Release Notes : BIG-IP version 4.6.3 Release Note

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 4.6.3
Release Notes
Software Release Date: 04/14/2005
Updated Date: 04/18/2019

Summary:

Important: BIG-IP software version 4.6.3 is no longer available for download. We have discovered an issue which, under certain circumstances, may result in the system becoming unresponsive if the header insert attribute is enabled on a pool or SSL proxy. This issue is only present in BIG-IP version 4.6.3, not versions 4.6.2 and earlier. If you currently have version 4.6.3 installed, please contact F5 Networks Technical Support for a hotfix to this issue. We will resolve the issue, and release version 4.6.4 in the near future.

This release note documents version 4.6.3 of the BIG-IP® software. You can apply the software upgrade to version 4.5 and later. For information about installing the software, please refer to the instructions below.

F5 now offers both maintenance-only and new feature releases. Version 4.6.3 is a feature release that is based on version 4.5.12 code. This release includes all features and fixes included in versions 4.5.12 and 4.6.2. For more information on our new release polices, please see New Versioning Schema for F5 Software Releases.

Warning: This is a feature release, not a maintenance release. Unless you need specific features that are new to this feature release, please upgrade to the latest maintenance release instead.

Contents:


Minimum system requirements and supported browsers

The minimum system requirements for this release are:

  • Intel® Pentium® III 550MHz processor
  • 256MB disk drive or CompactFlash® card (if you have the 3-DNS module, you need a 512MB disk drive or CompactFlash® card)
  • 256MB RAM

The supported browsers for the Configuration utility are:

  • Microsoft® Internet Explorer 5.0, 5.5, and 6.0
  • Netscape® Navigator 4.7x

 

Note: The IM package for this release is quite large. If the disk drive in your platform does not meet the minimum requirement, you may not be able to successfully install this release.

 

[ Top ]

Supported platforms

This release supports the following platforms:

  • D35 (BIG-IP 520 and 540)
  • D39 (BIG-IP 1000)
  • D44 (BIG-IP 2400)
  • D45 (BIG-IP 2000)
  • D50 (BIG-IP 5000)
  • D51 (BIG-IP 5100 and 5110)

If you are unsure which platform you have, look at the sticker on the back of the chassis to find the platform number.

 

[ Top ]

Installing the software

Important:  Before you run the Configuration utility to configure the unit, you must complete the authorization and licensing process. (For details, see the Activating the license  section of the BIG-IP version 4.5 Release Note.) If you do not obtain a license before you run the Configuration utility, the system may behave in an unexpected manner.

Important:  If you are upgrading a BIG-IP redundant system, you must upgrade both units. We do not support running different versions on a BIG-IP redundant system.

Important:  If you are upgrading an IP Application Switch or a BIG-IP system that uses a CompactFlash® media drive, use the installation instructions here.

Note:  In rare instances, using a notebook computer to perform PXE installations of BIG-IP software causes corruption on the notebook computer hard drive. If you are using a notebook computer as a PXE server to install BIG-IP software, we recommend, as a precaution, that you first back up any important data stored on the notebook computer hard drive.

The following instructions explain how to install the BIG-IP software, version 4.6.3 onto existing systems running version 4.5 and later. The installation script saves your current configuration.

 

  1. Go to the Downloads site and locate the BIG-IP 4.6.3 upgrade file, BIGIP_4.6.3_Upgrade.im.

     

  2. Download the software image and the BIGIP_4.6.4_Upgrade.md5 file.

    For information about how to download software, refer to SOL167: Downloading software from F5 Networks.

  3. If you downloaded the image file to a directory other than /var/tmp, copy the image file to the /var/tmp/ directory on your BIG-IP system.

     

  4. Install this PTF by typing the following command:
    im BIGIP_4.6.3_Upgrade.im

    The BIG-IP system automatically reboots once it completes installation.


To upgrade an IP Application Switch or a BIG-IP system that uses a CompactFlash media drive, use the following process.

  1. Create a memory file system by typing the following command:
    mount_mfs -s 200000 /mnt

  2. Change your directory to /mnt by typing the following command:
    cd /mnt

  3. Go to the Downloads site and locate the BIG-IP 4.6.3 upgrade file, BIGIP_4.6.3_Upgrade.im.

     

  4. If you downloaded the image file to a directory other than /mnt, copy the image file to the /mnt directory on your BIG-IP system.

     

  5. Install this PTF by typing the following command:
    im /mnt/BIGIP_4.6.3_Upgrade.im

    The BIG-IP system automatically reboots once it completes installation.

Note:  This procedure provides over 90MB of temporary space on /mnt.  The partition and the im package file are deleted upon rebooting.

[ Top ]

Activating the license

Once you install the upgrade and connect the unit to the network, you need a valid license certificate to activate the software. To gain a license certificate, you need to provide two items to the license server: a registration key and a dossier.

The registration key  is a 25-character string. You should have received the key by email. The registration key lets the license server know which F5 products you are entitled to license.

The dossier  is obtained from the software, and is an encrypted list of key characteristics used to identify the platform.

You can obtain a license certificate using one of the following methods:

  • Automatic license activation
    You perform automatic license activation from the command line or from the web-based Configuration utility of an upgraded unit. This method automatically retrieves and submits the dossier to the F5 license server, as well as installs the signed license certificate. In order for you to use this method, the unit must be installed on a network with Internet access.
  • Manual license activation
    You perform manual license activation from the Configuration utility, which is the software user interface. With this method, you submit the dossier to, and retrieve the signed license file from, the F5 license server manually. In order for you to use this method, the administrative workstation must have Internet access.

Note:  You can open the Configuration utility using either Netscape Navigator 4.7x, or Microsoft Internet Explorer 5.0, 5.5, or 6.0.

To automatically activate a license from the command line for first time installation

  1. Type the user name root and the password default at the logon prompt.

  2. At the prompt, type license. The following prompts display:
    IP:
    Netmask:
    Default Route:
    Select interface to use to retrieve license:

    The unit uses this information to make an Internet connection to the license server.

  3. After you type the Internet connection information, continue to the following prompt:
    The Registration Key should have been included with the software or given when the order was placed. Do you have your Registration Key? [Y/N]:

    Type Y, and the following prompt displays:
    Registration Key:

  4. Type the 25-character registration key you received. If you received more than one key, enter all of the keys, separating each with a space.
    The dossier is retrieved and sent to the F5 license server, and a signed license file is returned and installed. A message displays indicating the process was successful.

  5. You are asked to accept the End User License Agreement.
    The system is not fully functional until you accept this agreement.

  6. You are prompted to reboot the system. Press Enter to reboot.
    The system is not fully functional until you reboot.

To automatically activate a license from the command line for upgrades

  1. Type your user name and password at the logon prompt.

  2. At the prompt, type setup.

  3. Choose menu option L.

  4. The following prompt displays:
    Number of keys: 1
    If you have more than one registration key, enter the appropriate number.

  5. The following prompt displays:
    Registration Key:
    Type the 25-character registration key you received. If you received more than one key, enter all of the keys, separating each with a space.
    The dossier is retrieved and sent to the F5 license server, and a signed license file is returned and installed. A message displays indicating the process was successful.

  6. When you are finished with the licensing process, type the following command to restart the services on the system:
    bigstart restart

To manually activate a license using the Configuration utility

  1. Open the Configuration utility according to the type of BIG-IP unit you are licensing:
    • If you are licensing a previously configured BIG-IP unit, open the Configuration utility using the configured address.

    • If you are licensing a new BIG-IP unit, from the administrative workstation, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.


  2. Type the user name and password, based on the type of BIG-IP unit you are licensing:
    • If you are licensing a previously configured BIG-IP unit, type your user name and password at the logon prompt.

    • If you are licensing a new BIG-IP system, type the user name root, and the password default at the logon prompt.

    The Configuration utility menu displays.

  3. Click License Utility to open the License Administration screen.

  4. In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Manual Authorization.

  5. At the Manual Authorization screen, retrieve the dossier using one of the following methods:

    • Copy the entire contents of the Product Dossier box.

    • Click Download Product Dossier, and save the dossier to the hard drive.

  6. Click the link in the License Server box.
    The Activate F5 License screen opens in a new browser window.

  7. From the Activate F5 License screen, submit the dossier using one of the following methods:

    • Paste the data you just copied into the Enter your dossier box, and click Activate.

    • At the Product Dossier box, click Browse to locate the dossier on the hard drive, and then click Activate.

    The screen returns a signed license file.

  8. Retrieve the license file using one of the following methods:

    • Copy the entire contents of the signed license file.

    • Click Download license, and save the license file to the hard drive.


  9. Return to the Manual Authorization screen, and click Continue.

  10. At the Install License screen, submit the license file using one of the following methods:

    • Paste the data you copied into the License Server Output box, and click Install License.

    • At the License File box, click Browse to locate the license file on the hard drive, and then click Install License.

    The License Status screen displays status messages, and Process complete appears when the licensing activation is finished.

  11. Click License Terms, review the EULA, and accept it.

  12. At the Reboot Prompt screen, select when you want to reboot the platform.
    License activation is complete only after rebooting.

To automatically activate a license using the Configuration utility

  1. Open the Configuration utility according to the type of BIG-IP unit you are licensing:
    • If you are licensing a previously configured BIG-IP unit, open the Configuration utility using the configured address.

    • If you are licensing a new BIG-IP unit, from the administrative workstation, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.

  2. Type the name and password, based on what type of BIG-IP unit you are licensing:
    • If you are licensing a previously configured BIG-IP unit, type your user name and password at the logon prompt.

    • If you are licensing a new BIG-IP unit, type the user name root, and the password default at the logon prompt.

    The Configuration utility menu displays.

  3. Click License Utility to open the License Administration screen.

  4. In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Automated Authorization.

    The License Status screen displays status messages, and Process complete appears when the licensing activation is finished.

  5. Click License Terms, review the EULA, and accept it.

  6. At the Reboot Prompt screen, select when you want to reboot the platform.
    License activation is complete only after rebooting.
[ Top ]

Changes to existing features

This release includes the following changes in product behavior.

Solution Description
SOL739 Versions of software packages used in this release
SOL1020 Reserved words for this release
SOL3689 Routes in /config/routes and /etc/netstart are removed
SOL3746 The bigpipe vlan fdb command now displays entries arranged by VLAN
SOL3747 The user is now prevented from deleting the LDAP default.key
SOL3813 The performance of the certificate map feature was improved
SOL3893 Error 331836 was made more descriptive
SOL3960 The global syncookie threshold default was changed to 500,000 for PVA-equipped systems
SOL3962 The full option was removed from hardware acceleration
SOL3996 sfd will now respawn if it fails or is killed
SOL4011 Routes are now reloaded when changes to VLANs, interfaces, or self addresses are made
SOL4366 DNS proxy port now closed by default and a new global to open it
SOL4025 sshd.conf is now backed up when an upgrade is run
SOL4037 State mirroring has been redesigned in this version
SOL4045 New checks on TCP header validity
SOL4048 New check for valid FIN sequence number for delayed binding connections
SOL4071 The snmpdca log now rotates
SOL4108 Situations causing virtual server demotion to software acceleration have been reduced
SOL4179 Hardware platforms supported by this release
SOL4180 SEE-IT providers are no longer included in this release
SOL4192 BIG-IP status window no longer uses Java
SOL4325 Fragmented packets may not be handled correctly
SOL4338 Checks are now performed to ensure that chunk header content complies with RFC2616
SOL4366 DNS proxy port can now be closed when not in use
SOL4379 SNAT pools performance has been improved
SOL4402 big3d will now log a message when it exits
SOL4551 Any remaining components of the node virtual configuration have been removed
SOL4557 The checktrap.pl script will now allow the question mark (?) character

 

[ Top ]

New features in this release

This release includes the following new features.

Connection Rate Limit settings  (CR24840)
This release of the BIG-IP system includes new Connection Rate and Rate Limit settings with which you can measure the number of connections per second. You can then use this statistic to limit the number of connections to a node address. This feature is useful if there are times when you expect to have insufficient resources to service all requests, but you also want to ensure that all available servers are performing at maximum capacity. For example, if you have a data center that has enough capacity to handle the load when all the servers are functional, but you need to bring down half of the servers at a certain time in order to update the content. In this instance, the load may exceed the capacity of the remaining servers and cause the servers to become overloaded and unable to function at their maximum sustainable capacity. To avoid this situation, you can configure the BIG-IP system node connection rate limits to the maximum sustainable rate for each server. This prevents the servers from becoming over-burdened, and thus fewer requests are discarded.

In addition, if you are using the 3-DNS Controller to load balance traffic between data centers, you can use the virtual server rate limit in conjunction with global Available Connection Rate or Quality of Service load balancing to shift the load from the degraded data center to a data center with sufficient capacity.

For more information on configuring the Connection Rate and Rate Limit settings, see SOL4183: Can BIG-IP limit connections to a node based on the rate of requests rather than the number of concurrent requests?

Static routes configuration  (CR26795)
The /config/static_routes file replaces the /config/routes file in this release. In addition, the system propagates changes to the static routes configuration from one unit to the peer unit during configuration synchronization. The system also updates static routes when you reload the configuration (bigpipe load or bigpipe base load).
You can also reload static routes by typing the following:
bigstart reinit static-routes
To modify the /config/static_routes file from the command line utility, enter one static route per line using the following syntax:
destination gateway [options]
where:

  • destination is the target of the route entered as IP address (for example, 1.2.3.4) or CIDR prefix (1.2.3.0/24)
  • gateway is IP address of the next hop
  • options are any other options accepted by the route command (see man route for details)

The system ignores blank lines and/or lines beginning with a hash mark (#).

Note:  The syntax for the new configuration file differs from the old file (/config/routes).

For more information, see solutions SOL3687, SOL4011, and SOL3691.

Load times for large configuration with many proxies  (CR28452) (CR29316)
The bigpipe sslproxy skip keycheck feature available in version 4.2 PTF-10 is now available in this version of the BIG-IP software. If you have a very large configuration with many proxies (50+) and you must reduce the configuration load time, you have the option of reducing the load time by disabling key and certificate validation.
To disable key and certificate validation using the command line utility, type the following:
bigpipe global sslproxy skip keycheck enable
To disable key and certificate validation using the Configuration utility, check the sslproxy skip keychecks check box on the Advanced Properties screen.

For more information, see solutions SOL3742.

Including non-printable characters in send and receive strings  (CR42161)
This release of the BIG-IP software allows you to insert non-printable characters in send and receive strings. This feature allows you to monitor node status more accurately using escape sequences in the send and recv strings. The BIG-IP system currently supports the following sequences:

Escape sequence Meaning
\a alert (bell)
\b backspace
\e escape
\f formfeed
\n new line
\r carriage return
\t tab
\v vertical tab
\\ back slash
\' single quote
\xHH hex ASCII code (H = hex digit)
\xONN octal ASCII code (N = octal digit)

Note that the NUL character ASCII 0 is not allowed.
For more information on including non-printable characters in send and receive strings, see SOL4186: How do I enter escape sequences in an ECV health monitor's send and receive strings?

Configuration load time settings  (CR43629)
In this release you can configure the amount of time that the BIG-IP system waits for the configuration to load before it the system begins load balancing traffic. The default setting is 15 seconds, and this should be adequate for most configurations. However, in instances where the configuration takes longer than 15 seconds to load, the BIG-IP system may begin load balancing based on a partially-loaded configuration. This situation can occur if you have an older platform and are loading a very large configuration. If you experience this issue, we recommend that you increase the default timeout for configuration load time. For more information, see SOL4322: How do I configure the configuration load timeout?

Log message reliability improvements  (CR43835)
In this release, the BIG-IP system delivers log messages more reliably in cases where there is a burst of logging activity.

For more information, see SOL3563.

New fixes in this release

In the 4.6.3 release, on a trial basis, we have modified the format for displaying CRs for fixes and known issues. The CRs are now listed in a table format, with the corresponding solution listed next to the CR. Clicking the solution link directs you to the more detailed solution document that is posted on the AskF5 Technical Support Web Site. We continually update these solution documents on AskF5 as new details become available. If additional known issues are discovered after we release version 4.6.3, we will update the known issues table with the new CR and solution numbers, with the goal of keeping you current on our known issues.

If you encounter a solution that does not have an active link, it is likely that we have not yet had a chance to get the solution posted on AskF5, but please continue to check this table for new content or links.

This release includes the following new fixes.

CR Solution Description
CR17426 SOL274 BIG-IP won't allow a wildcard certificate that contains multiple wildcards
CR22419 SOL4408 Inability to delete files during an upgrade can result in unallocated iNodes
CR22954 SOL3805 sysObjectID is not correctly mapped in the MIB
CR23634 SOL3678 sod reports unnecessary bigapi_unit_mask errors
CR24041 SOL4325 Fragmented packets might not be handled correctly
CR24720 SOL274 BIG-IP won't allow a wildcard certificate that contains multiple wildcards
CR26184 SOL3679 Adding a member on the loopback network drops network connectivity
CR26184 SOL3732 Server appliances do not delete FDB entries when a link goes down
CR26515 SOL4406 CRLs fail if installed at the command line, using the default path
CR26564 SOL3684 Help for bigpipe monitor did not exist
CR27060 SOL3694 bigpipe pool stats reset command can cause a core dump
CR27160 SOL3696 Aggregation might not work properly when client connections have small MSS
CR27161 SOL3701 Help for bigpipe class did not exist
CR27161 SOL3703 Help for bigpipe interface did not exist
CR27161 SOL3705 Help for bigpipe reset did not exist
CR27161 SOL3707 Help for bigpipe list did not exist
CR27161 SOL3710 Help for bigpipe merge did not exist
CR27161 SOL3711 Help for bigpipe base save did not exist
CR27161 SOL3712 Help for bigpipe base list did not exist
CR27161 SOL3713 Help for bigpipe save did not exist
CR27205 SOL3715 Syslog listens on UDP port 514
CR27271 SOL4315 Ingress rate filters might trigger a memory leak or cause the system to become unstable
CR27335 SOL4315 Ingress rate filters might trigger a memory leak or cause the system to become unstable
CR27424 SOL3717 NTP no longer fails after loading the configuration using the Configuration utility
CR27752 SOL3720 The iRule imid() function returns an extra character
CR27817 SOL3723 The genkey utility no longer prompts for a passphrase
CR27821 SOL4317 SNMP walks against bigsnmpd might trigger a memory leak
CR27835 SOL3725 Creating new virtual servers for an existing address removes any_ip
CR27915 SOL3728 Deleting virtual server, proxy, or SNAT with common address stops ARP response
CR27978 SOL4325 Fragmented packets might not be handled correctly
CR28079 SOL3729 Server appliances enter a netboot loop after the system issues a halt
CR28316 SOL1660 Zombie processes may be generated when a terminal server is attached
CR28316 SOL3733 Duplicate VLANs appear when a self IP address on the 135./8 network is configured
CR28388 SOL4325 Fragmented packets might not be handled correctly
CR28434 SOL3736 Running bigtop with a negative delay locks the console
CR28435 SOL3736 Running bigtop with a negative delay locks the console
CR28436 SOL3737 The FAN_FAILING, CPU_TOO_HOT, CPU_FAN_FAILING, and POWER_FAILED SNMP traps do not work
CR28502 SOL2758 Nodes might be marked down incorrectly when translucent VLAN groups are used
CR28543 SOL2729 Messages might be printed to the console when rules are used
CR28549 SOL3745 The Configuration utility rejects a fallback host that contains another http://
CR28550 SOL3745 The Configuration utility rejects a fallback host that contains another http://
CR28608 SOL4325 Fragmented packets might not be handled correctly
CR28637 SOL4325 Fragmented packets might not be handled correctly
CR28904 SOL3749 Half-closed connections might be terminated while data is still being transferred
CR29158 SOL3750 Out of order, zero length packets might cause header insert functions to fail
CR29196 SOL3751 Random non-TCP, non-UDP protocol packets are blocked when IP filters are enabled
CR29218 SOL3803 SNAT connections and health monitors might experience overlapping connections
CR29223 SOL3767 The snmp_dca monitor does not work properly with very large coefficients
CR29255 SOL3768 The description of the OID loadBalTrapPortString is incorrect
CR29282 SOL3803 SNAT connections and health monitors might experience overlapping connections
CR29349 SOL3769 SNAT connection limits can only be removed by setting them to zero
CR29456 SOL3770 Duplicate ARPs might be sent when determining the destination of a packet
CR29612 SOL3778 SSL proxy hardware failover can be configured in multiple places
CR29629 SOL3779 Changing a VLAN tag might change the IP address of network virtual servers
CR29631 SOL3780 The SSL proxy Advanced Properties page accepts the value "Or choose..."
CR29660 SOL3781 mrad might become unstable and produce core files on platforms that do not contain a PVA
CR29751 SOL3783 The bigpipe verify load command rejects configurations using SNAT connection mirroring
CR29730 SOL3715 Syslog listens on UDP port 514
CR29793 SOL3785 Inaccurate VLAN tag error message exists in the Configuration utility
CR29809 SOL3786 Retransmitted packets larger than the original are not accepted in some cases
CR29843 SOL3787 BIG-IP 2400, 5000, and 5100 units might lock up during reboot
CR30142 SOL3805 sysObjectID is not correctly mapped in the MIB
CR30152 SOL3806 The global l2_aging_time might be saved in the wrong location
CR30152 SOL3808 The global VLANs unique_mac might be saved in the wrong location
CR30235 SOL3809 Spurious "No nodes up" messages are logged
CR30279 SOL3810 SSL proxies truncate domain name information at 64 bytes
CR30349 SOL142 SSL persistence will not mirror successfully after a failover and then a fail back
CR30722 SOL3750 Out of order, zero-length packets might cause header insert functions to fail
CR30995 SOL3815 Fiber gigabit ports show output errors on switch appliances
CR31150 SOL206 The state mirroring daemon may crash during configsync
CR31251 SOL3805 sysObjectID is not correctly mapped in the MIB
CR31393 SOL3821 The global reaper setting can be set to zero
CR31907 SOL3823 proxyd can become unstable when enforcing licensing limits
CR31944 SOL3824 If an HTTP header match string is longer than the HTTP headers, a hang can result
CR32164 SOL3892 The snmp_dca monitor might load the CPU excessively
CR32164 SOL3897 The snmp_dca monitor is able to mark nodes down
CR32258 SOL4094 If pools or members are removed from an active configuration the system might become unstable
CR32362 SOL3895 ARP responses might be ignored if a VLAN and VLAN group share the same MAC address
CR32375 SOL3896 Dropped packet counters in netstat and bigpipe interface might be inconsistent
CR32410 SOL3897 The snmp_dca monitor is able to mark nodes down
CR32759 SOL754 dot1dStaticEntry OID value does not have a bounded range, although a range is required
CR32760 SOL3898 Gratuitous ARP responses are not passed by VLAN groups
CR32797 SOL3899 The output from bigpipe pool show has omitted priority and ratio information
CR32815 SOL3901 Packets containing a CRLF before the headers do not have a cookie inserted
CR32874 SOL3902 Use of a forwarding pool with syn cookies can result in the system becoming unstable
CR32923 SOL3903 Proxy connections hang when target virtual server has translation disabled
CR33118 SOL3905 The checkcert command have the wrong directories hard coded
CR33286 SOL3906 The /etc/syslog.conf comments indicate the wrong location of checktrap.pl
CR33627 SOL3909 The BIG-IP system attempts to re-use connections to servers that did not close their side
CR33664 SOL3910 Connections might be reset with a 0 sequence number after a failover
CR33713 SOL3911 Packets sent from node to client do not reset the connection timer
CR33803 SOL3912 Unintended limit is placed on the size of input from text boxes using POST
CR34199 SOL3913 Unstable condition can occur during connection setup with syncookies enabled
CR34228 SOL3914 The snmp_dca monitor incorrectly reports disk usage over 4GB
CR34446 SOL3915 Problems with internal interface drivers might make the BIG-IP system unresponsive
CR34525 SOL3917 The standby may send a gratuitous ARP using the floating IP address
CR34608 SOL3919 The bigsnmpd might cause the system to become unstable if all interface statistics are read
CR34635 SOL3920 Error 331789 can occur in the Configuration utility
CR34786 SOL3921 Dependencies can only be removed in the same multiples they were added
CR34837 SOL142 SSL persistence will not mirror successfully after a failover and then a fail back
CR34852 SOL3922 The PVA can become unresponsive if directed to delete connections
CR34952 SOL3957 System can hang when subjected to a syn flood with SNAT enabled
CR35007 SOL3958 SNAT can take a long time to find a source port
CR35124 SOL4109 SSL connections that are not cleanly shutdown are reaped at 1005 seconds
CR35216 SOL3961 Connections sending data after zero receive window was requested are reset
CR35407 SOL3963 Maximum accepted URI length in a redirect rule is 1280 bytes
CR35420 SOL3965 Packets passing through a forwarding virtual server have their TOS bit set to zero
CR35424 SOL3966 Changing the netmask of a network virtual server does not work
CR35476 SOL3967 Querying the OID .1.3.6.1.2.1.17.1.1 when FDB has many entries can cause bigsnmpd to become unstable
CR35525 SOL4318 The system does not send a reset when an established but unused connection is timed out
CR35552 SOL3968 VLAN failsafe does not always work properly on PVA-equipped systems
CR35572 SOL4404 Adding too many members to a class can cause the Configuration utility to become unstable
CR35588 SOL3184 The bigpipe verify never passes a configuration that contains external classes
CR35631 SOL3971 Use of very large classes is inefficient and could make the BIG-IP system unresponsive
CR35745 SOL3972 SMTP health checks can fail if a DNS server is not available
CR36046 SOL3973 VLAN failsafe begins countdown before traffic generation begins
CR36158 SOL3974 Incorrectly formatted packets sent to a rule can cause the system to become unstable
CR36275 SOL3975 Oracle pinger might fail to start
CR36277 SOL3975 Oracle pinger might hang on start-up
CR36329 SOL3976 HTTP HEAD requests cause the SSL proxy to truncate message bodies
CR36359 SOL3976 HTTP HEAD requests cause the SSL proxy to truncate message bodies
CR36377 SOL4405 High speed interface statistics are reported in the wrong units
CR36548 SOL4107 Monitors created in the Configuration utility might have an additional carriage return
CR36630 SOL3977 SSL proxies incorrectly translate the Range header
CR36631 SOL3977 SSL proxies incorrectly translate the Range header
CR36659 SOL3922 Internal commands might cause the PVA to become unresponsive
CR36661 SOL3922 Internal commands might cause the PVA to become unresponsive
CR37076 SOL3235 The radius pinger contains ^M characters
CR37147 SOL3987 The system might become unstable when running the ANIP kernel and using the bpf device
CR37260 SOL3988 DMA support is disabled on the D35 platform
CR37281 SOL4024 The Add Proxy pages do not work correctly with the Netscape Navigator browser.
CR37620 SOL3990 SSL proxies assume that a missing content length header means no body follows
CR37627 SOL3991 Header erase feature is case sensitive
CR37627 SOL3992 Header erase feature can modify header names
CR37729 SOL3993 SSL proxies cannot handle CRLs that use "nextUpdate=NONE"
CR37741 SOL3997 SFD might queue more messages than it can transmit, and might transmit at bad times
CR37770 SOL3998 Buffer mismatch in mapclass2node might cause the system to become unstable
CR37861 SOL3999 SSL proxy might become unstable when it cannot find a place to insert a header
CR38259 SOL3805 sysObjectID is not correctly mapped in the MIB
CR38330 SOL3277 mod_ssl is subject to the vulnerability described in CERT VU#303448
CR38332 SOL4002 OneConnect drops client acknowledgements while in split pending state
CR38368 SOL4003 Both reaper water marks are not written when either one is configured
CR38372 SOL3277 mod_ssl was subject to the vulnerability described in CERT VU#303448
CR38377 SOL4003 Both reaper water marks are not written when either one is configured
CR38514 SOL4004 SNAT processing is inefficient and could cause instability
CR38873 SOL4008 bigipprovider.cgi can not read pool names longer than 32 characters
CR39078 SOL4009 libpng version 1.0.9 contain security vulnerabilities
CR39088 SOL4010 Reboot of the active system might result in a failback after reboot
CR39184 SOL4016 External ports are set to forwarding rather than blocking mode during start-up
CR39211 SOL4073 An unstable system might result from inadequate pre-allocated memory pages
CR39371 SOL147 The java status window requires RADIUS and Secure ID login after one hour, but fails
CR39573 SOL4018 iRule log function might add extra characters if a small string is used
CR39890 SOL4022 FTP health check writes file to /var/tmp
CR39932 SOL3330 Authorization group names no longer allow invalid characters
CR39936 SOL4370 e-Commerce Controllers cannot display system graphs
CR39978 SOL4046 Timeout on SYN retransmission to nodes is reset by client traffic
CR39978 SOL4047 FIN wait timeout is set based on the time the FIN is received from the client
CR39978 SOL4050 Lost FIN packets are not retransmitted when closing node-side connections
CR39978 SOL4051 Client FIN packets are honored while a delayed binding connection is being set up
CR39981 SOL4052 Multicast traffic is processed, but should be passed unmodified
CR40010 SOL4046 Timeout on SYN retransmission to nodes is reset by client traffic
CR40010 SOL4047 FIN wait timeout is set based on the time the FIN is received from the client
CR40010 SOL4050 Lost FIN packets are not retransmitted when closing node-side connections
CR40010 SOL4051 Client FIN packets are honored while a delayed binding connection is being set up
CR40011 SOL4053 Patch for VU#303448 breaks interaction between config and genkey
CR40015 SOL4055 Header and cookie insertion is tied to connections, rather than pools
CR40034 SOL4056 The openssl command might become unstable with ca or ocsp options
CR40049 SOL4046 Timeout on SYN retransmission to nodes is reset by client traffic
CR40049 SOL4047 FIN wait timeout is set based on the time the FIN is received from the client
CR40049 SOL4050 Lost FIN packets are not retransmitted when closing node-side connections
CR40049 SOL4051 Client FIN packets are honored while a delayed binding connection is being set up
CR40055 SOL4057 The Configuration utility can become unstable when you define more than 160 SSL proxies
CR40106 SOL4053 The patch for VU#303448 breaks the interaction between config and genkey
CR40135 SOL4053 The patch for VU#303448 breaks the interaction between config and genkey
CR40141 SOL4059 Rules that use starts_with and a class with overlapping entries might fail
CR40172 SOL4061 The OSPF module does not work with MD5 message digesting
CR40389 SOL3369 The BIG-IP system and the 3-DNS Controller are vulnerable to VU#395670 / CAN-2004-0171
CR40193 SOL4062 The final FIN acknowledgement is sent with an incorrect sequence number
CR40211 SOL4064 You can define multiple OCSP responders, but only the first is used
CR40234 SOL4065 If you modify or delete a class member, it causes the system to become unstable
CR40266 SOL4066 The BIG-IP system might become unstable when an SSL proxy and virtual server member have the same address
CR40268 SOL4067 SIP persistence does not correctly handle spaces in the Call-ID field
CR40286 SOL4068 Creating a virtual server with an invalid address creates a wildcard virtual
CR40294 SOL4070 POST requests beginning with a byte value greater than 128 might cause proxyd to become unstable
CR40389 SOL4371 It is now possible to set the size of the TCP reassembly queue
CR40390 SOL3369 The BIG-IP system and the 3-DNS Controller are vulnerable to VU#395670 / CAN-2004-0171
CR40428 SOL3372 SNMP traps are sent using the wrong OID base
CR40433 SOL4073 An unstable system might result from an inadequate number of pre-allocated memory pages
CR40468 SOL4074 CSRs are created with US state abbreviations, rather than full names
CR40589 SOL4075 SFD might enter a loop and cause high CPU utilization
CR40715 SOL4077 ICMP checksums are not always updated when changes are made to ICMP messages
CR40815 SOL4076 UDP packets that lack a checksum have one inserted
CR40889 SOL4083 Gateway failsafe does not recover when a gateway responds after countdown begins
CR40923 SOL4084 Bridging storms can cause the system to become unstable
CR40980 SOL4085 Connection mirroring does not work correctly for MSRDP
CR41017 SOL4086 Creating large SNAT pools can cause the system to become unstable
CR41076 SOL3456 OpenBSD RADIUS authentication bypass vulnerability
CR41099 SOL4087 The qkview utility might enter an infinite loop and produce a large output file
CR41113 SOL4088 The syslog utility does not attempt enough retries when logging many simultaneous messages
CR41220 SOL3717 NTP fails when you load the configuration using the Configuration utility
CR41267 SOL4378 The man page for the dig command is omitted
CR41279 SOL4090 Deleting all self IP addresses associated with a route might cause the system to become unstable
CR41411 SOL4092 HTTP version 1.0 keep-alive sessions might not be properly identified
CR41450 SOL3720 The iRule imid() function returns an extra character
CR41473 SOL4320 The unit ID of a virtual server may be changed when a rule or pool is modified
CR41474 SOL4409 Classes that are in use can be deleted
CR41491 SOL3751 Random non-TCP, non-UDP protocol packets are blocked when IP filters are enabled
CR41502 SOL4094 If pools or members are removed from an active configuration the BIG-IP system might become unstable
CR41519 SOL4095 The BIG-IP system rejects HTTP GET requests containing characters with values greater than 128
CR41567 SOL4380 Large TCP and UDP timeout values are displayed incorrectly
CR41599 SOL2884 SNMP VLAN input packet statistics display only bridged packets
CR41599 SOL3024 The netstat utility does not display VLAN MAC addresses correctlys
CR41687 SOL4398 Using the bigpipe node command to assign a monitor can cause the BIG-IP system to become unstable
CR41690 SOL4400 A memory leak in the bigd utility is triggered when nodes are assigned to the HTTPS monitor
CR41765 SOL206 The state mirroring daemon may crash during configsync
CR41770 SOL4318 A reset is not sent when an established but unused connection is timed out
CR41778 SOL4325 Fragmented packets might not be handled correctly
CR41874 SOL754 dot1dStaticEntry OID value does not have a bounded range, although a range is required
CR41880 SOL4404 Adding too many members to a class can cause the Configuration utility to become unstable
CR41881 SOL4405 High speed interface statistics are reported in the wrong units
CR41906 SOL4317 SNMP walks against bigsnmpd might trigger a memory leak
CR41929 SOL4406 CRLs fail if installed at the command line, using the default path
CR41942 SOL4407 Header insert displays error 331903 if the header is too long
CR41943 SOL142 SSL persistence will not mirror successfully after a failover and then a fail back
CR41948 SOL4408 Inability to delete files during an upgrade can result in unallocated iNodes
CR41952 SOL3965 Packets passing through a forwarding virtual server causes the TOS bit to be set to zero
CR41969 SOL4320 The unit ID of a virtual server might be changed when a rule or pool is modified
CR41970 SOL4409 Classes that are in use can be deleted
CR41971 SOL3024 The netstat utility does not display VLAN MAC addresses correctly
CR42016 SOL4107 Monitors created in the Configuration utility might have an additional carriage return
CR42055 SOL4076 UDP packets that lack a checksum have one inserted
CR42074 SOL4317 SNMP walks against bigsnmpd might trigger a memory leak
CR42134 SOL2729 Messages might be printed to the console when rules are used
CR42140 SOL3975 The Oracle pinger might fail to start
CR42156 SOL4020 The SSL pinger is too aggressive in marking down nodes
CR42168 SOL4000 The default certificate and key are no longer presented as options for SSL proxies
CR42209 SOL3810 SSL proxies truncate domain name information at 64 bytes
CR42215 SOL3694 The bigpipe pool stats reset command can cause a core dump
CR42216 SOL3694 The bigpipe pool stats reset command can cause a core dump
CR42321 SOL4205 The proxyd might become unstable during shutdown
CR42397 SOL4097 The Configuration utility might become unstable
CR42428 SOL4097 The Configuration utility might become unstable
CR42429 SOL4207 Apache mod_include vulnerability CAN-2004-0940
CR42468 SOL4099 Apache mod_include vulnerability CAN-2004-0940
CR42575 SOL4325 Fragmented packets might not be handled correctly
CR42763 SOL4208 The string "--" cannot be used in certificate names
CR42842 SOL4322 You can now configure the timeout period for loading the configuration
CR42843 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR42898 SOL4102 IP forwarding fails if return traffic matches a SNAT
CR43312 SOL4315 Ingress rate filters might trigger a memory leak or cause the system to become unstable
CR43320 SOL4035 Web aggregation fails if the server does not advertise MSS
CR43392 SOL4323 An unnecessary DNS lookup can cause loading of static routes to fail
CR43463 SOL4328 The ntpd daemon fails to run when more than 128 VLANs exist
CR43575 SOL4325 Fragmented packets might not be handled correctly
CR43577 SOL4325 Fragmented packets might not be handled correctly
CR43583 SOL4328 The ntpd daemon fails to run when more than 128 VLANs exist
CR43589 SOL4329 The SSL proxy cannot insert fields from client certificates encoded BMPString or UTF8String
CR43590 SOL4329 The SSL proxy cannot insert fields from client certificates encoded BMPString or UTF8String
CR43600 SOL3740 The SSL proxy cannot insert fields from client certificates encoded BMPString or UTF8String
CR43601 SOL3740 The SSL proxy cannot insert fields from client certificates encoded BMPString or UTF8String
CR43628 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR43629 SOL4322 You can now configure the timeout period for loading the configuration
CR43633 SOL4323 An unnecessary DNS lookup can cause loading of static routes to fail
CR43637 SOL4318 A reset is not sent when an established but unused connection is timed out
CR43643 SOL4328 The ntpd daemon fails to run when more than 128 VLANs exist
CR43645 SOL4330 HTTP HEAD requests might not work with rules, cookie persistence, or web aggregation
CR43647 SOL4330 HTTP HEAD requests might not work with rules, cookie persistence, or web aggregation
CR43681 SOL4409 Classes that are in use can be deleted
CR43682 SOL4409 You can configure BIG-IP to use a class that does not exist
CR43683 SOL4208 You can configure BIG-IP to use a class that does not exist
CR43718 SOL3633 Dynamic ratio can select a node that is down
CR43810 SOL3737 FThe FAN_FAILING, CPU_TOO_HOT, CPU_FAN_FAILING, and POWER_FAILED SNMP traps do not work
CR43927 SOL4331 A reset sent due to a discard statement in an L7 rule does not use last hop routing
CR43927 SOL4332 A reset is not sent when an L4 rule results in a discard statement
CR43928 SOL4331 A reset sent due to a discard statement in an L7 rule does not use last hop routing
CR43928 SOL4332 A reset is not sent when an L4 rule results in a discard statement
CR44028 SOL3325 The system can become unstable when FTP data connections are reaped
CR44029 SOL4333 HTTP POSTs fail to pass an SSL proxy when redirect rewrites are enabled
CR44030 SOL4333 HTTP POSTs fail to pass an SSL proxy when redirect rewrites are enabled
CR44246 SOL4152 Critical security flaw in the BIG-IP system when OneConnect is enabled
CR44247 SOL4152 Critical security flaw in the BIG-IP system when OneConnect is enabled
CR44248 SOL4152 Critical security flaw in the BIG-IP system when OneConnect is enabled
CR44301 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR44302 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR44372 SOL4351 BIND VU#938617
CR44375 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR44376 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR44557 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR44610 SOL4317 SNMP walks against bigsnmpd might trigger a memory leak
CR44712 SOL4326 3dnsd might become unstable due to internal mishandling of long error messages
CR44807 SOL4326 3dnsd might become unstable due to internal mishandling of long error messages
CR44994 SOL4550 The bigpipe man page references incorrect locations for the named.conf and named.boot files
CR45015 SOL4326 System crashes, panics, and hangs that have been fixed in this release
CR45051 SOL4341 Connections might be persisted to a down node when any_ip is enabled
CR45110 SOL4341 Connections might be persisted to a down node when any_ip is enabled
CR45187 SOL4550 The bigpipe man page references incorrect locations for the named.conf and named.boot files
CR45207 SOL4397 Virtual servers that match a network virtual server might be demoted to software
CR45302 SOL4347 A specific type of security scan can cause a panic and reboot
CR45303 SOL4347 A specific type of security scan can cause a panic and reboot
CR45349 SOL3325 The system can become unstable when FTP data connections are reaped
CR45359 SOL4551 Any remaining components of the node virtual configuration have been removed
CR45383 SOL4381 Connections might hang when content length in the response is missing or incorrect
CR45383 SOL4381 Connections might hang when content length in the response is missing or incorrect
CR45386 SOL4553 Adding a rate filter causes an error
CR45417 SOL4553 Adding a rate filter causes an error
CR45476 SOL4555 The configsync process might not be able to locate required executables
CR45477 SOL4555 The configsync process might not be able to locate required executables
CR45926 SOL4542 Walking the dot1dTpFdbAddress table does not generate any data
CR47021 SOL4551 Any remaining components of the node virtual configuration have been removed

 

[ Top ]

Features and fixes in prior releases

The current release includes the features and fixes that were distributed in prior feature releases, as listed below. (Prior releases are listed with the most recent first.)

Version 4.6.2

Monitor instances with identical destinations and different templates  (CR14311)
In previous releases it was not possible to create multiple monitor instances with the same destination. (The destination of a monitor instance is derived from the destination address and port of the associated monitor template. If destination address is not specified in the monitor template, the associated node address and port are used.) In this release you can create multiple monitor instances with the same destination, as long as the monitor instances are associated with different monitor templates.

You can use this feature in conjunction with the "port translation on a per-pool basis" functionality to configure monitoring and load balancing to different applications on the same port. For more information, see Monitoring and load balancing to different applications on the same port in the Optional configuration changes section of this release note.

Combining transparent monitors (CR26915)
You can now combine transparent monitors using the logical AND operation.

The system_check tool for IP Application Switch platforms  (CR27354)
The system_check script for IP Application Switch platforms is disabled by default in this release. This change does not affect existing configurations. If system_check is enabled, the script remains in an enabled state when you upgrade to this version of the BIG-IP software.

System statistics screen  (CR28085)
This release includes a System Graph Statistics screen in the Configuration utility that displays statistics about the BIG-IP system in a graphical format so that you can view changes and trends in statistics over time. The System Graph Statistics screen displays statistics including CPU usage, memory usage, throughput, connections per second, and packets per second.
To view the System Graph Statistics screen, in the left pane of the Configuration utility, click Statistics and then click System Graphs.
In addition, this release includes new SNMP OIDs including SSL proxy TPS and throughput. The new SNMP OIDs improve performance monitoring for the BIG-IP system using network management software. The new SNMP OIDs replace proxydstats for SSL proxy monitoring.

SNMP version 2c traps  (CR28909)
The BIG-IP system now supports SNMP version 2c traps. You can enable this feature using the command line utility. Use the following command to enable this feature:

bigpipe db set Common.Bigip.SNMP.UseV1 = "false"

After you enable or disable this variable, you must stop and restart the checktrap.pl and syslogd utilities. It is important that you start the checktrap.pl utility before you start the syslogd utility.

Note:  This release does not support using Nokia traps in conjunction with SNMP version 2c traps. If you enable SNMP version 2c traps and Nokia NetAct, you receive Nokia NetAct version 1 traps only.

Header insertion with selective re-encryption  (CR31960)
If you configure a proxy and you have header insertion and selective re-encryption enabled, 206 "partial response" messages no longer cause application load errors.

ARP requests with incorrect source protocol address  (CR34526)
The BIG-IP system no longer uses inactive floating self-IP addresses or virtual server addresses in the source protocol address field for ARP requests. If the system cannot generate an ARP request because there is no usable IP address available on a VLAN, the BIG-IP system logs the following warning message to /var/log/messages:

kernel: arpresolve: no usable src addr on iface: <interface_index>

The system log this message on BIG-IP systems that have a VLAN configured with only floating self-IP addresses; this type of configuration is not supported.

IBM HS20 Model Type 8832 : Watchdog no longer fails to trigger Â  (CR34882)
IBM has issued a firmware update for the IBM eServer BladeCenter HS20 Type 8832 (2.8GHz and up) that resolves the issue that deactivated the watchdog timer in previous releases. The link to the IBM firmware update is: http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-45486 . The firmware version is 1.07. While it states compatibility with BIOS revision 1.0, we have used only BIOS 1.04 and later in our testing.

Large numbers of concurrent connections with the same SNAT address  (CR34952) (CR35007) (CR38200)
The BIG-IP system no longer becomes unstable if more than 63,000 concurrent connections use the same SNAT translation address as their server-side client address.

SNMP trap utility  (CR35371) (CR35372)
The BIG-IP system no longer allows arbitrary text to be processed in an insecure fashion by the SNMP trap utility.

Buffering application data and malformed packets  (CR36158) (CR38198)
When the BIG-IP system is buffering application data, a very specific malformed packet no longer causes the BIG-IP system to become unstable.

CERT VU#303448  (CR38331)
This release addresses the security issue described in CERT vulnerability note VU#303448, mod_ssl contains a format string vulnerability in the ssl_log() function. For more information on the resolved security issue, see http://www.kb.cert.org/vuls/id/303448

global reaper hiwater and global reaper lowater settings  (CR38433)
If you use the command line utility to configure the global reaper hiwater or global reaper lowater settings, the configuration now loads correctly.

RSA SecurID authentication using the Configuration utility 
The Configuration utility now includes support for RSA SecurID® authentication, the remote authentication protocol used by RSA ACE/Server® software. RSA SecurID authentication is a two-part authentication mechanism that requires both a user ID and a passcode that changes every 60 seconds. For more information on RSA SecurID authentication, please see http://www.rsasecurity.com/node.asp?id=1156. To configure RSA SecurID authentication, see Configuring RSA SecurID authentication in the Optional configuration changes section of this release note.

Version rollback script 
This release includes a rollback script that allows you to return to the previous version of the BIG-IP software, after you upgrade. This script is designed to allow you to rollback the software version in instances where you upgrade before you discover that the new version of the software is incompatible with your specific network configuration. You can use the script to return only within the major version (see SOL4476: BIG-IP Software Lifecycle Policy) of the BIG-IP software that was installed on the system prior to the upgrade. Any configuration changes you make after the upgrade are lost when you run the rollback script.

To use the rollback feature you must create a rollback IM package before you upgrade to a different version of the software.

Important:  The mkrb file for version 4.6.2 contains a defect. If you install a rollback package created by the version 4.6.2 mkrb file, the rollback procedure will fail. If you are running version 4.6.2 and you want to create a rollback IM package, we recommend that you use the mkrb file included with version 4.6.3 to create the package.

To create a rollback IM package in /var/tmp/rb using the version 4.6.3 mkrb file, use the following procedure:

  1. Change your directory to /var/tmp by typing the following command:
    cd /var/tmp

  2. Extract the mkrb file from the 4.6.3 upgrade package by typing the following command:
    tar -C / -xzf BIGIP_4.6.3_Upgrade.im usr/local/bin/mkrb

  3. Create the necessary rollback files by typing the following command:
    mkrb BIGIP_4.6.3_Upgrade.im

This creates an IM package that you can run on the BIG-IP system if you want to return to the previous version of the software. The IM upgrade package you create is located in the /var/tmp/rb directory.
To install the rollback IM package, type the following commands:
cd /var/tmp/rb
im <rollback_im_package_name>.im

Note:  If you install the rollback package created by the script and decide that you want to upgrade to a later version of the software in the future, you will need to use the im -force /var/tmp/rb/<rollback_im_package_name>.im command to install the IM package.

SSL Proxy support for non-HTTP protocols 
SSL proxy now supports non-HTTP protocols including LDAP over SSL (LDAPS) and Telnet over SSL (TELNETS). You can enable SSL proxy support for these protocols using either the command line utility or the Configuration utility.

To enable support for non-HTTP protocols using the command line, type the following commands:
b global sslproxy serverssl nonhttp enable
b save

To enable support for non-HTTP protocols using the Configuration utility, use the following procedure:

  1. Click System and then click the Advanced Properties tab.
    The Advanced Properties screen displays.
  2. In the SSL Proxy table, check the serverssl nonhttp enable box.
    Clear the box to disable this feature.

 

Note:  The BIG-IP system does not support FTPS.

SSL node monitoring performance enhancements 
In previous releases SSL node monitoring had a significant impact on SSL proxy performance. This release includes several SSL node monitoring enhancements which greatly reduce the impact on SSL proxy performance. In addition, there are three new parameters that you can configure in order to increase SSL proxy performance. For information on how to configure the new parameters, see SSL node monitoring performance enhancements in the Optional configuration changes section of this release note.

Persistent connections through nodes at connection limit 
In this release you can configure the BIG-IP system to allow persistent connections to continue to be load balanced through a node after the connection limit for the node has been reached. The Persist Override Limit setting is disabled by default. To enable this setting using the command line utility, type the following:
node <node_ip>[:<service>] persist_override_limit enable

To enable this setting using the Configuration utility, check the Persist Override Limit box on the Node Properties screen.

SSL persistence session ID 
The bigpipe <pool> persist dump command now displays the SSL session ID along with client connections and their ages.

LDAP monitor security 
You can now configure a security attribute for the LDAP monitor. You have the option of selecting SSL, TLS, or none. If you select TLS or SSL, connections to the remote LDAP database are sent over a secure TLS or SSL connection. If you select none, the system connects to the remote LDAP database using an unencrypted connection. To configure this option using the command line utility, specify a security attribute and give it one of three values: ssl, tls, or none. The following is an example of an LDAP monitor with SSL security configured.

monitor ldap {
        # type ldap
        interval 10
        timeout 31
        dest *:*
        username ""
        password ""
        base ""
        filter ""
        security "ssl"
}


To configure this option using the Configuration utility, select ssl, tls, or none from the Security list on the Add Monitor or Monitor Properties screen.

If you have any external LDAPS_pingers in your existing configuration, we recommend that you replace the external LDAPS_pinger instances with LDAP monitors with a TLS or SSL security attribute enabled.

Support for TFTP 
This version of the BIG-IP software includes support for TFTP (Trivial File Transport Protocol rev 2 - rfc1350) traffic control. TFTP configuration objects must use TFTP port 69.

System health monitor timing 
In this release we have improved the algorithm that the BIG-IP system uses to perform health monitoring at offset intervals in order to prevent spikes in CPU consumption.

snmp_dca_base monitor port configuration
The snmp_dca_base monitor now correctly uses the specified port.

SNMP link up/down traps 
New SNMP traps are included in this release. Traps are now issued each time a link goes up or down. The new traps are loadBalTrapLinkUp and loadBalTrapLinkDown.

SSL certificate expiration check
This release includes a new utility that checks weekly for SSL certificates that are expired or are about to expire, and logs warning messages in /var/log/bigip. In addition, the system issues two new SNMP traps, loadBalTrapCertExpired and loadBalTrapCertExpiring, for SSL certificates that are expired or are about to expire.

Port translation on a per-pool basis 
In this release we have added a configuration option that allows you to enable or disable port translation for specific pools. Port translation uses an alias port that identifies to the external network a specific node managed by the BIG-IP system. In previous releases, the disable port translation option was only available at virtual server level. Port translation for pools is enabled by default.

  • To configure port translation at the pool level using the command line utility, use the following syntax:
    bigpipe pool <pool_name> translate port [enable|disable]

  • To configure port translation at the pool level using the Configuration utility, check the Enable Port Translation box on the Add Pool or Pool Properties screens.

You can use this feature in conjunction with the monitor instances with identical destinations and different templates functionality to configure monitoring and load balancing to different applications on the same port. For more information, Monitoring and load balancing to different applications on the same port in the Optional configuration changes section of this release note.

Version 4.6.1

The OpenSSL package has been upgraded to version 0.9.7d (CR33306) (CR33755)
The OpenSSL package has been upgraded to version 0.9.7d. This upgrade addresses several recent security issues with OpenSSL described in Technical Cyber Security Alert TA04-078A. This version addresses CERT vulnerabilities VU#288574 and VU#484726. For more information on the resolved security issues, see http://www.us-cert.gov/cas/techalerts/TA04-078A.html.

The system_check utility  (CR34596) (CR34745)
When you run the system_check utility, it no longer incorrectly reports version is incorrect.

String comparisons in rules  (CR8717)
When you use a string comparison in a rule, it is case insensitive if you enclose the string expression in a tolower() function and compare it with a lowercase string literal. For example, in the comparison (tolower(http_uri) ends_with "jpg"), where http_uri is the string expression, and "jpg" is the lowercase string literal, the http_uri values JPG, JpG, or jpg, all return a comparison value of true.

Version 4.6

SSL proxy selective encryption  (CR23920)
This release provides the option of configuring SSL re-encryption at the pool level. For more information, see the BIG-IP New Features Guide for version 4.6, Chapter 2, SSL Proxy Selective Re-encryption.

Passing ICMP packets through a SNAT  (CR25315)
This release includes improvements in the way the BIG-IP system handles ICMP echo replies through a SNAT.

When two clients each send an ICMP echo through a SNAT on the BIG-IP system, the system now routes the ICMP echo replies and the ICMP time exceeded message back to the correct client.

In addition, when the BIG-IP system is configured to perform ICMP monitoring, and a client sends an ICMP echo through SNAT automap on the BIG-IP system, the system now correctly routes replies to either the BIG-IP system or the client, as appropriate.

CRL authentication enhancements  (CR27421)
This release includes enhancements to Certificate Revocation List (CRL) functionality, including the addition of CRL management using distribution points, and a configurable update interval that refreshes CRLs at a specified interval. For more information, see the BIG-IP New Features Guide for version 4.6, Chapter 4, CRL Authentication Enhancements.

Node counting  (CR28476)
This release includes the active_nodes function, which indicates how many nodes in the pool are available for load balancing. The active_nodes function is useful for configuring rules that send traffic to a particular pool, based on how many nodes are available in that pool. For more information, see the BIG-IP New Features Guide for version 4.6, Chapter 3, Node Counting Rule Function.

SID reuse  (CR30941)
SID reuse now works correctly with the SMP kernel.

[ Top ]

Known issues

CR Solution Description
CR571 SOL808 Reverse ECV monitors mark nodes up only as frequently as the timeout period
CR14962 SOL4539 Connecting to the standby system may result in an address conflict warning message
CR15998 SOL4539 Connecting to the standby system may result in an address conflict warning message
CR20647 SOL4539 Connecting to the standby system may result in an address conflict warning message
CR20801 SOL213 SNATs route by packet, rather than by connection as virtual servers do
CR21228 SOL216 Auto-lasthop prevents update of ARP information for self address traffic
CR21750 SOL497 The bigpipe proxy show command may not display the correct values for current and max connections
CR22494 SOL507 For connections accelerated by the PVA, BIG-IP does not send a reset to the client or the node
CR22728 SOL837 Failover does not occur when gateway failsafe is triggered for active-active units in a redundant pair.
CR23564 SOL783 Saved a new copies of snmptrap.conf can conflict after an upgrade
CR24772 SOL5131 HTTP POSTs are slow when cookie persistence is enabled
CR25821 SOL816 F5 source addresses are not added to hosts.allow when the support account is enabled
CR25874 SOL271 BIG-IP will not work correctly with administrative user names longer than 15 characters
CR26137 SOL4111 It is not possible to set cookie attributes when using cookie persistence
CR26567 SOL222 Client MSS is not provided to the node when syncookies are in use
CR26610 SOL336 Disabling SNMP traps using the configuration utility causes an error
CR26612 SOL848 The beholder-ctrl bigstart script does not include the stop and start command functions, which results in an error
CR26843 SOL359 It is not possible to configure a URI path for a fallback host using the command line
CR26953 SOL4148 The bigpipe snatpool show command displays incorrect values for a new SNAT pool
CR27049 SOL4301 Subject and Issuer data is not displayed correctly for certificates encoded using BMPSTRING or UTF8STRING
CR27061 SOL4148 The bigpipe snatpool show command displays incorrect values for a new SNAT pool
CR27090 SOL226 The system may crash when the target of a virtual server is changed
CR27158 SOL494 BIG-IP disables ARP for all of virtual servers even though it is disabled for only a single virtual server
CR27202 SOL727 The SNMPDCA monitor is not fully compatible with the Microsoft http_server MIB
CR27229 SOL363 Changes to bigdb keys are not saved unless the configuration is saved
CR27260 SOL371 Default gateway pools cannot be changed using the config command
CR27515 SOL236 SIP persistence does not key connections to a particular virtual server
CR27515 SOL239 SIP persistence does not work correctly when the SIP connection is handled by a SNAT
CR27547 SOL298 Ratio settings are not available when ratio is used as the alternate load balancing mode
CR27607 SOL4252 The bigpipe pool command does not display SIP persistence records
CR27635 SOL151 The vlangroups global setting only applies to the first configured VLAN group
CR27639 SOL428 The unit ID of a self address local to unit 2 is reported as unit 1 in active-active pairs
CR27650 SOL433 Hops factories must be configured by hand before hops LB will work on a Link Controller
CR27975 SOL240 It is not possible to set the global memory_reboot_percent to 0
CR28012 SOL250 The status LED incorrectly displays green on a standby unit when a power supply has failed
CR28035 SOL4120 Java error is reported when you assign the Oracle health monitor to an invalid node
CR28057 SOL461 Changing the port of a virtual server will result in multiple virtual server statements
CR28072 SOL467 It is possible to partially remove a link by deleting its self address and VLAN
CR28099 SOL486 BIG-IP will continue to probe any routers that are defined for a datacenter, even if you have deleted all of the BIG-IP prober factories
CR28124 SOL241 The standby unit will configure a floating self address if it does not have its own self address
CR28217 SOL1435 The Configuration utility allows a maximum of 15 characters for an Auth Model role in the Valid Roles list.
CR28333 SOL184 The Configuration utility will not create an ECV monitor that includes an Authorization: header
CR28346 SOL251 BIG-IP cannot be configured to pass bootp traffic
CR28421 SOL3734 SSL proxies may retransmit multiple packets from a connection
CR28429 SOL1566 Setup utility does not allow VLAN names with more than 12 characters
CR28451 SOL1643 The bigpipe verify command does not detect misspelled monitor names or monitors that do not exist.
CR28533 SOL5143 Web aggregation may fail when a default SNAT automap is enabled
CR28656 SOL520 The wlnode() function does not work with BEA Web Logic 7.0 and later versions
CR29394 SOL5135 BIG-IP may fail back to a previous failover state in a very specific and unusual configuration
CR29395 SOL5135 BIG-IP may fail back to a previous failover state in a very specific and unusual configuration
CR29407 SOL4148 The bigpipe snatpool show command displays incorrect values for a new SNAT pool
CR29421 SOL1863 When attempting to print the snmpget help screen, the snmp_dca health monitor enters a loop
CR29475 SOL200 Insert mode cookie persistence may fail very rarely due to node-side packet loss
CR29602 SOL249 The bigpipe interface command incorrectly reports the media type of fiber ports as 1000BaseTX
CR29606 SOL1864 SNMP monitoring software reports an error when it attempts to query the ifRcvAddressAddress OID entry in the ifRcvAddressEntry table
CR29709 SOL242 BIG-IP will send a reset to the node when deleting a connection that was never fully established
CR29744 SOL256 BIG-IP reports that "Probe control features are not available" when VLAN mirroring is enabled
CR29751 SOL3783 The verify command rejects configurations using SNAT connection mirroring
CR29801 SOL4407 An unhelpful error message is provided when a header insert is entered that is too long
CR29988 SOL243 Connections may be deleted as much as 30 seconds after they are timed out
CR30143 SOL244 Priority load balancing does not work when minimum active members is set to 0
CR30493 SOL4149 ITCMPortal may crash when using large amounts of memory
CR30731 SOL4154 Fragmented ICMP ping requests may not be passed by BIG-IP
CR30783 SOL2942 Default gateway entry is converted to a default gateway pool
CR30877 SOL4242 The im -Q command does not always report the correct versions for installed packages
CR31044 SOL245 In rare circumstances, BIG-IP may crash during configsync
CR31182 SOL207 Virtual server performance is lower on virtual servers that have not processed L7 traffic
CR31994 SOL246 BigAPI may not free memory successfully in some circumstances
CR32179 SOL2100 The maximum value for 32-bit counters is 4,194,302
CR32242 SOL4391 Node select expressions can be configured with invalid classes
CR32791 SOL4040 The global vlans unique_mac may not work when VLANs contain the same tagged interface
CR32826 SOL208 The header insert and erase features may not work when requests contain carriage returns before the command
CR32944 SOL4148 The bigpipe snatpool show command displays incorrect values for a new SNAT pool
CR33116 SOL4032 The system may crash if you configure a header insert on traffic that is not decrypted
CR33223 SOL4407 An unhelpful error message is provided when a header insert is entered that is too long
CR33581 SOL837 Failover does not occur when gateway failsafe is triggered for active-active units in a redundant pair.
CR33583 SOL3344 SNMP statistics for the loopback interface are not collected
CR33584 SOL3344 SNMP statistics for the loopback interface are not collected
CR33774 SOL5141 Retransmissions from node to client may be dropped after packet loss between client and BIG-IP
CR33815 SOL761 The table that contains Nokia NetAct SNMP traps may grow very large and use disk space
CR33878 SOL3566 When you restore the archived snmptrap.conf file after an upgrade, BIG-IP uses the previous version of the snmptrap.conf file.
CR33921 SOL3657 Available memory reported by the "memAvailReal" OID and the "vmstat" command differs
CR33922 SOL258 BIG-IP may report the CPU temperature as 255 degrees when it cannot determine the CPU temperature
CR34022 SOL654 Nodes that are monitored with a monitor rule are reported as unchecked
CR34056 SOL658 The symbolic link generation page does not provide scroll bars when output exceeds one screen
CR34267 SOL4717 BIG-IP changes the interface media settings after running the Setup utility
CR34409 SOL209 In very rare circumstances, BIG-IP may crash repeatly
CR35320 SOL309 The telnet and FTP servers are not started when you enable telnet and FTP
CR35527 SOL3775 BIG-IP doesn't provide data for existing pool members in the "PoolMemberEntry" OID table
CR35752 SOL5080 Gateway failsafe can cause a failover immediately after it is enabled
CR35906 SOL144 Internal, hidden interfaces may be displayed by bigpipe vlan fdb show
CR36811 SOL310 Link statistics are not displayed correctly after links are added or removed
CR36993 SOL265 Time zone information is not restored after system software is reinstalled
CR37500 SOL808 Reverse ECV monitors mark nodes up only as frequently as the timeout period
CR37746 SOL808 Reverse ECV monitors mark nodes up only as frequently as the timeout period
CR37847 SOL4149 ITCMPortal may crash when using large amounts of memory
CR37915 SOL4149 ITCMPortal may crash when using large amounts of memory
CR37986 SOL5142 Health monitors may attempt to use source ports that are already in use
CR38085 SOL800 The SSL ECV monitor cannot negotiate an SSLv2 connection
CR38086 SOL145 Copper gigabit switch ports should not allow manual media settings
CR38087 SOL145 Copper gigabit switch ports should not allow manual media settings
CR40319 SOL694 An error is displayed if you refresh the Configuration utility after creating a link
CR40826 SOL247 Header insert will not work when the full HTTP command is not received at once
CR40861 SOL699 SSL proxy address and port information is not checked for invalid addresses or characters
CR40884 SOL715 The Configuration utility prompts for a netmask for individual virtual servers
CR41694 SOL5144 ZebOS routing may not work correctly when SSL proxy target virtual servers are bound to loopback
CR41762 SOL151 The vlangroups global setting only applies to the first configured VLAN group
CR41763 SOL184 The Configuration utility will not create an ECV monitor that includes an Authorization: header
CR41764 SOL200 Insert mode cookie persistence may fail very rarely due to node-side packet loss
CR41766 SOL207 Virtual server performance is lower on virtual servers that have not processed L7 traffic
CR41767 SOL208 The header insert and erase features may not work when requests contain carriage returns before the command
CR41768 SOL4148 The bigpipe snatpool show command displays incorrect values for a new SNAT pool
CR41769 SOL209 In very rare circumstances, BIG-IP may crash repeatly
CR41771 SOL213 SNATs route by packet, rather than by connection as virtual servers do
CR41772 SOL216 Auto-lasthop prevents update of ARP information for self address traffic
CR41773 SOL222 Client MSS is not provided to the node when syncookies are in use
CR41774 SOL226 The system may crash when the target of a virtual server is changed
CR41775 SOL236 SIP persistence does not key connections to a particular virtual server
CR41775 SOL239 SIP persistence does not work correctly when the SIP connection is handled by a SNAT
CR41776 SOL240 It is not possible to set the global memory_reboot_percent to 0
CR41777 SOL241 The standby unit will configure a floating self address if it does not have its own self address
CR41779 SOL242 BIG-IP will send a reset to the node when deleting a connection that was never fully established
CR41780 SOL243 Connections may be deleted as much as 30 seconds after they are timed out
CR41781 SOL244 Priority load balancing does not work when minimum active members is set to 0
CR41782 SOL245 In rare circumstances, BIG-IP may crash during configsync
CR41783 SOL246 BigAPI may not free memory successfully in some circumstances
CR41784 SOL808 Reverse ECV monitors mark nodes up only as frequently as the timeout period
CR41785 SOL247 Header insert will not work when the full HTTP command is not received at once
CR41786 SOL249 The bigpipe interface command incorrectly reports the media type of fiber ports as 1000BaseTX
CR41788 SOL250 The status LED incorrectly displays green on a standby unit when a power supply has failed
CR41790 SOL251 BIG-IP cannot be configured to pass bootp traffic
CR41792 SOL256 BIG-IP reports that "Probe control features are not available" when VLAN mirroring is enabled
CR41793 SOL258 BIG-IP may report the CPU temperature as 255 degrees when it cannot determine the CPU temperature
CR41795 SOL265 Time zone information is not restored after system software is reinstalled
CR41798 SOL271 BIG-IP will not work correctly with administrative user names longer than 15 characters
CR41799 SOL298 Ratio settings are not available when ratio is used as the alternate load balancing mode
CR41803 SOL2942 Default gateway entry is converted to a default gateway pool
CR41805 SOL309 The telnet and FTP servers are not started when you enable telnet and FTP
CR41807 SOL310 Link statistics are not displayed correctly after links are added or removed
CR41819 SOL336 Disabling SNMP traps using the configuration utility causes an error
CR41820 SOL336 Disabling SNMP traps using the configuration utility causes an error
CR41822 SOL359 It is not possible to configure a URI path for a fallback host using the command line
CR41823 SOL363 Changes to bigdb keys are not saved unless the configuration is saved
CR41824 SOL371 Default gateway pools cannot be changed using the config command
CR41827 SOL428 The unit ID of a self address local to unit 2 is reported as unit 1 in active-active pairs
CR41832 SOL461 Changing the port of a virtual server will result in multiple virtual server statements
CR41833 SOL467 It is possible to partially remove a link by deleting its self address and VLAN
CR41834 SOL486 BIG-IP will continue to probe any routers that are defined for a datacenter, even if you have deleted all of the BIG-IP prober factories
CR41838 SOL520 The wlnode() function does not work with BEA Web Logic 7.0 and later versions
CR41848 SOL4407 An unhelpful error message is provided when a header insert is entered that is too long
CR41850 SOL654 Nodes that are monitored with a monitor rule are reported as unchecked
CR41851 SOL658 The symbolic link generation page does not provide scroll bars when output exceeds one screen
CR41860 SOL694 An error is displayed if you refresh the Configuration utility after creating a link
CR41861 SOL699 SSL proxy address and port information is not checked for invalid addresses or characters
CR41862 SOL715 The Configuration utility prompts for a netmask for individual virtual servers
CR41873 SOL727 The SNMPDCA monitor is not fully compatible with the Microsoft http_server MIB
CR41877 SOL761 The table that contains Nokia NetAct SNMP traps may grow very large and use disk space
CR41889 SOL783 Saved a new copies of snmptrap.conf can conflict after an upgrade
CR41891 SOL816 F5 source addresses are not added to hosts.allow when the support account is enabled
CR41892 SOL848 The beholder-ctrl bigstart script does not include the stop and start command functions, which results in an error
CR41895 SOL494 BIG-IP disables ARP for all of virtual servers even though it is disabled for only a single virtual server
CR41898 SOL1435 The Configuration utility allows a maximum of 15 characters for an Auth Model role in the Valid Roles list.
CR41900 SOL1566 Setup utility does not allow VLAN names with more than 12 characters
CR41901 SOL1643 The bigpipe verify command does not detect misspelled monitor names or monitors that do not exist.
CR41904 SOL1863 When attempting to print the snmpget help screen, the snmp_dca health monitor enters a loop
CR41905 SOL1864 SNMP monitoring software reports an error when it attempts to query the ifRcvAddressAddress OID entry in the ifRcvAddressEntry table
CR41913 SOL2100 The maximum value for 32-bit counters is 4,194,302
CR41915 SOL3344 SNMP statistics for the loopback interface are not collected
CR41916 SOL3344 SNMP statistics for the loopback interface are not collected
CR41918 SOL3566 When you restore the archived snmptrap.conf file after an upgrade, BIG-IP uses the previous version of the snmptrap.conf file.
CR41919 SOL3657 Available memory reported by the "memAvailReal" OID and the "vmstat" command differs
CR41921 SOL3775 BIG-IP doesn't provide data for existing pool members in the "PoolMemberEntry" OID table
CR41923 SOL4024 The Add Proxy pages do not work correctly with the Netscape Navigator browser.
CR41930 SOL5080 Gateway failsafe can cause a failover immediately after it is enabled
CR41936 SOL4301 Subject and Issuer data is not displayed correctly for certificates encoded using BMPSTRING or UTF8STRING
CR41942 SOL4407 An unhelpful error message is provided when a header insert is entered that is too long
CR41985 SOL5135 BIG-IP may fail back to a previous failover state in a very specific and unusual configuration
CR42010 SOL5141 Retransmissions from node to client may be dropped after packet loss between client and BIG-IP
CR42057 SOL497 The bigpipe proxy show command may not display the correct values for current and max connections
CR42114 SOL5142 Health monitors may attempt to use source ports that are already in use
CR42119 SOL5143 Web aggregation may fail when a default SNAT automap is enabled
CR42147 SOL4717 BIG-IP changes the interface media settings after running the Setup utility
CR42150 SOL5144 ZebOS routing may not work correctly when SSL proxy target virtual servers are bound to loopback
CR42907 SOL5023 BIG-IP can run out of memory when loading very large configurations
CR43900 SOL4252 The bigpipe pool command does not display SIP persistence records
CR45017 SOL5040 The PVA will reconfigure itself if it detects duplicate SSL proxy addresses
CR46405 SOL4810 BIG-IP and 3-DNS may report "date not found" during installation
CR46407 SOL4810 BIG-IP and 3-DNS may report "date not found" during installation
CR46509 SOL4497 Switch appliances do not send an SNMP trap when booting because the switch ports are disabled
CR46515 SOL5039 The Configuration utility cannot successfully import FIPS keys
CR46516 SOL5039 The Configuration utility cannot successfully import FIPS keys
CR46624 SOL5074 BIG-IP ignores the first data packet when syn cookie processing is active
CR46624 SOL5074 BIG-IP ignores the first data packet when syn cookie processing is active
CR46706 SOL5149 BIG-IP will disable ARP for SNAT automap if ARP is disabled on a wildcard virtual server
CR46975 SOL4596 iRules that contain a large number of decode_uri functions may fail
CR46976 SOL4596 iRules that contain a large number of decode_uri functions may fail
CR47153 SOL4579 Connection mirroring does not work on virtual servers that use cookie persistence
CR47221 SOL4575 BIG-IP will silently remove asterisks from auth model group names
CR47235 SOL4572 The login.conf file may be overwritten during an upgrade
CR47236 SOL4572 The login.conf file may be overwritten during an upgrade
CR47237 SOL4583 The BIG-IP system is vulnerable to VU#222750
CR47261 SOL4583 The BIG-IP system is vulnerable to VU#222750
CR47262 SOL4583 The BIG-IP system is vulnerable to VU#222750
CR47276 SOL4574 BIG-IP and 3-DNS will not prevent you from installing unsupported versions on older hardware
CR47296 SOL4583 The BIG-IP system is vulnerable to VU#222750
CR47719 SOL4819 The BIG-IP system might become unresponsive when performing delayed binding operations
CR47829 SOL4821 The BIG-IP system might reset HTTP connections that contain a retransmitted response
CR47830 SOL4821 The BIG-IP system might reset HTTP connections that contain a retransmitted response
CR47979 SOL4665 Editing IP filters and ICMP packet denial
CR48148 SOL5040 The PVA will reconfigure itself if it detects duplicate SSL proxy addresses
CR48152 SOL4809 BIG-IP and 3-DNS are vulnerable to CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280
CR48153 SOL4809 BIG-IP and 3-DNS are vulnerable to CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280
CR48262 SOL4583 The BIG-IP system is vulnerable to VU#222750
CR48301 SOL4718 When configured to perform header insertion, a buffer overrun can cause BIG-IP to behave unpredictably
CR48313 SOL4583 The BIG-IP system is vulnerable to VU#222750
CR48563 SOL4821 The BIG-IP system might reset HTTP connections that contain a retransmitted response
CR48598 SOL5052 An SSL proxy will not attempt to reconnect to an LDAP server after failing three attempts
CR48599 SOL5052 An SSL proxy will not attempt to reconnect to an LDAP server after failing three attempts
CR48750 SOL4853 When running more than 400 SSL health monitors, the bigd process may run out of memory
CR48759 SOL4854 Rule operations that match content will fail if the text ends in a duplicated character followed by an underscore
CR48761 SOL4854 Rule operations that match content will fail if the text ends in a duplicated character followed by an underscore
CR49272 SOL4532 The BIG-IP system and 3-DNS Controller are vulnerable to CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228
CR49273 SOL4532 The BIG-IP system and 3-DNS Controller are vulnerable to CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228
CR49295 SOL5023 BIG-IP can run out of memory when loading very large configurations
CR49336 SOL4616 BIG-IP and 3-DNS are vulnerable to CAN-2005-0488
CR49337 SOL4616 BIG-IP and 3-DNS are vulnerable to CAN-2005-0488
CR49454 SOL5070 BIG-IP does not delete mirrored SSL session ID persistence records
CR49455 SOL5070 BIG-IP does not delete mirrored SSL session ID persistence records
CR49457 SOL5045 The active unit may crash after failover when mirroring is enabled
CR49458 SOL5045 The active unit may crash after failover when mirroring is enabled
CR49691 SOL4326 BIG-IP may panic when mirroring large numbers of SSL session ID persistence records
CR49692 SOL4326 BIG-IP may panic when mirroring large numbers of SSL session ID persistence records
CR49695 SOL5069 The SNMP daemon may become unresponsive or crash when sending data
CR49696 SOL5069 The SNMP daemon may become unresponsive or crash when sending data
CR49773 SOL5083 Connections may not be rebound to a new node after all nodes became unavailable
CR49774 SOL5083 Connections may not be rebound to a new node after all nodes became unavailable
CR50382 SOL4331 BIG-IP may send a reset to the wrong VLAN when a rule results in a discard statement
CR50383 SOL4331 BIG-IP may send a reset to the wrong VLAN when a rule results in a discard statement
CR50387 SOL4808 NTLM authentication may fail when a site is accessed through a delayed binding virtual server
CR50712 SOL4808 NTLM authentication may fail when a site is accessed through a delayed binding virtual server
CR51441 SOL144 Internal, hidden interfaces might be displayed by bigpipe vlan fdb show command
CR58321 SOL6551 Changes in US and Canada Daylight Saving Time
N/A SOL4001 The checktrap.pl script will now allow the question mark (?) character

 

[ Top ]