F5 BigIP LTM v11.5.3 Virtual Appliance HA Configuration - Part 1 - NETSEC


Learning, Sharing, Creating

Cybersecurity Memo

Saturday, April 2, 2016

F5 BigIP LTM v11.5.3 Virtual Appliance HA Configuration - Part 1

BIG-IP Virtual Edition (VE) is a version of the BIG-IP system that runs as a virtual machine. Supported modules include Local Traffic Manager, BIG-IP DNS (formerly Global Traffic Manager), Application Security Manager, Access Policy Manager, Application Acceleration Manager, Policy Enforcement Manager, Application Firewall Manager, and Analytics. BIG-IP VE includes all features of device-based BIG-IP modules running on standard BIG-IP TMOS, except as noted in release notes and product documentation. BIG-IP VE includes all features of device-based BIG-IP modules running on standard BIG-IP TMOS, except as noted in release notes and product documentation.
Note: The BIG-IP VE product license determines the maximum allowed throughput rate. To view this rate limit, you can display the licensing page within the BIG-IP Configuration utility.

There are some related posts in this site regarding F5 BigIP LTM configuration:
1. Download VE:

1.1 In a browser, open the F5 Support page (https://support.f5.com) or Downloads page (https://downloads.f5.com).

If you have not already logged in, you must log in with your F5 support id, not F5 id, before proceeding to next step.

1.2 On the Downloads Overview page, select Find a Download.The Select a Product line screen opens.

1.3 Under Product Line, select BIG-IP v12.x/Virtual Edition.The Select a Product Version and Container for BIG-IP V12.X/VIRTUAL EDITION screen opens. From the version list at the top of the screen, select the version number that you want to install. 

The screen lists the product containers for BIG-IP VE version you selected.
Under Name, select Virtual-Edition.


1.4 The first time you select an option, the Software Terms and Conditions screen opens. Otherwise, the Select a Download screen opens. If the End User Software License is displayed, read through it and then click I Accept
The Select a Download screen opens.
Download the BIG-IP VE file package ending with scsi.ova for Vmware ESXi environment or ide.ova for Citrix Xen environment.



2. Deploy VE

Check Virtual Edition and Supported Hypervisors Matrix before deployment.

2.1 Import into Vmware ESXi

Follow the screenshots to import OVA file into my lab environment Vmware ESXi 5.5. This lab are using default settings for CPU, Memory and Hard drive.



Note: If Memory of VE is  4 GB or less

The following guidelines apply to VE guests provisioned with 4 GB or less of memory.
  • No more than two modules may be configured together.
  • AAM should not be provisioned, except as Dedicated.

Network Settings are most critical parts for your VM environment.
Network adapter 1 - > F5's Management NIC  - > ESXi's VM Internet network.
Network adapter 2 - > F5's Internal NIC          - > ESXi's VM DMZ network
Network adapter 3 - > F5's External NIC         - > ESXi's VM Internal network
Network adapter 4 - > F5's HA NIC                 - > ESXi's VM LAN1

You will find topology with IP address details in next post:

2.2  Import into Citrix Xen
Similar steps in Citrix Xen server environment. Here are some screenshots from Citrix Xen Center:




2.3 Start Virtual Appliance:

Note: If your VM is stuck at "grub loading stage 2" , you may need to add a serial port on your VM configuration. 

3. Management Configuration

Log in as root with default as password for cli:

login as: root
Using keyboard-interactive authentication.
Last login: Fri Apr  1 07:47:22 2016
[root@localhost:NO LICENSE:Standalone] config #
[root@localhost:NO LICENSE:Standalone] config # tmsh
root@(localhost)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# show sys version

Main Package
  Product  BIG-IP
  Version  11.5.3
  Build    2.10.196
  Edition  Engineering Hotfix HF2
  Date     Thu Sep 24 12:44:06 PDT 2015

Hotfix List
ID515139-4   ID516075-5   ID527649-1   ID534630-3   ID491771-1  ID497564-5
ID495702-3   ID454086-4   ID526419-2   ID525595-1   ID512383-4  ID517872-2

Change Management IP from default to your management zone ip

root@(localhost)(cfg-sync Standalone)(NO LICENSE)(/)(tmos.sys)# delete /sys management-ip

root@(localhost)(cfg-sync Standalone)(NO LICENSE)(/)(tmos.sys)# create /sys management-ip

root@(localhost)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# list /sys management-ip
sys management-ip { }
root@(localhost)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# list /sys management-route
sys management-route default {
    network default

Create a default route for management interface to

Log in Web GUI using admin/admin as username and password:


No comments:

Post a Comment