F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Device
  4. BIG-IQ Device, 4.4.0
Release Notes : BIG-IQ Device, 4.4.0

Applies To:

Show Versions Show Versions

BIG-IQ Device

  • 4.4.0
Release Notes
Original Publication Date: 02/24/2015 Updated Date: 04/18/2019

Summary:

This release note documents version 4.4.0 of BIG-IQ Device.

Contents:

Product description

As a network administrator, you can use BIG-IQ Device to centrally manage multiple physical and virtual BIG-IP devices. This management includes pool and utility license management, software image installation, back up and restoration of UCS files, and back up and restoration of specific configuration files to one or more BIG-IP devices. BIG-IQ Device also helps you with device inventory tasks by keeping you apprised of every detail about your managed devices, including health, and provides you with the infrastructure to use SNMP to manage system events and send email alerts.

Screen resolution requirement

To properly display, the BIG-IQ system requires that your screen resolution is set to 1280x1024 or higher.

Browser support

BIG-IQ Device supports the following browsers and versions:

  • Microsoft Internet Explorer version 9 and later
  • Mozilla Firefox version 29.x and later
  • Google Chrome version 34.x and later

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IQ 4.4.0 Documentation page.

Software installation

For procedures about specifying network options and performing initial configuration, refer to the BIG-IQ System: Licensing and Initial Configuration guide.

Upgrading BIG-IQ Device

Before you can upgrade the BIG-IQ system, you must perform the following tasks:

  • Download the .iso file for the upgrade from F5 Downloads to /shared/images on the BIG-IQ system. If you need to create this directory, use the exact name /shared/images.
  • Select a disk volume on which to install the upgrade. You must install the BIG-IQ software on an available volume.
  • Locate the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to another system for safe keeping.
Warning: These procedures require that the BIG-IQ system is temporarily unavailable and unable to manage BIG-IP devices until the upgrade is complete. BIG-IP devices can continue to manage traffic during this time.

If you have configured the BIG-IQ system in a high availability cluster, perform these steps on each BIG-IQ system in the cluster in immediate succession. It is important to get the cluster members on the same software version as quickly as possible to avoid potential user experience issues.

For specific instructions about upgrading the BIG-IQ system, refer to the BIG-IQ System: Licensing and Initial Configuration guide.

New features

BIG-IP Upgrades

You can use BIG-IQ Device to centrally upgrade BIG-IP devices running version 10.2.0 and later.

BIG-IP Image Deployment

From BIG-IQ Device, you can centrally deploy BIG-IP system configurations to hardware or virtual machines located in your local network or in VMware, OpenStack, or Amazon cloud environments.

BIG-IP License Management

BIG-IQ Device now includes utility licensing features. This include support for various billing options, support for license grants, or seat licences, in addition to usage reporting.

BIG-IP Cluster Display

You can now view clustering information for managed devices. This includes trust domains, sync groups, and failover groups.

3rd-Party Authentication Support

BIG-IQ Device now supports RADIUS and LDAP authentication.

Role-Based Access Control

Administrators can now control access to managed device functionality through BIG-IQ Device based on specific roles.

Bulk Discovery

You can configure BIG-IQ Device to discover multiple BIG-IP devices in one task, as opposed to discovering them individually.

BIG-IQ Active-Active Configuration

You can configure BIG-IQ systems in an active-active, high availability (HA) configuration, ensuring immediate configuration synchronization on peer devices. This provides failover protection in the event that if a BIG-IQ system in an active-active HA configuration fails, a peer BIG-IQ system takes over the device management.

Fixes

Issue Description
ID 467656 OpenSSL is being updated to fix CVE-2014-0221 CVE-2014-0195. Customer who have configured DTLS clients, are no longer vulnerable.
ID 457400 Previously, if you inadvertently added a space after the IP address when searching for an IP address, the search failed. Now, the BIG-IQ system removes any leading and trailing spaces from the address so the search is successful.
ID 452608 When it synchronizes with a new peer, the BIG-IQ system no longer removes user accounts that do not exist on both devices configured in a high availability configuration.
ID 450883 The user interface no longer becomes unstable when you drag a user from the User panel to another panel.
ID 450879 Deleted roles no longer continue to display in the Roles panel.
ID 449991 When the source port and destination port are the same, traffic (such as NTP) initiated from the (NTP) host service is no longer occasionally dropped for the BIG-IQ 7000 platform.
ID 449969 Previously, if you selected the Update Framework On Discovery check box when adding a new device, the discovery process sometimes failed, and the BIG-IQ system might have returned an HTTP error. This issue has been resolved and discovery process now works as designed.
ID 449921 SMTP now properly generates alerts when you correct the SMTP Server Host setting (by clicking System > Overview > SMTP Config).
ID 449460 After you discover multiple devices at once, the Device Properties screen now properly displays the selected device's properties.
ID 440806 Selecting the "Auto update framework" check box when discovering devices running BIG-IP version 11.5.0 now prompts the BIG-IQ system to automatically update the REST framework as required.
ID 425314 If device discovery fails, the BIG-IQ system now prompts you to retry discovery, rather than returning a "(0)null" error message.

Known issues

Issue Description Workaround (if available)
ID 509028 When a BIG-IP Device Cluster is used with the F5 HNV Gateway Provider Plugin, and one device is unavailable, the F5 HNV Gateway Provider Plugin cannot apply configuration updates to the remaining devices.
ID 483739 Deployment jobs (Apply Config, Upgrade Software, License Device) work only for devices in the Managed BIG-IPs group. You cannot create a deployment job for devices in any other group and an Upgrade Legacy Device deployment works only for users who have access to the Managed BIG-IPs group.
ID 482453 Multiple vulnerabilities in the bash binary have been fixed, including CVE-2014-6271 CVE-2014-7169 CVE-2014-7187 CVE-2014-7186 CVE-2014-6277 CVE-2014-6278. The CVSS score for CVE-2014-6271 is 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C). This vulnerability may allow an attacker to remotely execute code on a system behind a firewall.
ID 480423 Pop up text does not appear properly in Google Chrome version 37 because of changes in the browser's software. To work around this issue, use Microsoft Internet Explorer version 9.0.x or later or Mozilla Firefox, 26.x or later.
ID 475924 You cannot delete an IPv6 self IP address from the Self IP Addresses panel. To work around this issue, delete the IPv6 self IP address using the API using the URI /mgmt/tm/cloud/net/self to find the address.
ID 475766 A BIG-IQ system in a high availability group might provide only a warning status for an unhealthy peer (displaying a yellow triangle in the BIG-IQ Systems panel) with no additional information supplied.
ID 475324

You cannot use the /usr/sbin/f5ad-create-config script to copy a configuration of a BIG-IP system on appliance mode, due to a strict requirement for SSH access.
ID 474096 You cannot access the BIG-IQ system's user interface using Mozilla Firefox version 31. This issue is caused because of security changes in Firefox. You can view more specific information here: https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/ . This workaround has security implications. To work around this issue: 1) Type about:config in the navigation bar of the Firefox browser. 2) Double-click the "security.use mozillapix verification" option to set it to false.
ID 468310 If you configure a user account with multiple attributes on the RADIUS server (such as Class <value>), BIG-IQ system returns an error when that user attempts to log in. To resolve this issue, edit the configuration file on the RADIUS server so the user account has only a single instance of each specific attribute name.
ID 440333 If you delete a BIG-IQ peer from a high availability active-active pair, then add the same BIG-IQ system back to the same (or to another) high availability pair, data between the devices no longer synchronizes. After you delete a BIG-IQ system from a high availability active-active pair, create a backup on the BIG-IQ system. Then reset the system to factory settings by typing the following command on that BIG-IQ system: bigstart stop restjavad && rm -rf /var/config/rest && bigstart start restjavad. Then, you can add it as a new backup in a high availability pair, and they properly synchronize.
ID 437741 If you do not discover managed BIG-IP devices from the BIG-IQ system using a self IP address on the VLAN named internal, the BIG-IP device BIG-IP restjavad.0.logs the following message every minute: [8100/shared/identified-devices IdentifiedDevicesWorker][failed] java.net.ProtocolException: Status code:401 To work around this issue, you must configure an internal VLAN and self IP address for the BIG-IQ system and all managed devices.
ID 435629 When two BIG-IQ 7000 Platform devices are configured in a high availability pair, communication may only work in one direction between the two devices. This is exhibited by the following behavior: Device A is marked as standby, and reports its peer as active. Device B is marked as active, and reports its peer as down. When this occurs, high availability functionality does not work correctly. Device B will always assume Device A is down, so it will always remain active. To work around this issue, re-initialize the certificates. If resetting the configuration to factory settings is an option, type the following commands on each device: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*; rm -rf /var/config/rest/storage; rm -rf /var/config/rest/index/; bigstart start restjavad . If you cannot clear the configuration, perform the following steps on each device: 1) On the High Availability panel, delete the HA peer, and associated devices. 2) From the command line, type the following command to delete the local device: curl -X DELETE http://localhost:8100/shared/resolver/device-groups/cm-shared-all-big-iqs/devices . 3) To remove the existing certificates and restart the service, type the following commands on each device: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*;bigstart start restjavad .
ID 431398 While booting, the BIG-IQ system may display the following warning in the console or logs: "SKIPPING unix_config_httpd: /defaults/config/templates/xui.tmpl doesn't exist!!!" This message has no impact on the BIG-IQ system's functionality. You can ignore this benign message.
ID 428383 When you use the search field to filter for a number or phrase associated with a particular BIG-IP device, you might get some unexpected results. This occurs because BIG-IQ Device filters on all fields, not just those displayed in the Devices panel.

Removing BIG-IQ system services from a BIG-IP device

To manage a BIG-IP device using the BIG-IQ system, you must install specific BIG-IQ system components onto that device using the procedure outlined in the BIG-IQ Device: Device Management guide. In the event that you have to remove these services for any reason, use this procedure.
  1. Log in to the command line of the BIG-IP device.
  2. Stop any running BIG-IQ system services.
    Note: The msgbusd service might not be installed. You can use the bigstart status command to see if it is running.

    $ bigstart stop restjavad

    $ bigstart stop msgbusd

  3. Remove the RPM packages related to the BIG-IQ system.

    mount -o remount,rw /usr

    rpm -qa | grep f5-rest-java | xargs rpm -e --nodeps

    rpm -qa | grep msgbusd | xargs rpm -e  --nodeps

    mount -o remount,ro /usr

    This removes, from the BIG-IP device, the BIG-IQ system components, including the F5-contributed cloud connector iApp template (cloud_connector.tmpl).

  4. Optional: Reinstall the F5-contributed cloud connector iApp template:
    1. Download the cloud_connector.tmpl iApp template from F5 DevCentral, https://devcentral.f5.com/wiki/iApp.Cloud_Connector_iApp_Template.ashx.
      Note: You need an account to access the DevCentral site.
    2. Unzip the file, and on the BIG-IP system, upload it to the /var/local/app_template directory.
    3. Install the template with this command: tmsh load / sys application template cloud_connector.tmpl

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

How to Contact F5 Support or the SOC

You can contact a Network Support Center as follows:

You can manage cases online at F5 WebSupport (registration required). To register email CSP@F5.com with your F5 hardware serial numbers and contact information.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.

Legal notices

Copyright © 2014-2015, F5 Networks, Inc. All rights reserved.

For a current list of F5 trademarks and service marks, click here. All other product and company names herein may be trademarks of their respective owners.

Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information