Manual Chapter :
New Features in BIG-IQ Version 8.4.0
Applies To:
Show Versions
BIG-IQ Centralized Management
- 8.4.0
New Features in BIG-IQ Version 8.4.0
General
See the following information about the software lifecycle:
BIG-IQ Support for AWS IMDSv2
BIG-IQ Support for AWS IMDSv2
AWS introduced a token-based Instance Metadata Service API (IMDSv2) that enhances security, which requires authentication for metadata access. Previously, BIG-IQ used the older IMDSv1, which does not require authentication and remained the default for launching instances. Without IMDSv2 support, instances that require this version could not be licensed, relicensed, or use metadata-based features. For BIG-IQ, this limitation affected SSH key authentication and license activation, as its API calls to EC2 instances like m5.xlarge failed due to missing authentication token implementation.
This release adds IMDSv2 support, which allows BIG-IQ to work properly in AWS environments that require IMDSv2. Instances can now be licensed, metadata-based features are functional, and SSH key authentication works well, ensuring full compatibility with AWS security standards.
BIG-IQ Support for BIG-IP 17.5.0
BIG-IQ Support for BIG-IP 17.5.0
BIG-IQ provides full support for BIG-IP 17.5.0, ensuring seamless discovery and compatibility across all modules. Users who upgrade to the BIG-IP 17.5.0 version retain the same functionality without disruptions, maintaining consistency in their management operations.
Interoperability Support for BIG-IP Access 17.5.0
Interoperability Support for BIG-IP Access 17.5.0
BIG-IQ supports the creation, import, modification, and deployment of BIG-IP Access 17.5.0 version configurations. This update ensures full interoperability between BIG-IQ and BIG-IP 17.5.0 for managing access policies.
Support for AS3 Compatibility with BIG-IQ 8.4.0
Support for AS3 Compatibility with BIG-IQ 8.4.0
With this release, the AS3 schema is fully compatible with BIG-IQ 8.4.0, enabling seamless deployment of applications using Application Templates through the BIG-IQ user interface.
Venafi 22.x, 23.x, and 24.x Support for BIG-IQ
Venafi 22.x, 23.x, and 24.x Support for BIG-IQ
BIG-IQ now integrates with Venafi 22.x, 23.x, and 24.x versions that enable centralized certificate lifecycle management for BIG-IP devices. This update introduces support for AES256 encryption, enhancing security beyond the existing OpenSSL algorithm. By automating certificate management, this integration eliminates the manual and time-consuming process of maintaining certificates across various BIG-IP devices.
Supported BIG-IP services
BIG-IQ version 8.4.0 introduces support for the following BIG-IP services:
BIG-IP 17.5.0 support
BIG-IP 17.5.0 support
BIG-IQ now includes support for the following services running on BIG-IP version 17.5.0:
- Access Policy Manager (APM)
- Advanced Firewall Manager (AFM)
- Application Delivery Controller (ADC)
- Web Application Security (ASM / WAF)
- Fraud Protection Service (FPS)
- Statistics and Monitoring
Application Services Extension 3 (AS3) support
Application Services Extension 3 (AS3) support
BIG-IQ supports Application Services Extension 3 (AS3) version 3.53.0 and later.
Declarative Onboarding (DO) support
Declarative Onboarding (DO) support
BIG-IQ supports Declarative Onboarding (DO) version 1.29 and later. All objects up to 17.5.0 are supported.
BIG-IP SSL Orchestrator (SSLO) support
BIG-IP SSL Orchestrator (SSLO) support
BIG-IQ now supports SSLO RPM version 12.0. You can now discover, import, configure, and deploy configurations for managed BIG-IP devices running this RPM version. To learn more about features supported in this SSLO RPM version, refer to the BIG-IP SSLO 17.5.0-12.0 release notes.
F5OS platform management
BIG-IQ version 8.4.0 introduces the following new features for F5OS platform management:
Support to display the VELOS device information
Support to display the VELOS device information
You can now see the details such as
Model
type, Serial Number
, Platform Version,
and Blade Configuration
for the VELOS platformSupport to export F5OS Inventory details
Support to export F5OS Inventory details
You can now export the F5OS platform or devices inventory information into a .CSV format file regardless of the status or assignment.
Support to delete remote backup
Support to delete remote backup
You can now delete remote backup files stored in the F5OS rSeries or VELOS platforms, which will also delete the partition backup files, when you delete the local F5OS backup file present in the BIG-IQ.
Support IPv6 address for F5OS VELOS partition
This release now supports IPv6 addresses for F5OS VELOS partitions.
Export F5OS backups to the external server
Export F5OS backups to the external server
You can now store a copy of the F5OS backup remotely on an SCP or SFTP server.
BIG-IQ license management
BIG-IQ version 8.4.0 introduces the following new features for BIG-IQ License management:
License pool properties enhancements
The License Pool UI (
Devices
> LICENSE MANAGEMENT
> Licenses
> <license pool
>) was enhanced to include the following:
- You can now select the number of registration keys displayed per page under theRegistration Keyssection.
- You can now view information about theService Check Date,Max allowed Throughput Rate,Max Allowed VE Cores, andPermitter SW Versionof the Registration keys.
All licenses usage report
All licenses usage report
You can now generate a CSV report that meticulously includes all licenses from the selected group.
F5 Advanced Web Application Firewall (On-Box) service as an SSL Orchestrator service
BIG-IP SSL Orchestrator (SSLO) support
BIG-IQ 8.4.0 supports configuring and deploying Advanced WAF profiles within the SSL Orchestrator interface for all topologies, specifically in the F5 tab as part of the Solutions Catalog. This update provides a more user-friendly configuration and management experience by allowing you to configure the Advanced WAF profiles directly within SSL Orchestrator. In addition, you can also validate the service as a service chain object. For this configuration, you should have Application Security Manager (ASM), and Advanced Web Application Firewall (WAF) profile(s) configured, licensed, and provisioned on BIG-IQ.
Security Policy enhancements
- SSL Orchestrator Security Policy step now has the following enhancements while creating a new rule:
- A new drop-down list contains the "is" and "is not" operators to compare or negate your specified condition. Previously, you could configure rules having search/filter conditions with the "is/are" or "contains" operator. With this release, you can use the "is not" operator that can negate your selected conditions into "is not"/"are not" and "not contains."
- A new condition, "IP Protocol," lets you match the SSL traffic based on Internet Protocols such as TCP and UDP.
- With the new "Bypass (Client Hello)" setting in SSL Proxy Action, you can bypass traffic on certain conditions without triggering the TLS handshake. However, the SSL conditions such as "Server Certificate (Issuer DN, SANs, Subject DN)" and "Category Lookup (All)" do not have this setting enabled.
- In a custom security policy, you can now redirect the traffic to a remote URL for the specified conditions (matches). To enable this, select the Redirect option in the Action drop-down list, and then enter the URL to which you want to redirect the traffic.
