Lab 1 – DDoS Hybrid Defender Setup

Estimated completion time: 45 minutes

Task 1 – Initial Set-up

  • Open a web browser and access supplied link.(Given at Location)
  • Login to the BIG-IP Configuration Utility via your preferred browser?


When you first power up a F5 DHD device you would go through the steps of Licensing and Provisioning. We have assigned the management IP, hostname, NTP and DNS servers. You will be re-activating the license using a new license key.

  • On the System > Platform page configure the following, and then click Update.

    Host Name <your name>
    Root Account (Password and Confirm) f5DEMOs4u
    Admin Account (Password and Confirm) f5DEMOs4u
  • This will log you out. Log back in

  • On Device Management->Devices select the device and then click “Change Device Name…”. Update the device name to match the hostname you have chosen. Retain Current Authority

  • Click Update to save changes

  • Review and Verify the following: System -> Configuration -> Device -> NTP page add to the Time Server List, and then click Update.

  • Review and Verify the following: System -> Configuration -> Device ->DNS page add to the DNS Lookup Server List, and then click Update.

  • Open the System > License page and re-activate the BIG-IP system using the new development license key using Manual mode. Copy and Paste License file.


  • Click Next and explore Resource Provisioning page


The above task ensures that you are using a purpose built DDoS Hybrid Defender. If you are familiar with other F5 Modules/Technology that you have used in the past, you will notice that we have none of those provisioned.

  • When done click Submit.

  • Access the Jumbox via RDP. PuTTY into the Hybrid Defender. Login with root and restart services

    bigstart restart

Take a break, ask questions, talk to your neighbor will take several minutes to restart


You MUST re-activate, even if the current license key hasn’t expired. For Silverline access each BIG-IP system must use a unique license key.

Task 2 – DDoS Hybrid Defender iApp and Base Configuration

  • In the BIG-IP Configuration Utility, open DoS Protection > Quick Configuration page.

  • Select Install RPM method of Onboard

  • Click Install


  • Open the About page


  • This page displays the current version of DDoS Hybrid Defender (DHD). You use this page to install and update the iApp LX version for DHD when newer versions are released.


  • In the BIG-IP Configuration Utility, click iApps, Templates and Import, importing the two templates located on the jumpbox documents folder.


  • Use the Browse and Upload buttons. (You will do this once for each template)

  • In the BIG-IP Configuration Utility, open iApps > Application Services and select Create


  • You will be creating two services based on the two Silverline Templates:

    • F5.silverline_connector
    • F5.silverline_dos_monitor


  • Use the default settings for the Silverline connector

  • Use the Silverline username and password supplied


This is case sensitive – make sure email address is all lowercase



  • Create the 2nd service for the Silverline DOS Monitor (f5.silverline_dos_monitor)


  • Use the default settings for the dos_connector except for Volumetric Attack Event Monitoring, switch the network object from interface to VLAN.


  • Open the DoS Protection > Quick Configuration Network Configuration page.


  • In the Default Network section click default VLAN.

  • Configure the VLANs using following information, and then click Done Editing.

    Internal: VLAN Tag 20
    Internal: Interfaces 1.2 Untagged
    Internal: IP Address / Mask (Click Add)
    External: VLAN Tag 10
    External: Interfaces 1.1 Untagged (Click Add)


  • At the bottom of the page click Update to create the default network.

  • Open the Network > VLANs > VLAN Groups page and click defaultVLAN.

  • A Bridged (VLAN Group) L2 configuration consistent recommended practices for most deployments was automatically created

  • Open the Network > DNS Resolvers > DNS Resolver list page and click Create.

  • Enter default_DNS_resolver and then click Finished.

  • A DNS resolver is required by bot signatures to allow for proper detection of benign search engines such as Google and Bing.

  • On the Jumpbox desktop, PuTTY to the BIG-IP

  • Login as root

  • Verify DNS by typing the following


  • Type the following to verify the correct date setting:


  • If the BIG-IP system date is not accurate, correct it using the following commands:

    bigstart stop ntpd
    bigstart start ntpd

Task 3 – Configure Silverline Signaling

  • In the BIG-IP Configuration Utility, open the DoS Protection > Quick Configuration page.

  • Open the Silverline page.


  • Configure using following information, and then click Update.

    Password HybridDefense!Wins!
    Service Address
  • Register the device with the Silverline iApp, to provide bandwidth utilization updates in iApps->Application Services->Applications->silverline_connector. In the iApp, select Reconfigure and then click Finished. This will cause the iApp to register under the new device name.

  • Use a web browser and access

  • Log in with the above credentials

  • In the Silverline browser, open the Config->Hybrid Configuration->Hybrid Device Management page.


  • Locate your DHD device by searching for (<your name prefix> .

  • Click the Approve button to approve device registration.



For Silverline device registration to function properly there must be some specific considerations. The BIG-IP system must have a unique device ID, which is comprised of attributes like Base MAC and registration key. In Ravello and similar virtual environments the Hybrid Defender VE must be re-licensed uniquely each time.

Task 4 – Configure DHD Device Bandwidth Thresholds

  • In the DoS Protection > Quick Configuration page, open the

    Protected Objects page.

  • In the Network Protection section click Create.

  • Configure using following information, and then click Save.

    Maximum Bandwidth: Specify 500
    Scrubbing Threshold: Type Percentage
    1.20Scrubbing Threshold: Value 75
    Advertisement Method Silverline
    Scrubber Details: Type Advertise All


  • That completes the setup for BIG-IP DDoS Hybrid Defender with Silverline integration.