Manual Chapter : New Features in BIG-IP Version 17.1.1

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.1

BIG-IP Link Controller

  • 17.1.1

BIG-IP Analytics

  • 17.1.1

BIG-IP LTM

  • 17.1.1

BIG-IP PEM

  • 17.1.1

BIG-IP AFM

  • 17.1.1

BIG-IP FPS

  • 17.1.1

BIG-IP DNS

  • 17.1.1

BIG-IP ASM

  • 17.1.1
Manual Chapter

New Features in BIG-IP Version 17.1.1

General

See the following information about software lifecycle:

New in LTM/TMOS

BIG-IP version 17.1.1 introduces the following new features for LTM/TMOS:

Support for C3D

Support for Client Certificate Constrained Delegation (C3D) is enabled with TLS 1.3.

Support for additional cipher suites

From this release, BIG-IP supports handshakes with four additional cipher suites:
  • ECDHE-ECDSA-AES128-CCM
  • ECDHE-ECDSA-AES128-CCM8
  • ECDHE-ECDSA-AES256-CCM
  • ECDHE-ECDSA-AES256-CCM8

Change in user experience with Global Tunnel configuration parameters

The Global Tunnel configuration parameters for VXLAN, NVGRE, and GENEVE tunnels that are applied to the BIG-IP are now driven from the F5OS-A or F5OS-C level.
Set the system DB flag "net.tunnel.globals.hostmanaged" value to False, in order to remove the restriction and enforce the BIG-IP driven tunnel configuration.

New in Distributed Cloud Services

BIG-IP 17.1.1 introduces the following new enhancements in Distributed Cloud Services:

Enhancements to Transaction Results Reporting in Bot Defense

Transaction results are reported to improve bot defense. This release includes success and failure criteria for transaction results.

New in Advanced WAF

BIG-IP version 17.1.1 introduces the following new features for Advanced WAF:

Data Guard Partial Data Masking

For each and any type of masked data string, the first and/or last characters can be configured to be exposed. For example, the first and last 2 digits of a phone number or the last 4 digits of a government ID number can be exposed while the rest of the data is masked.

Auto-detection of Binary Parameter Value Type

To reduce false positive alarms on signatures and metacharacters, parameters can be configured as binary and, as a result, bypass inspection.