F5® Distributed Cloud Services are SaaS-based solutions offering security, networking, and application management services that can be deployed across multi-cloud, on-premises, and edge locations. To forward F5 logs to DNIF via TLS, we'll use the Global Log Receiver service provided by F5 Distributed Cloud Services.
Prerequisites
- A valid F5 Account with the ability to configure the Global Log Receiver.
- A TLS connector enabled on the DNIF side. Click here for configuration details.
- Add the following IP ranges to your firewall’s allow list:
-
193.16.236.68/32
-
185.160.8.156/32
-
Capture the TLS Connector Certificate Details
Step A: Configure TLS Connector on DNIF
- On the PICO/AD side, from the Console, configure the TLS connector and set Client Authentication Enable to False.
Step B: Retrieve the Certificate Data
Execute the following command in the PICO/AD backend to capture the connector certificate details. The default path is -> /DNIF/<AD_or_PICO>/connectors/tls_connector/DNIF_TLS.crt.
cat <path_of_connector_file>
Configure Global Log Receiver on F5 Cloud Portal
Step 1: Add Global Log Receiver
- Log in to the F5 cloud portal.
- Navigate to the Global Log Receiver tab.
- Click on Add Global Log Receiver and select HTTP receiver under Receiver Configuration.
Step 2: Configure HTTP Receiver
Enter the PICO IP and port number in the HTTP URI field in the following format:
<IP_address>:<TLS_connector_port_number>
Step 3: Set Authentication
- Under Authentication, select None from the dropdown.
Step 4: Enable TLS
- Toggle the Show Advanced Fields option.
- In the TLS section, select Use TLS from the dropdown.
Step 5: Disable Certificate and Hostname Verification
- For Verify Server Certificate and Verify Server Hostname, select Skip to disable verification.
Step 6: Add Trusted CA Certificate
- Under Trusted CA, select Server CA Certificate.
- Paste the output of the certificate details captured in Step B.
Step 7: Finalize Configuration
- Disable mTLS.
- Click Save & Exit.