Deploy the BIG-IP

In Module 2 we will deploy the BIG-IP into the AWS VPC created in Module 1.

F5 publishes CFTs on a regular basis to Github.

Launch BIG-IP into existing VPC

We will use the instructor provided CFT to launch a BIG-IP into the VPC that already exists.

First, we need to create and save a key pair.

  1. In the AWS Management Console, navigate to EC2 and then under Network & Security to Key Pairs
  2. Click Create Key Pair and name it Student#-BIG-IP.
  3. Click Create and it will download the Student#-BIG-IP.pem file to your local machine. Be sure to keep track of this file as you will need it to access the BIG-IP later.
  4. You will need to change the permissions of the Student#-BIG-IP.pem key pair. On a MAC, open a terminal and go to the folder you saved the Student#-BIG-IP.pem key pair. To change the file permissions type:
chmod 400 Student#-BIG-IP.pem

Next, we’re ready to deploy the CFT.

  1. Go to: F5 Advanced WAF Cloud Formation Template
  2. At the Select Template page, ensure you are still in the same region where you created your VPC, note the template URL is already selected, and click Next.
  3. For Stack name enter a value of Student#-BIG-IP-CFT.
  4. In the VPC in the drop down, find your Student#-VPC-CFT (you may have to scroll down the list).
  5. For the Management Subnet AZ1 select Student#-VPC-CFT-MgmtSubnet.
  6. Similarly, for Subnet1 and Subnet2 assign the Student#-VPC-CFT-External Subnet and Student#-VPC-CFT-Internal Subnet subnets from the drop down.
  7. Ensure the BIG-IP Image Name is set to AWAF25Mbps.
  8. Ensure the AWS Instance Size is set to t2.large.
  9. For the SSH Key utilize the Student#-BIG-IP key in the drop down.
  10. In the Source Address(es) for Management Access, enter 64.251.121.0/24.
  11. in the Source Address(es) for Web Application Access (80/443) field, enter 0.0.0.0/0.
  12. Leave all other fields at default values and select Next.
  13. Leave all fields in the Options page at defaults and select Next.
  14. Review the settings, check the I acknowledge that AWS CloudFormation might create IAM resources box and click Create.
  15. Refresh the page to see the status of the deployment.
  16. Wait until the status of the CFT shows CREATE_COMPLETE.

Set the admin password for BIG-IP VE

To initially change the password for the BIG-IP management utility we need to connect via SSH and then modify the admin password.

  1. Navigate to EC2 -> Network Interfaces and filter for Student#-BIG-IP. Find Management interface of your BIG-IP instance . Note the IPv4 Public IP address for the Management interface.
../../_images/mgmt-public-ip.png

  1. You can connect using an SSH utility - make sure to use admin as the username (do not use root) and the Management IPv4 Public IP from the previous step. Use the Student#-BIG-IP.pem key pair you saved when you created the instance in Lab 1. For example:

    ssh -i Student#.pem admin@<IPv4-Public-IP>

  2. After connecting via SSH issue the command modify auth password admin - change the admin password to one that you will remember

  3. Save the password change by issuing the command save sys config

  4. You can now connect to the BIG-IP Web UI on HTTPS using the IPv4 Public IP for the Management interface (bypass the self-signed cert warning) and use the credentials admin/<password-from-step-4>

  5. Once logged in to the F5 management console click on System -> Resource Provisioning.

  6. Select ASM, Fraud Protection Service, and iRules Language Extensions (iRulesLX).

  7. Unselect LTM

  8. Click on Submit and then OK. The admin console will be inaccessible for a couple minutes as the new options are enabled.