New Features in this Version

This release provides several webUI enhancements:

The Authentication Screen has been updated to improve usability.
The User Management section is now named Authentication & Access.
A new Certificate Revocation List feature is now available in the Authentication & Access section.
The Certificate Management screen is now named TLS Configuration.
An OCSP section is now available on the TLS Configuration screen.
An IPv6 Prefix Length field is now available on the Add/Edit tenant screen.
The iHealth Configuration screen now has Client ID & Client Secret fields to support Okta authentication.
The webUI now displays the FIPs module version and session ID.
The Network Settings navigation now includes an IP Tunnels screen, allowing you to configure GTP, GENEVE, NVGRE, and VXLAN tunnels from the webUI.
LLDP interfaces can now be removed.
A key can now be encrypted using the new (optional) Key Passphrase field.
VELOS chassis and chassis partition webUI dashboards have been redesigned to eliminate tabs and to include better visualizations and statuses.

This release provides several CLI enhancements, including support for:

Uploading QKView files to iHealth via a web proxy.
Uploading QKView files on a remote system.
Canceling a file import/export operation.
SSH public key authentication.
Allow lists ('system allowed-ips allowed-ip') with a netmask specified.
Configuring SSH timeout from the CLI.
L2-wire can be configured from the CLI.

Users can now list and modify the default crypto suites from the CLI.

An Online Certificate Status Protocol (OCSP) Configuration feature has been added in this release, supporting the Client Certificate Authentication feature.

Password enhancements have been added, including a more descriptive error message and a success message.

This release provides support for notifications of logon activity: the last five successful logins and the last five failed logins per user.

This release adds support for using contiguous block MAC allocation for tenant configuration in the webUI or CLI. This is needed in some SSLO use cases where unique MAC addresses may be required on each VLAN. You can now allocate different MAC block sizes (one, small, medium, large) to each tenant.

This release provides support for authenticated Network Time Protocol (NTP) configuration, ensuring that the system clock is synchronized with Coordinated Universal Time (UTC).

This release provides support for a web token, configurable from the CLI or webUI.

This release allows you to configure a custom remote GID for all remote authentication methods (LDAP, TACACS+, RADIUIS), rather than being limited to group IDs that were fixed to specific values.

This release provides additional MIB support and enables you to configure SNMPv3 from the CLI and the webUI.

This release enhances the LDAP authentication process by allowing you to disable LDAP referral chasing, which limits the LDAP servers the client connects to.

This release adds support for the new Resource-admin user role, which is similar to the Admin user role but cannot create additional local user accounts, delete existing local users, change local user authorizations, or change the set of remotely authenticated users allowed to access the system.

This release enables you to authenticate to the F5OS webUI using a signed SSL client certificate instead of a username and password.

Tenant admins can no longer configure global partition-wide parameters. Configuration must now be done at the VELOS platform layer, and values are propagated to all tenants in the

chassis partition.

The login banner can now be configured from the webUI or the CLI.