Manual Chapter : New Features in BIG-IP Version 17.5.1.3
back-action BIG-IP 17.5.1.3 New and Installation

New Features in BIG-IP Version 17.5.1.3

See the following information about software lifecycle:

K8986: F5 software lifecycle policy

K5903: BIG-IP software support policy

BIG-IP has upgraded the pam_tacplus package from version 1.2.9 to 1.3.2 to enable support for IPv6 as a transport protocol in TACACS-based system authentication. To use IPv6, you must configure the TACACS server with an IPv6 address in the BIG-IP system-auth configuration. This update allows you to use system authentication in environments that support only IPv6.

Due to the rotation of cryptographic keys used to sign BIG-IP images, the image verification process for this BIG-IP release may not function as expected.

Important: This change is implemented in BIG-IP versions released October 2025 or later, and all BIG-IP Engineering Hotfixes created on or after October 13, 2025. As a result, BIG-IP images signed with new keys may not be automatically verified by earlier BIG-IP and F5OS releases. In addition, earlier BIG-IP releases may not be automatically verified by BIG-IP versions released October 2025 or later.

Steps to mitigate this issue

********For BIG-IP ISO images, the signature verification process outlined in K15225 will prevent the installation of this release on systems running earlier versions of BIG-IP.

To successfully install this BIG-IP release:

  1. Temporarily disable BIG-IP ISO signature verification
  2. Install this BIG-IP release
  3. Re-enable BIG-IP ISO signature verification

For BIG-IP ISO images, the signature verification process described in K15225 will block the installation of BIG-IP versions released before October 2025.

To successfully install older BIG-IP versions while running this BIG-IP release:

  1. Temporarily disable BIG-IP ISO signature verification
  2. Install the desired BIG-IP release
  3. Re-enable BIG-IP ISO signature verification

Note: It is highly recommended that all F5-provided software images be manually verified using the procedures described in K24341140: Verifying BIG-IP software images using SIG and PEM file

Also see, K15225: Enabling signature verification for BIG-IP ISO image files