Original Publication Date: 02/24/2015
This release note documents version 4.4.0 of BIG-IQ Device.
As a network administrator, you can use BIG-IQ Device to centrally manage multiple physical and virtual BIG-IP devices. This management includes pool and utility license management, software image installation, back up and restoration of UCS files, and back up and restoration of specific configuration files to one or more BIG-IP devices. BIG-IQ Device also helps you with device inventory tasks by keeping you apprised of every detail about your managed devices, including health, and provides you with the infrastructure to use SNMP to manage system events and send email alerts.
To properly display, the BIG-IQ system requires that your screen resolution is set to 1280x1024 or higher.
BIG-IQ Device supports the following browsers and versions:
For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IQ 4.4.0 Documentation page.
For procedures about specifying network options and performing initial configuration, refer to the BIG-IQ System: Licensing and Initial Configuration guide.
Before you can upgrade the BIG-IQ system, you must perform the following tasks:
If you have configured the BIG-IQ system in a high availability cluster, perform these steps on each BIG-IQ system in the cluster in immediate succession. It is important to get the cluster members on the same software version as quickly as possible to avoid potential user experience issues.
|ID 467656||OpenSSL is being updated to fix CVE-2014-0221 CVE-2014-0195. Customer who have configured DTLS clients, are no longer vulnerable.|
|ID 457400||Previously, if you inadvertently added a space after the IP address when searching for an IP address, the search failed. Now, the BIG-IQ system removes any leading and trailing spaces from the address so the search is successful.|
|ID 452608||When it synchronizes with a new peer, the BIG-IQ system no longer removes user accounts that do not exist on both devices configured in a high availability configuration.|
|ID 450883||The user interface no longer becomes unstable when you drag a user from the User panel to another panel.|
|ID 450879||Deleted roles no longer continue to display in the Roles panel.|
|ID 449991||When the source port and destination port are the same, traffic (such as NTP) initiated from the (NTP) host service is no longer occasionally dropped for the BIG-IQ 7000 platform.|
|ID 449969||Previously, if you selected the Update Framework On Discovery check box when adding a new device, the discovery process sometimes failed, and the BIG-IQ system might have returned an HTTP error. This issue has been resolved and discovery process now works as designed.|
|ID 449921||SMTP now properly generates alerts when you correct the SMTP Server Host setting (by clicking System > Overview > SMTP Config).|
|ID 449460||After you discover multiple devices at once, the Device Properties screen now properly displays the selected device's properties.|
|ID 440806||Selecting the "Auto update framework" check box when discovering devices running BIG-IP version 11.5.0 now prompts the BIG-IQ system to automatically update the REST framework as required.|
|ID 425314||If device discovery fails, the BIG-IQ system now prompts you to retry discovery, rather than returning a "(0)null" error message.|
|Issue||Description||Workaround (if available)|
|ID 509028||When a BIG-IP Device Cluster is used with the F5 HNV Gateway Provider Plugin, and one device is unavailable, the F5 HNV Gateway Provider Plugin cannot apply configuration updates to the remaining devices.|
|ID 483739||Deployment jobs (Apply Config, Upgrade Software, License Device) work only for devices in the Managed BIG-IPs group. You cannot create a deployment job for devices in any other group and an Upgrade Legacy Device deployment works only for users who have access to the Managed BIG-IPs group.|
|ID 482453||Multiple vulnerabilities in the bash binary have been fixed, including CVE-2014-6271 CVE-2014-7169 CVE-2014-7187 CVE-2014-7186 CVE-2014-6277 CVE-2014-6278. The CVSS score for CVE-2014-6271 is 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C). This vulnerability may allow an attacker to remotely execute code on a system behind a firewall.|
|ID 480423||Pop up text does not appear properly in Google Chrome version 37 because of changes in the browser's software.||To work around this issue, use Microsoft Internet Explorer version 9.0.x or later or Mozilla Firefox, 26.x or later.|
|ID 475924||You cannot delete an IPv6 self IP address from the Self IP Addresses panel.||To work around this issue, delete the IPv6 self IP address using the API using the URI /mgmt/tm/cloud/net/self to find the address.|
|ID 475766||A BIG-IQ system in a high availability group might provide only a warning status for an unhealthy peer (displaying a yellow triangle in the BIG-IQ Systems panel) with no additional information supplied.|
You cannot use the /usr/sbin/f5ad-create-config script to copy a configuration of a BIG-IP system on appliance mode, due to a strict requirement for SSH access.
|ID 474096||You cannot access the BIG-IQ system's user interface using Mozilla Firefox version 31.||This issue is caused because of security changes in Firefox. You can view more specific information here: https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/ . This workaround has security implications. To work around this issue: 1) Type about:config in the navigation bar of the Firefox browser. 2) Double-click the "security.use mozillapix verification" option to set it to false.|
|ID 468310||If you configure a user account with multiple attributes on the RADIUS server (such as Class <value>), BIG-IQ system returns an error when that user attempts to log in.||To resolve this issue, edit the configuration file on the RADIUS server so the user account has only a single instance of each specific attribute name.|
|ID 440333||If you delete a BIG-IQ peer from a high availability active-active pair, then add the same BIG-IQ system back to the same (or to another) high availability pair, data between the devices no longer synchronizes.||After you delete a BIG-IQ system from a high availability active-active pair, create a backup on the BIG-IQ system. Then reset the system to factory settings by typing the following command on that BIG-IQ system: bigstart stop restjavad && rm -rf /var/config/rest && bigstart start restjavad. Then, you can add it as a new backup in a high availability pair, and they properly synchronize.|
|ID 437741||If you do not discover managed BIG-IP devices from the BIG-IQ system using a self IP address on the VLAN named internal, the BIG-IP device BIG-IP restjavad.0.logs the following message every minute: [8100/shared/identified-devices IdentifiedDevicesWorker][failed] java.net.ProtocolException: Status code:401||To work around this issue, you must configure an internal VLAN and self IP address for the BIG-IQ system and all managed devices.|
|ID 435629||When two BIG-IQ 7000 Platform devices are configured in a high availability pair, communication may only work in one direction between the two devices. This is exhibited by the following behavior: Device A is marked as standby, and reports its peer as active. Device B is marked as active, and reports its peer as down. When this occurs, high availability functionality does not work correctly. Device B will always assume Device A is down, so it will always remain active.||To work around this issue, re-initialize the certificates. If resetting the configuration to factory settings is an option, type the following commands on each device: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*; rm -rf /var/config/rest/storage; rm -rf /var/config/rest/index/; bigstart start restjavad . If you cannot clear the configuration, perform the following steps on each device: 1) On the High Availability panel, delete the HA peer, and associated devices. 2) From the command line, type the following command to delete the local device: curl -X DELETE http://localhost:8100/shared/resolver/device-groups/cm-shared-all-big-iqs/devices . 3) To remove the existing certificates and restart the service, type the following commands on each device: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*;bigstart start restjavad .|
|ID 431398||While booting, the BIG-IQ system may display the following warning in the console or logs: "SKIPPING unix_config_httpd: /defaults/config/templates/xui.tmpl doesn't exist!!!"||This message has no impact on the BIG-IQ system's functionality. You can ignore this benign message.|
|ID 428383||When you use the search field to filter for a number or phrase associated with a particular BIG-IP device, you might get some unexpected results. This occurs because BIG-IQ Device filters on all fields, not just those displayed in the Devices panel.|
$ bigstart stop restjavad
$ bigstart stop msgbusd
mount -o remount,rw /usr
rpm -qa | grep f5-rest-java | xargs rpm -e --nodeps
rpm -qa | grep msgbusd | xargs rpm -e --nodeps
mount -o remount,ro /usr
This removes, from the BIG-IP device, the BIG-IQ system components, including the F5-contributed cloud connector iApp template (cloud_connector.tmpl).
For additional information, please visit http://www.f5.com.
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.