Release Notes : WebAccelerator version 5.3.1

Applies To:

Show Versions Show Versions

Web Accelerator 5.x

  • 5.3.1
Release Notes
Updated Date: 04/18/2019

Summary:

This release note documents the version 5.3.1 maintenance release of the WebAccelerator system. We recommend this maintenance release only for those customers who want the fixes and enhancements listed in Fixes and enhancements in this release. This maintenance release is cumulative, and includes all fixes and enhancements released since version 5.2. You can apply the software upgrade to 5.2 and later. For information about installing the software, please refer to Initial configuration and license activation.

Note: F5 now offers both feature releases and maintenance releases. For more information on our release policies, please see Description of the F5 Networks software version number formats.

Contents:

User documentation for this release

In addition to these release notes, the following user documentation is relevant to this release.

You can find the product documentation and the solutions database on the AskF5 Technical Support web site.


Supported browser

The supported browser for the Administrator Tool is:

Microsoft® Internet Explorer®, version 6.0

     

Supported platforms

This release supports the following platforms:

  • 400
  • 4500

If you are unsure which platform you have, look at the sticker on the back of the chassis to find the platform number.


Initial configuration and license activation

To activate the software, you need a valid license certificate. To obtain a license certificate, the WebAccelerator system provides a registration key and a dossier to the F5 Networks licensing server when you perform the following steps:

  • Connect the WebAccelerator system to a computer running terminal emulation software.
  • Perform the initial configuration of the WebAccelerator system.
  • Activate the WebAccelerator system’s license.

Connecting the WebAccelerator system to a computer running terminal emulation software

The first procedure you must complete is to connect the WebAccelerator system platform to a computer that is running terminal emulation software.

To connect the WebAccelerator system to a computer running terminal emulation software

 
  1. Connect the null modem cable to the DB9 port labeled CONSOLE on the WebAccelerator system.
  2. Connect the null modem cable to a serial port on the system with the terminal emulation software.
  3. Start the terminal emulation software.
  4. Set the terminal emulation software to 19200 baud and choose the correct serial device.
  5. Turn on the WebAccelerator system.
    It may take a few minutes for the terminal emulator to connect. Once it connects, the Management Console displays.

Performing initial configuration of the WebAccelerator system

After you connect to a terminal emulator, you must complete the initial configuration of the WebAccelerator system and the verify the configuration.

To perform the initial WebAccelerator system configuration

 
  1. From the WebAccelerator system’s Management Console's Enter option prompt, type 1, Configure Appliance.
  2. At the User name prompt, type the user name root.
  3. At the Password prompt, type the default password ncwebacc999.
  4. At the Enter option prompt, type 1, Configure Network.
  5. At the Appliance Hostname prompt, type the WebAccelerator system's host name.
  6. At the Use DHCP prompt, type n.
  7. At the IP address prompt, type the WebAccelerator system's IP address.
  8. At the Net Mask prompt, type the WebAccelerator system's netmask address.
  9. At the Gateway prompt, type the WebAccelerator system's gateway address.
  10. At the Broadcast Address prompt, type the WebAccelerator system's broadcast address.
  11. At the Network Address prompt, type the WebAccelerator system's network address.
  12. At the Primary and Secondary Nameserver prompts, type the IP address or host name for the primary and secondary DNS servers.
  13. At the hostname of the reference NTP server prompt, type the hostname of the reference NTP server. The Main Menu displays.
  14. At the prompt, type S to save the configuration.
    The Management Console displays.
  15. At the Enter option menu, type 7, Reboot Appliance, to save the changes.

     
To verify the WebAccelerator system's configuration

 
  1. At the password prompt, type the default password, ncwebacc999.
    The WebAccelerator system reboots.
  2. At the Enter option prompt, type 2, Run Interactive Shell.
  3. At the Password prompt, type the default password ncwebacc999.
  4. Verify that the /etc/hosts file contains the IP address and corresponding host name that you configured by typing more /etc/hosts.
  5. Verify that the /etc/resolv.conf file contains the IP address of the name server and the WebAccelerator system's domain name that you configured by typing more /etc/resolv.conf.
  6. Restart the Web Accelerator system processes by typing /etc/init.d/pivia restart

Activating the WebAccelerator system license

To activate the system license, you need a valid license certificate. To obtain a license certificate, you must provide the WebAccelerator system's registration key and a dossier to the F5 Networks licensing server, using one of the following methods:

  • Automatic activation
    Use this method if the WebAccelerator system has direct access to the Internet.
  • Manual activation
    Use this method if your WebAccelerator system is on a private network with no direct access to the Internet. Note that you must have a system that does have access to the Internet to retrieve the product license.

     
To license a WebAccelerator system using automatic license activation

 
  1. Into the address line of an Internet web browser, type the address https://<WebAccelerator IP address>:8443/
    where <WebAccelerator IP address> is the IP address you assigned to the WebAccelerator system during the initial configuration procedure.
    The WebAccelerator system’s log in page displays.
  2. Into the username box, type administrator.
  3. Into the password box, type ncwebacc999.
  4. Click the Activate licensing link.
    The activate licensing screen displays.
  5. Into the Base registration key box, type the base registration key.
  6. Click the Automatic button.
  7. Click the Next button.
    The EULA displays.
  8. Review the EULA. The system is not fully functional until you click the Accept button.

    Once you accept the EULA, the WebAccelerator system retrieves the dossier and sends it to the F5 license server. After the WebAccelerator system receives the signed license file from the F5 license server, it installs the license and displays a message indicating that the licensing process is successful.

     
To license a WebAccelerator system using manual license activation

 
  1. Into the address line of an Internet web browser, from a client machine that has access to the Internet, type the address https://<WebAccelerator IP address>:8443/
    where <WebAccelerator IP address> is the IP address you assigned to the WebAccelerator system during the initial configuration procedure.
    The WebAccelerator system’s log in page displays.
  2. Into the username box, type administrator.
  3. Into the password box, type ncwebacc999.
  4. Click the Activate licensing link.
    The activate licensing screen displays.
  5. Into the Base registration key box, type the base registration key.
  6. Click the Manual button.
  7. Click the Next button.
    The licensing screen displays.
  8. Select and copy the entire contents of the Dossier box.
  9. Click the Click here to access F5 Licensing Server link.
    A new browser window opens, displaying the F5 Product Licensing page.
  10. Into the Enter your dossier box of the F5 Product Licensing page, paste the WebAccelerator system’s dossier that you coped in step 8, and click the Next button.
    The screen refreshes, displaying the WebAccelerator system's product license.
  11. From the F5 Product Licensing page, copy the WebAccelerator system's product license.
  12. Into the License box of the WebAccelerator system’s license page, paste the license that you copied in step 11.
  13. Click the Next button.
    The EULA displays.
  14. Review the EULA. The system is not fully functional until you click the Accept button.

    Once you accept the EULA, the WebAccelerator system retrieves the dossier and sends it to the F5 license server. After the WebAccelerator system receives the signed license file from the F5 license server, it installs the license and displays a message indicating that the licensing process is successful.

     

Activating the WebAccelerator system license on a remote WebAccelerator system

To obtain a license certificate for a remote WebAccelerator system in an optional clustered configuration, you must provide the remote WebAccelerator system's registration key and a dossier to the F5 Networks licensing server, using one of the following methods:

  • Automatic activation for a remote WebAccelerator system
    Use this method if the remote WebAccelerator system has direct access to the Internet.
     
  • Manual activation for a remote WebAccelerator system
    Use this method if the remote WebAccelerator system does not have direct access to the Internet and you are accessing the licensing server from a computer running terminal emulation software.

     
To license a remote WebAccelerator system using automatic license activation

 
  1. From the log on prompt of the remote WebAccelerator system, type the user name root and the default password ncwebacc999.
    The WebAccelerator system displays the Management Console.
  2. At the Enter option prompt, type 0, License Appliance.
  3. At the Enter base registration key prompt, verify that the 25-character registration key is correct.
  4. At the Do you want to license automatically? [yes|no]: prompt, type yes.

    The End User License Agreement (EULA) displays.
  5. Review the EULA.
    The system is not fully functional until you type yes to accept the EULA.

    Once you accept the agreement, the WebAccelerator system retrieves the dossier and sends it to the F5 license server. Once the WebAccelerator system receives the signed license file from the F5 license server, it installs the license and displays a message indicating that the licensing process is successful.

     
To license a remote WebAccelerator system using manual license activation

 
  1. From the log on prompt of the remote WebAccelerator system, type the user name root and the default password ncwebacc999.
    The WebAccelerator system displays the Management Console.
  2. At the Enter option prompt, type 0, License Appliance.
  3. At the Enter base registration key prompt, verify that the 25-character registration key is correct.
  4. At the Do you want to license automatically? [yes|no]: prompt, type no.
    The WebAccelerator system displays the dossier.
  5. Select and copy the entire dossier.
  6. Into the address line of an Internet web browser, type the address https://activate.f5.com/license/.
    The F5 Product Licensing page displays.
  7. Into the Enter your dossier box of the F5 Product Licensing page, paste the WebAccelerator system’s dossier that you copied in step 5, and click the Next button.
    The screen refreshes, displaying the WebAccelerator system's product license.
  8. From the F5 Product Licensing page, copy the WebAccelerator system's product license.
  9. Into the WebAccelerator system, paste the license that you copied in step 8 and press the Enter key twice.
    The WebAccelerator system installs the license and displays a message indicating that the licensing process is successful.

Fixes and enhancements in this release

This release includes the following fixes and enhancements.

Reconnecting to the comm_srv process after lost connectivity (CR68983)
Previously, when connectivity was disrupted between WebAccelerator systems in a clustered configuration, remote WebAccelerator systems could not reconnect to the comm_srv process on the central WebAccelerator system when the connectivity issue was fixed. We have resolved this issue and remote WebAccelerator systems can now properly reconnect to the comm_srv process once connectivity is reestablished with the central WebAccelerator system.

Performing automatic license activation from a WebAccelerator system with no Internet access (CR70227)
Previously, if a user attempted to perform automatic license activation from a WebAccelerator system that had no Internet access, the WebAccelerator system would enter an infinite error loop and the Management Console would become disabled. We have resolved this issue and now if a user attempts to perform automatic license activation from a WebAccelerator system with no Internet access, the WebAccelerator system will return an error, but the Management Console will remain accessible.

Synchronizing an upgrade between primary and secondary WebAccelerator systems (CR73036)
In previous releases, when you upgraded a WebAccelerator system that was in an optional primary/secondary configuration, the installer script did not properly synchronize the upgrade to the secondary WebAccelerator system’s Management Console. We have resolved this issue and the Management Consoles now properly synchronizes after an upgrade.

MIME types and file extensions for Flash content (CR73144)
This software release includes MIME types and file extensions required for Flash documents. These new objects are located in the globalfragment.xml file.

Accessing the Administrator Tool on the WebAccelerator 400 platform (CR73242)
Previously, performance of the Administrator Tool on the WebAccelerator 400 platform was impaired. We have resolved these performance issues in this software release.

Using the Express Loader feature in a clustered configuration (CR73647)
Previously, the Express Loader feature did not work properly on remote WebAccelerator systems deployed in an optional clustered configuration. We have resolved this issue and the Express Loader feature now operates correctly on both remote and the central WebAccelerator systems.

Unnecessary DNS lookups (CR73690)
Previously, the WebAccelerator system performed unnecessary DNS lookups for host names that were already configured in the /etc/host file. We have resolved this issue and the WebAccelerator system no longer performs unnecessary DNS lookups.

Daylight Saving Time handling for US and Canada (CR73948)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. We have addressed the resulting changes in this software release. To find out more about this issue, see Solution 6551: F5 Networks software compliance with the Energy Policy Act of 2005

Serial console script (CR74285)
In previous releases the serial console script, appl_console, did not run correctly and instead of displaying the WebAccelerator system’s Management Console menu, it presented the user with a log in prompt. We have corrected this issue and the appl_console script now runs correctly and properly displays the WebAccelerator system’s Management Console menu.

Idle server connections (CR76075)
In previous releases, the WebAccelerator system kept connections open to the origin web servers longer than necessary, which resulted in idle server connections that could cause potential network latency. In this software release, the WebAccelerator system’s pvac service reduces idle server connections.

Sending Accept-Encoding gzip headers (CR77972)
When enabled in the pvsystem.conf file, the WebAccelerator can send Accept-Encoding headers with the value of gzip to the origin web server to optimize bandwidth requirements in certain network configurations by compressing content. For information about how to enable this feature, see To enable the Accept-Encoding gzip feature in the Optional Configuration Change section.

CVE-2007-1856 Vixie cron vulnerability causes denial of service (CR80063)
This software release contains a fix that resolves a vulnerability issue associated with Vixie cron that can cause a denial of service. The Common Vulnerabilities and Exposures (CVE) project assigned ID CVE-2007-1856 to this vulnerability. For more information, see CVE-2007-1856.

CVE-2006-1174 Local permissions vulnerability with the shadow-utils useradd function (CR81597)
This software release contains a fix that resolves a permissions vulnerability issue related to the useradd function of the shadow-utils. The Common Vulnerabilities and Exposures (CVE) project assigned ID CVE-2006-1174 to this vulnerability. For more information, see CVE-2006-1174.

Database synchronization to the standby WebAccelerator system’s Management Console (CR82446)
In previous versions, the database synchronization to the standby WebAccelerator system’s Management Console appeared to fail, due to an issue in the logging script. We have corrected the logging script and resolved this issue.

Daylight Saving Time handling for New Zealand (CR85165)
In April 2007, the New Zealand Department of Internal Affairs announced that effective September 2007, Daylight Savings Time will be extended by three weeks. We have addressed the resulting changes in this software release.

CVE-2007-3999 and CVE-2007-4000 Kerberos 5 administration daemon vulnerabilities (CR85166)
This software release contains a fix that resolves vulnerability issues with the Kerberos 5 administration daemon, kadmind. The Common Vulnerabilities and Exposures (CVE) project assigned ID CVE-2007-3999 and CVE-2007-4000 to these vulnerabilities. For more information, see CVE-2007-3999 and CVE-2007-4000.

CVE-2007-3108 Open SSL RSA private key vulnerability (CR85168)
This software release contains a fix that resolves a vulnerability issue with the Montgomery multiplication process associated with RSA private keys. The Common Vulnerabilities and Exposures (CVE) project assigned ID CVE-2007-3108 to this vulnerability. For more information, see CVE-2007-3108.

CVE-2007-3798 TCP dump integer overflow in print_bgp.c dissector vulnerability (CR85202)
This software release contains a fix that resolves a vulnerability issue with the TCP dump integer overflow in the print_bgp.c dissector. The Common Vulnerabilities and Exposures (CVE) project assigned ID CVE-2007-3798 to this vulnerability. For more information, see CVE-2007-3798.


Fixes and enhancements in prior maintenance releases

The current release includes the fixes and enhancements that were distributed in prior maintenance releases, as listed below. (Prior releases are listed with the most recent first.)

Version 5.2

The 5.2 maintenance release included the following fixes and enhancements.

Pre-defined policies
This WebAccelerator system includes the following pre-defined policies:

  • BEA AquaLogic™ (Plumtree® with Collaboration)
  • BEA AquaLogic™ (Plumtree® without Collaboration)
  • BEA WebLogic®
  • Hyperion Financial™
  • IBM WebSphere®
  • IBM Lotus Domino®
  • Microsoft® Internet Information Service (IIS)
  • Microsoft® Outlook® Web Access (OWA)
  • Microsoft® SharePoint® Services
  • Oracle® 11i
  • Oracle® JD Edwards ERP
  • Oracle® Peoplesoft
  • Oracle® Portal
  • Oracle® Siebel™ CRM
  • SAP® Portal
  • Symmetric Deployment
  • Level 1 Delivery
  • Level 2 Delivery

Web Accelerator 4500 Platform
WebAccelerator system includes support for the 4500 platform. This platform includes two 139GB RAID hard drives and redundant power supplies to ensure continuous operation in the event of power supply failure. Additionally, this platform is compliant with the Restriction of Hazardous Substances (RoHS) regulations and meets RoHS guidelines regarding lead-free electronic equipment.

PDF version 1.4 documents (CR65046)
The WebAccelerator system now properly handles PDF version 1.4 documents.

X-PvInfo response header value (CR65047)
The value for the X-PvInfo response header's S code, which under certain conditions was incorrectly displaying a value of 0, now displays the proper value.


Required configuration change

After you install the WebAccelerator software, or any time you modify the pvsystem.conf file, you must stop and restart the WebAccelerator system, by typing the following commands:

service pivia stop
service pivia start


Optional configuration change

This software release introduces a feature that forces the WebAccelerator system to always request from the origin web server, content that is compressed using the gzip utility, if it is available. The procedure you use to enable this feature depends on if you have upgraded from WebAccelerator system version 5.2 to version 5.3.1, or if you performed a fresh install of version 5.3.1.

To enable the Accept-Encoding gzip feature for a WebAccelerator system version upgraded from version 5.2 to version 5.3.1

If you upgraded from WebAccelerator system version 5.2 to version 5.3.1, complete the following procedure to enable the Accept-Encoding gzip feature.

  1. Using SSH, log in to the WebAccelerator system using the root username and password.

  2. At the command line, switch to the opt/pivia/dac/conf directory by typing the following command:

    cd /opt/pivia/dac/conf

  3. Using a text editor, view the pvsystem.conf file and locate the following line:

    <forceAcceptGzipUserAgentExpr></forceAcceptGzipUserAgentExpr>

  4. Add the following lines:

    <!--
        forceOWSGzippedRequests globaly sets the HTTP request header that is send to the OWS.
        If a request is sent to another WebAccelerator only GZIP is sent in the header otherwise
        we use this setting. true|false
    -->
    <forceOWSGzippedRequests>true</forceOWSGzippedRequests>
     

  5. Save the change and close the text editor.
  6. Restart the WebAccelerator system by typing the following command:

    /etc/init.d/pivia restart

To enable the Accept-Encoding gzip feature for a WebAccelerator system version 5.3.1 fresh installation

If you performed a fresh installation of WebAccelerator system version 5.3.1, complete the following procedure to enable the Accept-Encoding gzip feature.

  1. Using SSH, log in to the WebAccelerator system using the root username and password.

  2. At the command line, switch to the opt/pivia/dac/conf directory by typing the following command:

    cd /opt/pivia/dac/conf

  3. Using a text editor, view the pvsystem.conf file and locate the following line:

    <forceOWSGzippedRequests>false</forceOWSGzippedRequests>

  4. Edit the line so that it appears as follows:

    <forceOWSGzippedRequests>true</forceOWSGzippedRequests>

  5. Save the change and close the text editor.
  6. Restart the WebAccelerator system by typing the following command:

    /etc/init.d/pivia restart


Known issues

The following items are known issues in the current release. Maintenance release known issues are cumulative, and include all known issues for a release.

Loading pre-defined policies during initial WebAccelerator software installation (CR68441)
When performing the initial installation of the WebAccelerator software, a pre-defined policy may fail to load. If this occurs, the WebAccelerator system reports the failure in the installation log, and the policy does not display in the pre-defined policy list. To view the installation log, type the more /tmp/pvinstall.log command. If the installation log reports missing policies, see Installing pre-defined policies manually in the Workaround for known issue section.

pvac stack trace reports error (CR68783)
When the pvac process shuts down for any reason (for instance, if you use the /etc/init.d/pivia stop command to shut it down manually, or if you reboot the WebAccelerator system), and then you view the version information using the /etc/init.d/pivia versionx, the pvac stack trace reports the following error message: Caught terminating signal, probably due to invalid application state. This error is benign.

Network configuration script (CR68985)
The network configuration script does not validate network configuration settings, and the Management Console does not report any existing network misconfigurations. To avoid issues, verify your network settings carefully before saving the configuration and rebooting the WebAccelerator system. If you discover an error in your network configuration during your review, rerun the network configuration script and correct the issue before rebooting.

Providing the dossier for licensing (CR70231)
When you are using the Management Console to manually license the WebAccelerator system, the dossier does not display properly. To work around this issue, license the WebAccelerator system using the procedure described in Solution 6697: Installing a license from the command line on AskF5.


Workaround for known issue

The following section describes the workaround for the corresponding known issue listed in the previous section.

Installing pre-defined policies manually (CR68441)

If the installation log reports missing pre-defined policies after you perform the initial installation of the WebAccelerator software, perform the following steps to install the missing policies manually.

To manually install missing pre-defined policies

  1. Type the following command:

    /etc/init.d/pivia import_config -f /opt/pivia/dac/policies/predefined/FAILED_POLICY.xml -c /opt/pivia/dac/conf/pvsystem.conf -a administrator -p PASSWORD -r -u -y

    Where:

    PASSWORD is the administrator password you assigned when you installed the WebAccelerator software.
    FAILED_POLICY.xml is the name of the missing policy, as reported in the installation log.

     

  2. After the policy loads, reboot the WebAccelerator system by typing the following command:

    reboot


Contacting F5 Networks

  Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com


This product protected by U.S. Patents 6,505,230; 6,640,240; 6,772,203; and 6,970,933. Other patents pending.