BIQ-IQ questions

Question

Hi team! I'm facing BIG-IQ for the first time and I have a couple question. Sorry for my english.1. Do I have to Re-Discover and Re-Import configuration every time if I change config on BIG-IP devices.2. What is the best practice for Making changes via BIG-IQ? Deploy it every time when I make changes (sounds stupid, I know)3. Can I do everything in BIG-IQ same as in BIG-IP? For the first it seems like I can't.3.1. Can i create traffic policies in BIG-IQ?3.2. I found that I can't remove traffic policy from virtual server in&nbsp;BIG-IQ. Why?3.3 I found that I can't apply ASM policy to virtual server in&nbsp;BIG-IQ. Why?4. I configured DCD to get events from BIG-IP with ASM. It works but i can't see request in events.&nbsp;I can only see fragments of them. There are example of fragment of request:GET /vulnerabilities/upload/ HTTP/1.1
Host: dvwa.com
User-Agent: Mozilla/5.0 (X11; UbuI hope the experts will help me deal with these issues.&nbsp;Thank you in advance!

paulius · Answer

Aantat I would not say I am well versed in the BIG-IQ but I can definitely shed some light on some of your questions.
1Q. Do I have to Re-Discover and Re-Import configuration every time if I change config on BIG-IP devices.1A. If you make changes on the BIG-IP itself you will have to re-import the configuration and make the BIG-IP as the configuration to trust when this sync occurs. It is easier to do a re-import and re-discover rather than just re-import.
2Q. What is the best practice for Making changes via BIG-IQ? Deploy it every time when I make changes (sounds stupid, I know)2A. I'm unsure if a best practice exists but if you make changes on the BIG-IQ you should absolutely push those changes to the BIG-IP if you want them to be in place.
3Q. Can I do everything in BIG-IQ same as in BIG-IP? For the first it seems like I can't.3A. You cannot. Some pieces or even entire sections of configuration from the BIG-IP cannot be configured under the BIG-IQ. An example that I know of is you cannot enable an F5 trunk through the BIG-IQ but you can set it up on the BIG-IP and then sync the BIG-IP configuration to the BIG-IQ.
As for the rest of your questions I would venture that they are all limitations of the BIG-IQ and would require making the change on the BIG-IP side and then syncing the configuration changes back to the BIG-IQ.

joshbecigneul · Answer

For #4, Double check that your ASM logging profile is using the higher size, which I believe is 64KB.

nikoolayy1 · Answer

Also BIG-IQ should ignore the configuration that it does not understand when the F5 BIG-IP config is imported in the BIG-IQ like F5 ASM/APM guided configurations having iruleslx/fast templates but be carefull.
&nbsp;
As Paulius mentioned some things like trunks can't be created on BIG-IQ but things like Declarative Onboarding (DO) can be used as an alternative.
&nbsp;
Also BIG-IQ has a scripting feature that can be used to push some config to a BIG-IP:
&nbsp;
https://techdocs.f5.com/en-us/bigiq-8-0-0/managing-big-ip-devices-from-big-iq/script-management.html
&nbsp;

aantat · Answer

Hi&nbsp;JoshBecigneul,Yeap, that helped to solve it. Thanks!&nbsp;I have last question about traffic policy. I didn't find any documentation about that. I assume that traffic policy not supported, but I can't find any docs on that&nbsp;&nbsp;

aantat · Answer

Thanks Paulius,I have last question about traffic policy. I didn't find any documentation about that. I assume that traffic policy not supported, but I can't find any docs on that 😞

Forum Discussion

BIQ-IQ questions

5 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

Health monitor question

F5 Connection Mirroring question

BIQ-IQ and API (CLI)

Novice Question - irules

Overlapped Networks Question