Manual Chapter : Updating Security Components

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 14.1.2, 14.1.0
Manual Chapter

Updating Security Components

About updating application security components

Application security components use different data libraries to provide security features, such as attack signatures for security policies and browser capabilities. These libraries are maintained and continuously updated by F5 but you choose if and when to update your system library for each security feature. You can configure automatic updates or you can manually update the components.
The Live Update dashboard allows you to monitor, schedule and update security components. The dashboard provides the installation history and current status for each component, for example when the package was installed and if it is currently installed or an installation is pending. A yellow icon indicates that there are update files available. Updates can be:
  • Done in real time as they become available
  • Scheduled for a specific time of the day or week
  • Disabled for a component
You can also upload an update file, which you have chosen from the F5 Downloads site to the system. On a fresh system installation no updates are available. BIG-IP checks for updates every 24 hours.
For information regarding licensing requirements, allowing signature file updates through a firewall, and configuring signature file updates through an HTTPS proxy, refer to Solution 82512024 in the Ask F5 web site (https://support.f5.com/).

Updating a security component

Some components require an additional license. On a fresh installation no updates are available.
A yellow icon indicates that an update has been identified by BIG-IP and is available for installation. Live update files are cumulative, meaning that when you update a component, the update includes all items, such as attack signatures, including revisions, from the previous updates. At any time you can check for updates.
  1. On the Main tab, click
    System
    Software Management
    Live Update
    .
  2. Select the component from the Updates Configuration pane on the left.
  3. Review the components'
    Installation History
    for the last
    Install Date
    and
    Status
    of the update.
  4. Click the arrow at the end of the
    Last Checked for Updates Details
    field for a full list of each component and when it was last checked for an update.
  5. Click
    Check for Updates
    to see if there is a more recent update file.
  6. Click the update file name for installation details and to choose to install it.
    The Installation Details can include Deleted, Added and Modified Entities for the update. A Readme file is provided for some file types.
  7. Click
    Install
    to begin installation of the updated file for the selected component.
  8. Repeat for each Live Update component you want to update.
The updated file is installed and its status is now Currently Installed.
After you update attack signatures, the system places newly added attack signatures in staging (non-blocking) and updated attack signatures are enforced according to the Updated Signature Enforcement setting in the security policy. Unchanged attack signatures remain in the configured mode.

Scheduling a security component update

There are three installation options for automatically downloaded updates:
  • Real Time
    : The system installs the automatically downloaded updates as soon as they are detected by BIG-IP. This action ensures that the BIG-IP components are always current with the latest Live Update files. The detection process runs every 24 hours.
  • Scheduled
    : The system installs the automatically downloaded updates per the time and day(s) you select. If automatic installation is limited to a particular day or time, the check and download of a Live Update file is performed immediately at the onset of the installation window.
  • Disabled
    : You must manually install updates.
If you manually upload an update file to the system you must manually install it as well. Manually uploaded update files are not installed automatically, regardless of the automatic installation settings or schedule.
  1. On the Main tab, click
    System
    Software management
    Live Update
    .
  2. Select the desired installation mode.
    For
    Scheduled
    installation, select the day(s) and time.
  3. Click
    Save
  4. Repeat for each Live Update component you want BIG-IP to install automatically.