Explore the F5 Big-IP Virtual Editions Deployed

From the Super-NetOps terminal, run the handy lab-info utility. Confirm that “MCPD is up, System Ready” for all three of your instances.

lab-info
Copy to clipboard
../../_images/1_mcp_up1.png

Attention

Do not attempt to reset the Big-IP password until MCPD is up, System Ready.

Initially, you can only login to an F5 Big-IP VE in AWS via SSH using an SSH key. You will have to enable admin and root password access. Invoke the reset-password utility with the IP address of each of your Big-IP VE’s as the argument. REPLACE THE x.x.x.x PLACEHOLDER WITH THE MANAGEMENT IP ADDRESSES OF YOUR THREE F5 BIG-IP VE’S. This will enable the admin account on all three of your Big-IP’s and change the password to the value of the shortUrl.

reset-password x.x.x.x
reset-password y.y.y.y
reset-password z.z.z.z
Copy to clipboard

Run terraform output and note the value of elb_dns_name.

terraform output
Copy to clipboard

Open a new tab in the Firefox browser. HTTP to elb_dns_name. Confirm the sample application is up.

../../_images/9_http_elb_site3.png

Open a new tab in the Firefox browser. HTTPS to the MGMT URL of BIG-IP Autoscale Instance. Don’t miss management port is :8443!

lab-info
Copy to clipboard

Attention

This lab makes use of insecure self-signed certificates. Bypass the warnings by clicking on “Confirm Security Exception”.

../../_images/2_cert_warning1.png

Login with Username: admin Password: value of shortUrl.

../../_images/3_https_login1.png ../../_images/4_https_waf1.png

Main => System => Resource Provision. Note an F5 WAF is provisioned for both LTM and ASM.

../../_images/5_waf_provisioned1.png

Main => Security => Application Security => Policies List. A starter “linux-low” policy has been deployed.

../../_images/6_waf_policy_11.png

Click on “Learning and Blocking” settings to see exactly what a “linux-low” policy consists of. This starter policy is often times imported in to Big-IQ for central management.

../../_images/7_waf_policy_21.png

Local Traffic => Virtual Server => Properties. A virtual server with a “catch-all” listener of 0.0.0.0/0 has been deployed.

../../_images/8_waf_virtual_server1.png

The “linux-low” security policy is attached to this virtual server.

../../_images/9_waf_policy_enabled1.png

From the Super-NetOps terminal run “lab-info” and copy the value for WAF ELB -> URL. Open a new browser tab and HTTPS to the WAF ELB URL. Your sample application is protected behind an F5 WAF.

../../_images/11_terraform_waf_url1.png ../../_images/12_https_waf1.png

Login to either Big-IP1 or Big-IP2. Main => iApps => Application Services. The Cross-AZ HA Big-IP has been deployed with the F5 AWS HA iApp.

../../_images/13_ha_iapp1.png