Manual Chapter : New Features in this Version

Applies To:

Show Versions Show Versions

F5OS-C

  • 1.6.0
Manual Chapter

New Features in this Version

Tenants

BIG-IP Tenants

This release supports tenants running BIG-IP. For more information about compatibility and supported tenants, see the
VELOS platforms
section of K9476: The F5 hardware/software compatibility matrix.
This release adds support for tenants running BIG-IP 15.1.9.

BIG-IP Next Tenants

This release supports tenants running BIG-IP Next, the next-generation suite of application delivery and security software. For more information about which tenants are supported on VELOS platforms, see K4309: F5 platform lifecycle support policy. For more information about the BIG-IP Next tenant, see the F5 Beta portal.
VELOS now supports running more than two BIG-IP Next tenants (still in the Early Access stage) on a blade/chassis partition. For more information on BIG-IP Next tenant restrictions, support, and upcoming features, see the Planning for VELOS Guide.

Software

F5OS-C (VELOS) version 5F5OS-C (VELOS) version 1.6.0 supports the authentication changes for the iHealth service. Prior versions will fail authentication. See K000132249: Authentication changes in F5 iHealth for more information.

System webUI enhancements

This release provides several webUI enhancements:
  • The Authentication Screen has been updated to improve usability.
  • The User Management section is now named Authentication & Access.
  • A new Certificate Revocation List feature is now available in the Authentication & Access section.
  • The Certificate Management screen is now named TLS Configuration.
  • An OCSP section is now available on the TLS Configuration screen.
  • An IPv6 Prefix Length field is now available on the Add/Edit tenant screen.
  • The iHealth Configuration screen now has Client ID & Client Secret fields to support Okta authentication.
  • The webUI now displays the FIPs module version and session ID.
  • The Network Settings navigation now includes an IP Tunnels screen, allowing you to configure GTP, GENEVE, NVGRE, and VXLAN tunnels from the webUI.
  • LLDP interfaces can now be removed.
  • A key can now be encrypted using the new (optional) Key Passphrase field.
  • VELOS chassis and chassis partition webUI dashboards have been redesigned to eliminate tabs and to include better visualizations and statuses.

CLI enhancements

This release provides several CLI enhancements, including support for:
  • Uploading QKView files to iHealth via a web proxy.
  • Uploading QKView files on a remote system.
  • Canceling a file import/export operation.
  • SSH public key authentication.
  • Allow lists ('system allowed-ips allowed-ip') with a netmask specified.
  • Configuring SSH timeout from the CLI.
  • L2-wire can be configured from the CLI.

Crypto agility

Users can now list and modify the default crypto suites from the CLI.

OCSP Configuration

An Online Certificate Status Protocol (OCSP) Configuration feature has been added in this release, supporting the Client Certificate Authentication feature.

Password enhancements

Password enhancements have been added, including a more descriptive error message and a success message.

Logon activity notifications

This release provides support for notifications of logon activity: the last five successful logins and the last five failed logins per user.

Contiguous block MAC allocations

This release adds support for using contiguous block MAC allocation for tenant configuration in the webUI or CLI. This is needed in some SSLO use cases where unique MAC addresses may be required on each VLAN. You can now allocate different MAC block sizes (one, small, medium, large) to each tenant.

Network Time Protocol (NTP)

This release provides support for authenticated Network Time Protocol (NTP) configuration, ensuring that the system clock is synchronized with Coordinated Universal Time (UTC).

Configurable web token timeout

This release provides support for a web token, configurable from the CLI or webUI.

Configurable Group ID (GID) support

This release allows you to configure a custom remote GID for all remote authentication methods (LDAP, TACACS+, RADIUIS), rather than being limited to group IDs that were fixed to specific values.

SNMP

This release provides additional MIB support and enables you to configure SNMPv3 from the CLI and the webUI.

LDAP configuration

This release enhances the LDAP authentication process by allowing you to disable LDAP referral chasing, which limits the LDAP servers the client connects to.

Resource-admin user role

This release adds support for the new Resource-admin user role, which is similar to the Admin user role but cannot create additional local user accounts, delete existing local users, change local user authorizations, or change the set of remotely authenticated users allowed to access the system.

Client certificate authentication support

This release enables you to authenticate to the F5OS webUI using a signed SSL client certificate instead of a username and password.

Limitations on configurability

Tenant admins can no longer configure global partition-wide parameters. Configuration must now be done at the VELOS platform layer, and values are propagated to all tenants in the
chassis partition.

Login banner

The login banner can now be configured from the webUI or the CLI.