Release Notes : BIG-IP Fraud Protection Service 13.0.0

Applies To:

Show Versions Show Versions


  • 13.0.0
Release Notes
Original Publication Date: 03/24/2017 Updated Date: 04/18/2019


These release notes document the version 13.0.0 release of BIG-IP Fraud Protection Service (FPS). You can apply the software upgrade to systems running software versions 11.6.x and 12.x.

Note: FPS 13.0.0 can be used only with WebSafe Dashboard 4.0. Earlier versions of the WebSafe Dashboard are not compatible with FPS 13.0.0.


Platform support

This version of the software is supported on the following platforms:

Platform name Platform ID
BIG-IP 6900 FIPS D104
BIG-IP 11000 E101
BIG-IP 11050, 11050 NEBS E102
BIG-IP 2000 Series (2000s, BIG-IP 2200s) C112
BIG-IP 4000 Series (4000s, BIG-IP 4200v) C113
BIG-IP 5000 Series (5000s, 5050s, 5200v, 5250v) C109
BIG-IP 7000 Series (7000s, 7050s, 7055, 7200v, 7250v, 7255) D110
BIG-IP 10050 Series (10150s-NEBS, 10350v (AC), 10350v-NEBS, 10350v-FIPS) D112
BIG-IP 10000 Series (10000s, 10050s, 10055, 10200v, 10250v, 10255) D113
BIG-IP 12000 Series (12250v) D111
BIG-IP i2000 Series (i2800) C117
BIG-IP i4000 Series (i4800) C115
BIG-IP i5000 Series (i5600/i5800) C119
BIG-IP i7000 Series (i7600/i7800) C118
BIG-IP i10000 Series (i10600/i10800) C116
VIPRION B2100 Blade A109
VIPRION B2150 Blade A113
VIPRION B2250 Blade A112
VIPRION B4300, B4340N Blade A108, A110
VIPRION B4450 Blade A114
VIPRION C2200 Chassis D114
VIPRION C2400 Chassis F100
VIPRION C4480, C4480N Chassis J102, J103
VIPRION C4800, C4800N Chassis S100, S101
Virtual Edition (VE) Z100
vCMP Guest Z101

These platforms support various licensable combinations of product modules. This section provides general guidelines for module support.

Most of the support guidelines relate to memory. The following list applies for all memory levels:

  • vCMP supported platforms
    • VIPRION B2100, B2150, B2250, B4200
    • VIPRION B4300 blade in the 4400(J100)/4480(J102) and the 4800(S100)
    • BIG-IP 5200v, 5250v, 7200v, 7250v, 10200v, 10250v, 10350v, 12250v

Memory: 12 GB or more

All licensable module-combinations may be run on platforms with 12 GB or more of memory, and on VE and vCMP guests provisioned with 12 GB or more of memory. Note that this does not mean that all modules may be simultaneously provisioned on all platforms with 12 GB or more of memory. The BIG-IP license for the platform determines which combination of modules are available for provisioning.

Memory: 8 GB

The following guidelines apply to the BIG-IP 2000s, 2200s, 3900, 6900 platforms, to the VIPRION B4100 and B4100N platforms, and to VE guests configured with 8 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus does not fit in this category.)

  • No more than three modules should be provisioned together.
  • On the 2000s and 2200s, Application Acceleration Manager (AAM) can be provisioned with only one other module.
  • To use Access Policy Manager (APM) and Secure Web Gateway (SWG) modules together on platforms with exactly 8 GB of memory, Local Traffic Manager (LTM) provisioning must be set to None.

Memory: Less than 8 GB and more than 4 GB

The following guidelines apply to platforms, and to VE and vCMP guests provisioned with less than 8 GB and more than 4 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus fits in this category.)

  • No more than three modules (not including AAM) should be provisioned together.
  • Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.
  • Analytics (AVR) counts towards the two module-combination limit (for platforms with less than 6.25 GB of memory).

Memory: 4 GB or less

The following guidelines apply to the BIG-IP 1600 and 3600 platforms, and to VE and vCMP guests provisioned with 4 GB or less of memory.

  • No more than two modules may be configured together.
  • AAM should not be provisioned, except as Dedicated.
  • ASM can be provisioned with this amount of memory, but a sizing exercise should be performed to ensure that it does not hit capacity issues.

vCMP memory provisioning calculations

The amount of memory provisioned to a vCMP guest is calculated using the following formula: (platform_memory- 3 GB) x (cpus_assigned_to_guest/ total_cpus).

As an example, for the B2100 with two guests, provisioned memory calculates as: (16-3) x (2/4) ~= 6.5 GB.

For certain platforms, the vCMP host can allocate a single core to a vCMP guest. However, because a single-core guest has relatively small amounts of CPU resources and allocated memory, F5 supports only the following products or product combinations for a single-core guest:
  • BIG-IP LTM standalone only
  • BIG-IP GTM standalone only
  • BIG-IP LTM and GTM combination only

Configuration utility browser support

The BIG-IP Configuration Utility supports these browsers and versions:

  • Microsoft Internet Explorer 11.x
  • Mozilla Firefox v40, or later
  • Google Chrome v44, or later

User documentation for this release

For documentation related to this release, contact the F5 sales team.

Upgrading to BIG-IP 13.0.0 from a previous version

  • When upgrading FPS from BIG-IP 12.0.0 or 12.1.0 to 13.0.0, you should delete the mobile security alerts URL (typically /rstats/) and the alert routing iRule on all mobile security profiles.
  • Due to changes in malware detection configuration in BIG-IP 13.0.0, after upgrading FPS from BIG-IP 11.6.x, 12.0.0, or 12.1.0, a user-defined malware type is automatically created by the system that contains the malware detection configuration from the previous BIG-IP version. The name of this malware type is general.

Fixes, behavior changes, and known issues

For a comprehensive list of fixes, behavior changes, and known issues for this release, refer to the BIG-IP 13.0.0 Release Information page.

New in 13.0.0

F5 Networks provides Fraud Protection Service (FPS) that detects and protects customer's web sites and mobile apps from fraud attacks, such as malware and phishing. Using layered security, automatic engines, and a 24/7 security operation center (SOC), FPS efficiently detects attacks as they are being set up, monitors the fraudulent activity, and documents the incident. Users can view notifications of fraud incidents by means of alerts sent to the FPS Dashboard.

New FPS features in BIG-IP 13.0.0 include:

Device ID for the client’s computing device

FPS can now create a fingerprint for identifying the client's browser. This fingerprint is included in alerts sent to the FPS Dashboard or BIG-IQ Logging Nodes.

Improved support for Single Page Applications (SPA)

FPS 13.0.0 can perform the following actions on full JSON payloads:
  • Encryption/decryption
  • Identify a username contained in a payload
  • Detect data manipulation within a payload

Additional iRules flexibility

FPS 13.0.0 provides additional iRules flexibility so that the various type of FPS detection and protection can be disabled on protected URLs for the current HTTP request. Specifically, the following FPS detection and protection can be disabled: Malware Detection, Phishing Detection, Application Layer Encryption, and Automatic Transactions Detection.

Improved debug troubleshooting for the specific client

Debug logging has been added to FPS 13.0.0. When this feature is enabled, a debug output log is generated encrypted on the client-side and when sent to the Dashboard alert server can be viewed decrypted.

Applying malware detection to user-defined malware types

FPS malware detection has a default set of malware types that it can detect on your anti-fraud profile. If you want FPS to check for a malware type that is not part of its default set, you can now define a malware type using the FPS Malware Configuration settings. You can configure FPS to detect a malware type by means of:
  • URLs that the malware can block (domain availability)
  • Resources in the client's web browser that can be loaded from the malware (browser cache)
  • Baits that can attract the malware

Malware Overview

The FPS GUI now displays a Malware Overview, per URL, that presents:
  • A summary of the types of malware FPS is currently configured to detect on the URL, including user-defined types,
  • Which types of malware detection FPS applies to the URL.

Automatic transaction configuration per URL

Almost all Automatic Transaction settings are now configured per URL and not on the profile level. This allows for more variation and flexibility when configuring Automatic Transactions detection on the URLs in your profile.

CSP Header support

FPS can now modify CSP headers in HTTP responses to ensure that the FPS JavaScript can run on the customer’s web page.

Cloning a URL

In FPS 13.0.0, you can create a new URL using the Clone button so that the new URL receives exactly the same configuration settings of an existing URL, including all URL parameters. This is useful in situations where the URL of the form action in a page is different than the URL of the page itself, in which case you would need to have the same URL configuration for both URLs.

Mobile Security repackaging detection (encryption enforcement)

By applying certain configurations on URL parameters, FPS Mobile Security can now ensure that parameters in an HTTP request coming from a mobile app are encrypted using FPS Application Level Encryption. If the FPS system detects that a parameter value is actually not encrypted when the system expects it to be, its value is nullified.

Keylogger Detection on Android mobile devices

When using FPS 13.0.0 with MobileSafe SDK version or later, FPS can detect certain keyloggers based on their characteristics on Android devices.

Contacting F5 Networks

For additional information, please visit

How to Contact F5 Support or the Anti-Fraud SOC

You can contact a Network Support Center as follows:

You can manage cases online at F5 WebSupport (registration required). To register email with your F5 hardware serial numbers and contact information.

You can contact the Anti-Fraud SOC as follows:

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.


AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 Publication Preference Center

To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.

  • TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
  • TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
  • Security Alerts: Timely security updates and ASM attack signature updates from F5.

Legal notices