Forum Discussion
m1l0js
Nimbostratus
NimbostratusHelp with Setting up WAF in Guided Configuration - Route Configuration Issue
Hello F5 Community,
I’m trying to set up the WAF functionality using the UI on my F5 device (version BIG-IP 17.1.1.3 Build 0.0.5 Point Release 3) in a clustered environment. I’m going through the steps as follows:
Security -> Guided Configuration -> Web Application Protection -> Web Application Comprehensive Protection
When I attempt to use this guided configuration, a list of prerequisites appears. The primary issue seems to be that there are no routes configured, even though my DNS and NTP are set up. I don’t fully understand why route configuration is necessary for this WAF setup or what it should entail.
Additionally, if I try to bypass this warning and proceed with the deployment, I receive the following error message:
“Error: <IP> not discovered in any device-group.”
The F5 documentation doesn’t seem to cover this issue and I’m unsure how to resolve it.
Could anyone help clarify:
- Why is route configuration required for WAF in this scenario?
- How should I proceed with configuring the necessary routes, or is there a workaround?
If further information is needed, I’d be happy to provide it.
Thank you very much for any guidance or resources you can offer!
- welinton_trigueiro
Cirrus
Yes, it’s possible to bypass by simply ignoring the requirement and clicking 'Next.
The message 'Error: <IP> not discovered in any device-group' is not related to the existence of the route in your table. I've encountered similar issues where the Guided Configuration template was corrupted, requiring the package to be removed and reinstalled.
In the case of ASM, the package f5-iappslx-waf-app-comp-protection may be corrupted, requiring a reinstallation. This articlearticle provides a step-by-step guide to remove and reinstall it. When you unpack the tar.gz file, you’ll find the f5-iappslx-waf-app-comp-protection package. Just follow steps 7 to 10.
Here are more details about Guided Configuration V10 - https://techdocs.f5.com/kb/en-us/products/big-ip_apm/releasenotes/product/relnote-guided-config-10-0.html
- zamroni777
Nacreous
ip configs are in Network tab
dns configs are in System tab.L1-L7 configs are not in single wizard.
m1l0jsThank you for the response.
Just to clarify, I'm aware of where the route and DNS configurations are located in the F5 UI; that part isn’t the issue. My question is more about understanding why a route configuration is required specifically for the WAF setup in this scenario. The DNS and NTP settings are configured and operational, so I’m unclear on the necessity for a route here or what exactly it should accomplish in the context of WAF configuration.
Additionally, any guidance on what the route should entail or if there’s a way to bypass this requirement would be greatly appreciated. My primary goal is to ensure WAF is set up and functional without any unnecessary configurations, if possible.
Thanks for any insights you can share!
- zamroni777
the route that you configure when setting the management ip address is routing config for control plane.
meanwhile, the route in above gui is routing config for data plane, in which client side and server traffic will reside.
