Original Publication Date: 01/04/2018
This release note documents version 5.4.0 of BIG-IQ Centralized Management.
You can now customize user access to managed devices, based on job responsibilities. This allows you to give specific permissions to view or modify only those BIG-IP objects you explicitly assign to a user.Pre- and post-upgrade backups for several managed devices at once
You can now create backups from BIG-IQ for one or more BIG-IP devices before and after you upgrade them.Change root and admin passwords for several managed devices at once
From BIG-IQ, you can change the root and/or admin passwords for one or more devices at the same time.Support for creating and running custom scripts for managed devices
From BIG-IQ, you can create custom scripts to run on your managed devices. For example, you could create a script that sets the DNS, NTP, host, and so forth for several of your managed devices.Custom application template catalog
You can create an application template catalog to help you rapidly deploy applications to multiple BIG-IP devices from BIG-IQ.Copy monitor and profiles
Standardizing BIG-IP applications is even easier because you can copy monitors and profiles from managed BIG-IP devices and deploy to other BIG-IP devices from BIG-IQ.Pool member management
Interact (view, enable, disable, force offline) with your BIG-IP pool members from a single screen..Licensing unmanaged devices
BIG-IQ can work through an orchestrator to create and install a license for unreachable or disconnected BIG-IP devices.Firewall packet tester
You can now determine from BIG-IQ how any packets will be handled by AFM for debugging and policy validation.Additional support for firewall NAT feature
BIG-IQ supports the firewall NAT feature introduced in BIG-IP version 12.0 and introduced NAT functionality in the firewall similar to a traditional firewall vendor with AFM- specific features (such as log throttling and customizable logging) for consistency with other AFM features.Support for send-to-virtual actions for firewall rules
BIQ-IQ now supports "send-to-virtual" action for firewall rules introduced in BIG-IP version13.0 across the device's life-cycle (discover/import, modification, deployment).Complete IP Intelligence configuration management support
You can now discover, import, modify IP Intelligence policies, global policies, blacklist category and feedlist through BIG-IQ. You can deploy policies if it is being used by a device-specific virtual server or route domain.UUID for rule/rulelist objects
You can now identify a specific firewall rule using a UUID (Universal Unique Identifier) with your existing tools for diagnostic, auditing, and compliance purposes.Add read/filter-only rule order for AFM rules
BIG-IQ now supports the ability to identify a rule within a firewall policy by "position" through the evaluation order within the policy, and the ability to go to a specific rule/position in a policy using that evaluation order number.Additional policy configuration support for Web Application Security policies
You can configure Web Application Security policies for protection against brute force attacks, as well as manage policy configuration settings for session tracking, CSRF protection, redirection protection, and server technologies. In addition, this release includes enhancements for policy configuration of sensitive parameters and of customizable response pages.Central Policy Builder support for Web Application Security
You can use the new Central Policy Builder feature in Web Application Security to aggregate suggestions for the same policy used by multiple BIG-IP devices into a central location. You can then manage (accept, ignore, delete) these suggestions from the BIG-IQ Centralized Management system and then deploy the resulting policy changes to all relevant devices. This is supported for BIG-IP devices version 13.1 or lateSupport for live update of signatures and engines for the Fraud Protection Service
You can use BIG-IQ Centralized Management to centrally manage and schedule deployments of the signature and engine files needed to keep your Fraud Protection Service infrastructure up-to-date. This allows you to avoid managing these updates individually on each BIG-IP device, as periodic changes are published by F5.Support for brute force configuration
You can now configure a BIG-IP device from BIG-IQ for protection against brute force attacks.Ability to create and delete Access Policies and Access Profiles
In addition to modifying, you can now create and delete Access Policies and Profiles from BIG-IQ.Retroactive application of transform rules to previously received alerts
You can apply new Fraud Protection Service transform rules received from the Security Operations Center (SOC) to alerts you received previously. This allows you to identify new trends due to advances in the transform rule set.Ability to create and delete Access Location Specific Objects
In addition to modifying, you can now create and delete Access Location Specific Objects (LSO) from BIG-IQ.Read-Only view of the main GSLB objects
You can now display properties for Global Server Load Balancing objects: Data Centers, Servers, Virtual Servers, Links, Pools and Wide IPs.Health Indicators for the main GSLB objects
You can now display the status (available, unavailable, offline, unknown) and reported reason, according to the configured monitors. Status is shown both per device and aggregated to the synch-group level.
To properly display, the BIG-IQ system requires that your screen resolution is set to 1280x1024 or higher.
BIG-IQ version 5.4.0 supports the following browsers and versions:
SOL14592: Compatibility between BIG-IQ and BIG-IP releases provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.
In general, this table outlines managed device compatibility:
|Functional Description||Minimum BIG-IP version||Maximum BIG-IP version|
|Upgrade - legacy devices||10.2.0||11.4.1|
|Upgrade - managed devices||11.5.0 HF7||13.1.0|
|Licensing - BIG-IP VE||11.5.0 HF7||13.1.0|
|Licensing - WebSafe||12.0.0||13.1.0|
|ADC management||11.5.1 HF4||13.1.0|
Depending on whether you are installing a new system or upgrading an existing one, the following documentation resources can help you get started with version 5.4.0.
For information about planning and installing BIG-IQ Centralized Management, refer to the Planning and Implementing an F5 BIG-IQ Centralized Management Deployment and BIG-IQ Centralized Management: Licensing and Initial Setup guide.
For instructions about how to upgrade from BIG-IQ version 5.x to 5.4 refer to the F5 BIG-IQ Centralized Management Upgrading version 5.x to BIG-IQ version 5.4 guide.
For information about setting up authentication and providing role-based user access to your users, refer to F5 BIG-IQ Centralized Management: Users, User Groups, Roles, and Authentication guide.
If your configuration uses logging nodes, data collection devices, or logging node or DCD clusters, please refer to one or more of the following guides:
This release note contains known issues found only in this release. Fixes included in this release are for known issues found in previous releases. This release note does not include known issues found in previous releases that are not yet fixed. For information about known issues in past releases, view the applicable release notes for those versions.
For a list of fixes, behavior changes, and known issues for this release, refer to the BIG-IQ 5.4.0 Release Information page.
$ bigstart stop restjavad
mount -o remount,rw /usr
rpm -qa | grep f5-rest-java | xargs rpm -e --nodeps
mount -o remount,ro /usr
This removes the BIG-IQ system components from the BIG-IP device.
|Phone - North America:||1-888-882-7535 or (206) 272-6500|
|Phone - Outside North America, Universal Toll-Free:||+800 11 ASK 4 F5 or (800 11275 435)|
|Fax:||See Regional Support for your area.|
For additional information, please visit http://www.f5.com.
You can contact the Anti-Fraud SOC as follows:
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.