Manual Chapter :
Updating Security
Components
Applies To:
Show Versions
BIG-IP ASM
- 16.1.2, 16.1.1, 16.1.0
Updating Security
Components
About updating application security components
Application security components use different data libraries to provide
security features, such as attack signatures for security policies and browser capabilities. These libraries are maintained and continuously updated by F5
but you choose if and when to update your system library for each security feature. You
can configure automatic updates or you can manually update the components.
The Live Update dashboard allows you to monitor, schedule and update security
components. The dashboard provides the installation history and current status for each
component, for example when the package was installed and if it is currently installed or
an
installation is pending. A yellow icon indicates that there are update files available. Updates
can be:
- Done in real time as they become available
- Scheduled for a specific time of the day or week
- Disabled for a component
For information regarding licensing requirements, allowing signature file updates through
a firewall, and configuring signature file updates through an HTTPS proxy, refer to
Solution 82512024 in the Ask F5 web site (https://support.f5.com/).
Updating a security component
Some components require an additional
license. On a fresh installation no updates are available.
A yellow icon indicates that an update has been identified by BIG-IP and is available for installation. Live update files are cumulative, meaning that when you
update a component, the update includes all items,
such as attack signatures, including revisions, from the previous updates. At any time you can check for updates.
- On the Main tab, click .
- Select the component from the Updates Configuration pane on the left.
- Review the components'Installation Historyfor the lastInstall DateandStatusof the update.
- Click the arrow at the end of theLast Checked for Updates Detailsfield for a full list of each component and when it was last checked for an update.
- ClickCheck for Updatesto see if there is a more recent update file.
- Click the update file name for installation details and to choose to install it.The Installation Details can include Deleted, Added and Modified Entities for the update. A Readme file is provided for some file types.
- ClickInstallto begin installation of the updated file for the selected component.
- Repeat for each Live Update component you want to update.
The updated file is installed and its status is now
Currently Installed.
After
you update attack signatures, the
system places newly added attack signatures in staging (non-blocking) and updated attack
signatures are enforced according to the Updated Signature Enforcement setting in the
security policy. Unchanged attack signatures remain in the configured mode.
Scheduling a security component update
There are three installation options for
automatically downloaded updates:
- Real Time: The system installs the automatically downloaded updates as soon as they are detected by BIG-IP. This action ensures that the BIG-IP components are always current with the latest Live Update files. The detection process runs every 24 hours.
- Scheduled: The system installs the automatically downloaded updates per the time and day(s) you select. If automatic installation is limited to a particular day or time, the check and download of a Live Update file is performed immediately at the onset of the installation window.
- Disabled: You must manually install updates.
If you manually upload an update file to the system you must manually install it
as well. Manually uploaded update files are not installed automatically, regardless
of the automatic installation settings or schedule.
- On the Main tab, click .
- Select the desired installation mode.ForScheduledinstallation, select the day(s) and time.
- ClickSave
- Repeat for each Live Update component you want BIG-IP to install automatically.
