Applies To:

Show Versions Show Versions

Release Note: BIG-IQ ASM, 4.2.0
Release Note

Original Publication Date: 02/13/2014

Summary:

These release notes document the version 4.2.0 release of BIG-IQ Application Security Manager (ASM). You can use ASM policies to filter network packets based on their Layer 7 settings.

BIG-IQ ASM enables enterprise-wide management and configuration of multiple BIG-IP devices from a central management platform. You can centrally manage BIG-IP devices and security policies, and import policies from those devices.

Contents:

- User documentation for this release
- Browser support
- Software installation
- Support for BIG-IP devices
- Removing BIG-IQ system services from a BIG-IP device
- New features
- Known issues
- Contacting F5 Networks
- Legal notices

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IQ Security 4.2.0 Documentation page.

Browser support

BIG-IQ ASM supports the following browsers and browser versions:

  • Microsoft Internet Explorer version 9
  • Mozilla Firefox, 22.x or later
  • Google Chrome 27.x or later

Software installation

BIG-IQ ASM runs as a virtual machine in specifically-supported hypervisors. After you set up your virtual environment, you can incorporate BIG-IQ ASM into your network as you would any other F5 Networks device. For more information, refer to the specific Setup and Getting Started guide appropriate for your individual platform.

Support for BIG-IP devices

For details about BIG-IQ ASM support for BIG-IP devices at various version levels, consult the BIG-IQ Compatibility Matrix solution note:

http://support.f5.com/kb/en-us/solutions/public/14000/500/sol14592.html

Removing BIG-IQ system services from a BIG-IP device

To manage a BIG-IP device using the BIG-IQ system, you must install specific BIG-IQ system components onto that device using the procedure outlined in BIG-IQ System: Licensing and Initial Configuration. If you have to remove these services for any reason, use this procedure.
  1. Log in to the command line of the BIG-IP device.
  2. Stop any running BIG-IQ system services.
    Note: The msgbusd service may not be installed. You can use the bigstart status command to see if it is running.

    $ bigstart stop restjavad

    $ bigstart stop msgbusd

  3. Remove the RPM packages related to the BIG-IQ system.

    mount -o remount,rw /usr

    rpm -qa | grep f5-rest-java | xargs rpm -e --nodeps

    rpm -qa | grep msgbusd | xargs rpm -e  --nodeps

    mount -o remount,ro /usr

    This removes the BIG-IQ system components from the BIG-IP device.

New features

Release 4.2.0 of BIG-IQ ASM enables enterprise-wide management and configuration of multiple BIG-IP devices from a central management platform. You can centrally manage BIG-IP devices and security policies, and import security policies from files on those devices.

From this central management platform, you can perform the following actions through a REST API:

  • Import ASM policies from files.
  • Import ASM policies from discovered devices.
  • Distribute policies to devices.
  • Export policies, including an option to export policy files in XML format.

Known issues

ID number Description Workaround
Automatic Provisioning
440828 No way to delete a virtual BIG-IP device created outside a BIG-IP cloud connector.

If a virtual BIG-IP device was created outside of the BIG-IQ system and later discovered by a BIG-IQ system, there is no way the BIG-IQ system can delete that virtual device. However, it will show up in the Devices panel under "virtual" and the user can create deployments with that device. The "delete node" deployment job in this case will fail.

 
Device
440639 The warning/rediscover icon sometimes persists after a successful discovery.

Consider a BIG-IP policy that was previously discovered and imported into a BIG-IQ system. If you then edit the BIG-IP policy at the BIG-IP interface, then go to the BIG-IQ interface and rediscover that policy, there is no need to discover the policy again. The policy is synchronized at both the BIG-IP and BIG-IQ systems. The issue is that the warning icon, indicating that the policy is out of sync, persists.

 
436716 The BIG-IQ Security ASM GUI cannot discover a BIG-IP device using the device's IPv6 self-IP address.  
GUI
437925 The URL for ASM will change in a future release.

The URL for ASM (when you select BIG-IQ Security -> ASM in the GUI) is currently hostname/ui/asm. In a later release, the URL will change to hostname/ui/security/asm. This issue does not present a functional problem.

 

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.

Legal notices

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)