Updated Date: 05/28/2026
New Features in BIG-IQ Version 8.4.2
BIG-IQ now supports BIG-IP devices running version 21.1.0 with LTM, DNS, AFM, ASM, APM, and SSL Orchestrator (SSLO). This enables BIG-IQ to successfully discover, import, manage, and deploy configurations for BIG-IP devices running TMOS v21.1.
This initiative primarily focuses on compatibility updates, schema alignment, backend interoperability changes, and UI support required for BIG-IP v21.1 compatibility. For more details, refer Interoperability enhancements.
Per-device AFM policy deployment control is now supported for managed BIG-IP devices. Administrators can enable or disable firewall policy deployment for individual devices without removing AFM service discovery. Devices with deployment disabled are excluded from full and partial firewall deployment operations, and deployment control settings are synchronized across HA cluster devices. Only users with the Administrator role can modify this setting.
This release also adds deployment warning enhancements for evaluation deployments. BIG-IQ now displays warnings when users attempt to deploy outdated evaluations or evaluations that contain configuration deletions. When both conditions are detected, BIG-IQ displays a combined warning dialog before deployment proceeds, helping reduce the risk of unintended configuration changes and service disruption. For more details, refer Deploying LTM & Network Changes
BIG-IQ Central Manager Virtual Edition now supports deployment on Red Hat OpenShift Virtualization (KubeVirt) for BIG-IQ 8.4.2. This enables customers migrating from VMware environments to deploy BIG-IQ on KVM-based OpenShift infrastructure.
The following standalone deployment models are supported:
OpenShift vNIC (OVN-K localnet) — Uses virtio-based virtual NICs with OVN-Kubernetes localnet networking and is recommended for environments without SR-IOV hardware support, including single-node OpenShift (SNO) deployments.
OpenShift SR-IOV — Uses SR-IOV network interfaces to provide high-performance networking with direct access to physical NIC resources.
Additional deployment guidance, Kubernetes manifests, and configuration procedures are available in the BIG-IQ OpenShift deployment guides(OpenShift vNIC (OVN-K localnet), OpenShift SR-IOV).
This release includes support for Venafi Cloud. During certificate requests using the CyberArk certificate provider, if the selected certificate template supports both system-generated and user-generated CSR modes, BIG-IQ uses the user-generated CSR workflow by default. Templates configured exclusively for either system-generated (Automated Secure Keypair) or user-generated (CSR upload) mode continue to function as expected. For more details, refer Integrating CyberArk Certificate Management with BIG-IQ