Original Publication Date: 02/13/2014
These release notes document the version 4.2.0 release of BIG-IQ Application Security Manager (ASM). You can use ASM policies to filter network packets based on their Layer 7 settings.
BIG-IQ ASM enables enterprise-wide management and configuration of multiple BIG-IP devices from a central management platform. You can centrally manage BIG-IP devices and security policies, and import policies from those devices.
BIG-IQ ASM supports the following browsers and browser versions:
BIG-IQ ASM runs as a virtual machine in specifically-supported hypervisors. After you set up your virtual environment, you can incorporate BIG-IQ ASM into your network as you would any other F5 Networks device. For more information, refer to the specific Setup and Getting Started guide appropriate for your individual platform.
For details about BIG-IQ ASM support for BIG-IP devices at various version levels, consult the BIG-IQ Compatibility Matrix solution note:
$ bigstart stop restjavad
$ bigstart stop msgbusd
mount -o remount,rw /usr
rpm -qa | grep f5-rest-java | xargs rpm -e --nodeps
rpm -qa | grep msgbusd | xargs rpm -e --nodeps
mount -o remount,ro /usr
This removes the BIG-IQ system components from the BIG-IP device.
Release 4.2.0 of BIG-IQ ASM enables enterprise-wide management and configuration of multiple BIG-IP devices from a central management platform. You can centrally manage BIG-IP devices and security policies, and import security policies from files on those devices.
From this central management platform, you can perform the following actions through a REST API:
|440828||No way to delete a virtual BIG-IP device created outside a BIG-IP cloud connector.
If a virtual BIG-IP device was created outside of the BIG-IQ system and later discovered by a BIG-IQ system, there is no way the BIG-IQ system can delete that virtual device. However, it will show up in the Devices panel under "virtual" and the user can create deployments with that device. The "delete node" deployment job in this case will fail.
|440639||The warning/rediscover icon sometimes persists after a successful discovery.
Consider a BIG-IP policy that was previously discovered and imported into a BIG-IQ system. If you then edit the BIG-IP policy at the BIG-IP interface, then go to the BIG-IQ interface and rediscover that policy, there is no need to discover the policy again. The policy is synchronized at both the BIG-IP and BIG-IQ systems. The issue is that the warning icon, indicating that the policy is out of sync, persists.
|436716||The BIG-IQ Security ASM GUI cannot discover a BIG-IP device using the device's IPv6 self-IP address.|
|437925||The URL for ASM will change in a future release.
The URL for ASM (when you select BIG-IQ Security -> ASM in the GUI) is currently hostname/ui/asm. In a later release, the URL will change to hostname/ui/security/asm. This issue does not present a functional problem.
For additional information, please visit http://www.f5.com.
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.