Applies To:

Show Versions Show Versions

Release Note: F5 DDoS Hybrid Defender 14.1.0-5.0
Release Note

Original Publication Date: 12/11/2018


This release note covers 14.1.0-5.0.


- Release Notes: F5 DDoS Hybrid Defender 14.1.0-5.0
- Platform support
- Browser support
- User documentation for this release
- New functionality by release
     - New in 14.1.0-5.0
- Known issues
- Installation overview
     - Installation checklist
     - Installing the software
     - Post-installation tasks
     - Installation tips
- Contacting F5 Networks
- Legal notices

Summary DDoS Hybrid Defender 14.1.0-5.0

These release notes document the DDoS Hybrid Defender version 14.1.0-5.0 release. You can apply the software upgrade to systems running software version 13.1.0 or later.

Release Notes: F5 DDoS Hybrid Defender 14.1.0-5.0

This release note documents the 14.1.0-5.0 release of F5 DDoS Hybrid Defender.

Platform support

This version of F5 DDoS Hybrid Defender runs on the following platforms.

Platform name Platform ID
i5800 C121*
i7800 C118*
i10800 C122*
i11800 C123*
VIPRION 4000 Series
  • F5-VPR-DDOS-B4450N
  • F5-VPR-DDOS-C4800-DCN
  • F5-VPR-DDOS-C4800-AC
  • F5-VPR-DDOS-C4480-DCN
  • F5-VPR-DDOS-C4480-AC
  • A114
  • S101
  • C115
  • J103
  • J102
High-performance VE – F5-BIG-DDOS-VE-0-8-V16 Z100
Tip: * Includes virtual wire configuration.

DDoS Hybrid Defender requires the appropriate DDoS license. It enables one module flag mod_dos. That is the only module that can be active on the system.

Browser support

DDoS Hybrid Defender supports these browsers and versions:

  • Microsoft Internet Explorer 11.x
  • Mozilla Firefox v40, or later
  • Google Chrome v44, or later

User documentation for this release

For installation and setup instructions, refer to F5 DDoS Hybrid Defender: Setup. You can find this, and additional documentation that is relevant to this release, in the F5 DDoS Hybrid Defender 14.1.0 Knowledge Center.

New functionality by release

New in 14.1.0-5.0

Custom DoS Signatures

You can now create custom Network, DNS, HTTP and SSL/TLS type DoS attack signatures, allowing you customize DoS signatures for unique traffic types and respond more quickly to next generation DoS / DDoS attacks.

Advertisement of Flowspec routes

The system allows for advertisement of flowspec routes using flowspec route injector profiles. The flowspec route injector profile lets you deploy filtering rules among BGP peer routers to mitigate DDoS attacks.

Known issues

The following known issues apply to the current release of DDoS Hybrid Defender.

ID number Description
599520 If the Help tab in the left pane is open when you edit a protected object, the help does not display.

Workaround: Click the Main tab, then return to the Help tab to display the help.

600028 When configuring Bad Actor Detection in Device Protection, the number of events per second (EPS) is per core (TMM).

Workaround: When specifying EPS for system-wide Bad Actor Detection, multiply by the number of cores (TMMs) on your system.

600031 Hardware accelerated DoS protection drops packets based only on source IP address. A sampling of packets is "leaked" to the DoS software to provide visibility for logging and reporting. For this reason, the system provides the total packets dropped based on source IP address.
600039 The Detection Threshold setting for a DoS attack is per core (TMM), not per device. Since the system has multiple cores (TMMs), the total traffic may be greater than the configured threshold if each core (TMM) sees traffic below the threshold. In this case, the attack is not detected.

Set a configured value reflecting the overall total required value divided by the number of cores (TMMs). The number of cores (TMMs) varies by platform. For example, for VE, there are two, by default. The 5250 platform has 8 cores (TMMs). Note that if traffic is unevenly distributed, one core (TMM) may reach the detection threshold while the other cores (TMMs) are still relatively idle. As a result, the device may detect an attack while processing traffic at fairly low levels overall.

622838 DDoS Hybrid Defender does not support deleting the high availability configuration. Call F5 Support if you need to remove the high availability configuration.
624614 If you attempt to delete more than 10 protected objects at once, DDoS Hybrid Defender may not complete the deletion process successfully. Therefore, F5 recommends deleting fewer than 10 protected objects at a time. Otherwise, if you need to clean up configuration objects left-over from deleting more than 10, F5 support can help you resolve configuration inconsistencies.
626578 If the connection to Silverline does not succeed when the configuration is entered for the first time, the Silverline configuration may have been lost. Workaround: Re-enter the Silverline Authentication Credentials on the Silverline screen.
679661 When changing the logging destination from Splunk to Arcsight in the Log Destination type, the logging destination does not get updated to the correct remote logging format.

Workaround: To change the logging format, first set the remote logging format to Disabled, click Update, then change it to Arcsight, and click Update again.

680730 The system cannot successfully create an HA pair if the device name and hostname are different.

Workaround: In an HA pair, use the same names for both the device name and hostname.

Installation overview

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Software, and we strongly recommend that you reference this information to ensure successful completion of the installation process.

Installation checklist

Before you begin:

  • Use BIG-IP iHealth to verify your configuration file. For more information, see K12878: Generating BIG-IP diagnostic data using the qkview utility.
  • Update/reactivate your system or vCMP host license, if needed, to ensure that you have a valid service check date. For more information, see K7727: License activation may be required prior to a software upgrade for the BIG-IP or Enterprise Manager system.
  • Ensure that your system is running version 12.x or later.
  • Download the .iso file from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
  • Configure a management port.
  • Set the console and system baud rate to 19200, if it is not already.
  • Log on as an administrator using the management port of the system you want to upgrade.
  • Check all DNSSEC Key generation's 'expiration' and 'rollover' date:time fields before performing a GTM sync group upgrade. If any of the DNSSEC Key generations are set to rollover or expire during the planned upgrade window, modify the date:time of the 'expiration' and/or 'rollover' fields to extend past the anticipated upgrade window, to a date:time when all units in the sync group will again have GTM config sync enabled.
  • Boot into an installation location other than the target for the installation.
  • Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
  • Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
  • Turn off mirroring.
  • If you are running Application Acceleration Manager, set provisioning to Minimum.
  • If you are running Policy Enforcement Manager, set provisioning to Nominal.
  • If you are running Advanced Firewall Manager, set provisioning to Nominal.

Installing the software

You can install the software at the command line using the Traffic Management shell, tmsh, or in the browser-based Configuration utility using the Software Management screens, available in the System menu. Choose the installation method that best suits your environment.
Installation method Command
Install to existing volume, migrate source configuration to destination tmsh install sys software image [image name] volume [volume name]
Install from the browser-based Configuration utility Use the Software Management screens in a web browser.

Sample installation command

The following command installs version 13.0.0 to volume 3 of the main hard drive.

tmsh install sys software image BIGIP- volume HD1.3

Post-installation tasks

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Software, and we strongly recommend that you reference this information to ensure successful completion of the installation process.

After the installation finishes, you must complete the following steps before the system can pass traffic.
  1. Ensure the system rebooted to the new installation location.
  2. Use BIG-IP iHealth to verify your configuration file. For more information, see K12878: Generating diagnostic data using the qkview utility.
  3. Log on to the browser-based Configuration utility.
  4. Run the Setup utility.
  5. Provision the modules.
Note: You can find information about running the Setup utility and provisioning the modules in BIG-IP TMOS implementationsCreating an Active-Standby Configuration Using the Setup Utility and Creating an Active-Active Configuration Using the Setup Utility.

Installation tips

  • The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
  • You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
  • If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.

Contacting F5 Networks

Phone - North America: 1-888-882-7535 or (206) 272-6500
Phone - Outside North America, Universal Toll-Free: +800 11 ASK 4 F5 or (800 11275 435)
Fax: See Regional Support for your area.

For additional information, please visit

Legal notices

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Additional Comments (optional)