Manual Chapter :
New Features in this Version
Applies To:
Show VersionsF5OS-C
- 1.6.0
New Features in this Version
Tenants
BIG-IP Tenants
This release supports tenants running BIG-IP. For more information about
compatibility and supported tenants, see the
VELOS
platforms
section of K9476: The F5 hardware/software compatibility
matrix.This release adds support for tenants running BIG-IP 15.1.9.
BIG-IP Next Tenants
This release supports tenants running BIG-IP Next, the next-generation
suite of application delivery and security software. For more information about
which tenants are supported on VELOS platforms, see K4309: F5 platform lifecycle support policy. For
more information about the BIG-IP Next tenant, see the F5 Beta portal.
VELOS now supports running more than two BIG-IP Next tenants (still in the Early
Access stage) on a blade/chassis partition. For more information on BIG-IP Next
tenant restrictions, support, and upcoming features, see the Planning for VELOS Guide.
Software
F5OS-C (VELOS) version 5F5OS-C (VELOS) version 1.6.0 supports the authentication
changes for the iHealth service. Prior versions will fail authentication. See K000132249: Authentication changes in F5 iHealth for more
information.
System webUI enhancements
This release provides several webUI enhancements:
- The Authentication Screen has been updated to improve usability.
- The User Management section is now named Authentication & Access.
- A new Certificate Revocation List feature is now available in the Authentication & Access section.
- The Certificate Management screen is now named TLS Configuration.
- An OCSP section is now available on the TLS Configuration screen.
- An IPv6 Prefix Length field is now available on the Add/Edit tenant screen.
- The iHealth Configuration screen now has Client ID & Client Secret fields to support Okta authentication.
- The webUI now displays the FIPs module version and session ID.
- The Network Settings navigation now includes an IP Tunnels screen, allowing you to configure GTP, GENEVE, NVGRE, and VXLAN tunnels from the webUI.
- LLDP interfaces can now be removed.
- A key can now be encrypted using the new (optional) Key Passphrase field.
- VELOS chassis and chassis partition webUI dashboards have been redesigned to eliminate tabs and to include better visualizations and statuses.
CLI enhancements
This release provides several CLI enhancements, including support
for:
- Uploading QKView files to iHealth via a web proxy.
- Uploading QKView files on a remote system.
- Canceling a file import/export operation.
- SSH public key authentication.
- Allow lists ('system allowed-ips allowed-ip') with a netmask specified.
- Configuring SSH timeout from the CLI.
- L2-wire can be configured from the CLI.
Crypto agility
Users can now list and modify the default crypto suites from the CLI.
OCSP Configuration
An Online Certificate Status Protocol (OCSP) Configuration feature has been added in
this release, supporting the Client Certificate Authentication feature.
Password enhancements
Password enhancements have been added, including a more descriptive error message and
a success message.
Logon activity notifications
This release provides support for notifications of logon activity: the last five
successful logins and the last five failed logins per user.
Contiguous block MAC allocations
This release adds support for using contiguous block MAC allocation for tenant
configuration in the webUI or CLI. This is needed in some SSLO use cases where
unique MAC addresses may be required on each VLAN. You can now allocate different
MAC block sizes (one, small, medium, large) to each tenant.
Network Time Protocol (NTP)
This release provides support for authenticated Network Time Protocol (NTP)
configuration, ensuring that the system clock is synchronized with Coordinated
Universal Time (UTC).
Configurable web token timeout
This release provides support for a web token, configurable from the CLI or
webUI.
Configurable Group ID (GID) support
This release allows you to configure a custom remote GID for all remote
authentication methods (LDAP, TACACS+, RADIUIS), rather than being limited to group
IDs that were fixed to specific values.
SNMP
This release provides additional MIB support and enables you to configure SNMPv3 from
the CLI and the webUI.
LDAP configuration
This release enhances the LDAP authentication process by allowing you to disable LDAP
referral chasing, which limits the LDAP servers the client connects to.
Resource-admin user role
This release adds support for the new Resource-admin user role, which is similar to
the Admin user role but cannot create additional local user accounts, delete
existing local users, change local user authorizations, or change the set of
remotely authenticated users allowed to access the system.
Client certificate authentication support
This release enables you to authenticate to the F5OS webUI using a signed SSL client
certificate instead of a username and password.
Limitations on configurability
Tenant admins can no longer configure global partition-wide parameters. Configuration
must now be done at the VELOS platform layer, and values are propagated to all
tenants in the
chassis partition.
Login banner
Login banner
The login banner can now be configured from the webUI or the CLI.