used) Seattle
finance_apps conference_site41https conference_site41ftp without AS3 template using API (https) (ftp) Seattle Paul
mail_site40https without AS3 template using API (https) Seattle
tax_site17access without AS3 template using API (https) Seattle

User Roles

Role Name AS3 Templates allowed Devices allowed Users
Administrator Role All All david marco
Security Manager All All larry chris
Application Creator AS3 Allow using AS3 without Template All olivia
Application Creator Cloud
  • AS3-F5-HTTP-lb-template-big-iq-default-v1
  • AS3-F5-TCP-lb-template-big-iq-default-v2
  • AS3-F5-HTTPS-WAF-existing-lb-template-big-iq-default-v1
All paul
Application Creator VMware
  • AS3-F5-DNS-FQDN-A-type-template-big-iq-default-v1
  • AS3-F5-HTTP-lb-template-big-iq-default-v1
  • AS3-F5-HTTP-lb-traffic-capture-template-big-iq-default-v1
  • AS3-F5-HTTPS-WAF-external-url-lb-template-big-iq-default-v2
  • AS3-F5-FastL4-TCP-lb-template-default-v2
  • AS3-F5-TCP-lb-built-in-profile-template-big-iq-v1
Boston BIG-IPs Seattle BIG-IP paula

Traffic Generation

The Ubuntu Jumphost in the lab environment has multiple cron jobs (run crontab -l to see all scripts used) that are generating traffic that populates the Monitoring tab and Application dashboard in BIG-IQ. Note you can also use to generate HTTP traffic toward a specific virtual IP address.

Below table shows the list of Virtual Servers and Backend *Web Applications Servers* where various type of traffic is being sent (check crontab config for more details).


Make sure the IP address on the external network is defined in lab environment on the BIG-IP external interface where you are deploying the application service or VIP.

Virtual IP addresses where the traffic generator send traffic to
HTTP clean traffic every 5 min,,,
HTTP bad traffic every 3 hours,,,
Access traffic (class 9),,,
DNS traffic (class 10),


IPs from to have a corresponding FQDN named from to

Backend Web Applications Servers

  • Port 21: ftp-server (ftpuser/ftpuser) on
  • Port 80: hackazon application (test_user/123456)
  • Port 8080: web-dvwa application (admin/password)
  • Port 8081: f5-hello-world application
  • Port 8082: f5-demo-httpd application
  • Port 8083: nginx application (delay 300ms loss 30% corrupt 30%)
  • Port 8084: arcadia finance (admin/iloveblue)
  • Port 8085: juice-shop (admin@juice-sh.op/admin123)


To run Kali Linux Docker Image: docker run -t -i kalilinux/kali-rolling /bin/bash (run apt-get update && apt-get install metasploit-framework -y after starting Kali Linux).

To connect to a docker instance: docker exec -i -t <container id or name> /bin/sh

3rd party authentication provider available on the Lamp Server:

  • ip:port:
  • SSL: Disabled
  • Bind User Distinguished Name: cn=read-only-admin,dc=example,dc=com
  • Bind User Password: password
  • User Bind Template: uid={username},dc=example,dc=com
  • Root Distinguished Name: dc=example,dc=com
  • Group Search Filter: (&(objectClass=groupOfUniqueNames)(cn={searchterm}))
  • Group Membership Filter: (&(objectClass=groupOfUniqueNames)(uniqueMember=uid={username},dc=example,dc=com))
  • Users:
  • ip:port:
  • secret: ciscotacacskey
  • Primary Service: shell
  • Encrypt: yes
  • Users: iosadmin/cisco, nxosadmin/cisco

Other services available on the Lamp Server:

Google Chrome
  • ip:port https
  • ip:port
Visual Studio Code
  • ip:port http
AWX (Ansible Tower)
  • ip:port http
  • ip:port http 7022 ssh
  • to be started manually following instructions in the lab
  • ip:port https
  • HTTP Event Data Collector port 8088
  • ip:port http
OWASP Zap Attack Proxy
  • ip:port http
  • ip:port
  • User: f5student/purple123
  • Domain: WORKGROUP
  • Storage Path: //

Once you are ready to start your BIG-IQ journey, go back to the BIG-IQ Test Drive Labs and start with the first Hands-On Lab.

If you are not following the BIG-IQ Test Drive labs, there are more labs to look at under BIG-IQ All Labs.