BIG-IQ Centralized Management version 5.4.0 introduces the following new features:

Role-based user access

You can now customize user access to managed devices, based on job responsibilities. This allows you to give specific permissions to view or modify only those BIG-IP objects you explicitly assign to a user.

Pre- and post-upgrade backups for several managed devices at once

You can now create backups from BIG-IQ for one or more BIG-IP devices before and after you upgrade them.

Change root and admin passwords for several managed devices at once

From BIG-IQ, you can change the root and/or admin passwords for one or more devices at the same time.

Support for creating and running custom scripts for managed devices

From BIG-IQ, you can create custom scripts to run on your managed devices. For example, you could create a script that sets the DNS, NTP, host, and so forth for several of your managed devices.

Custom application template catalog

You can create an application template catalog to help you rapidly deploy applications to multiple BIG-IP devices from BIG-IQ.

Copy monitor and profiles

Standardizing BIG-IP applications is even easier because you can copy monitors and profiles from managed BIG-IP devices and deploy to other BIG-IP devices from BIG-IQ.

Pool member management

Interact (view, enable, disable, force offline) with your BIG-IP pool members from a single screen..

Licensing unmanaged devices

BIG-IQ can work through an orchestrator to create and install a license for unreachable or disconnected BIG-IP devices.

Firewall packet tester

You can now determine from BIG-IQ how any packets will be handled by AFM for debugging and policy validation.

Additional support for firewall NAT feature

BIG-IQ supports the firewall NAT feature introduced in BIG-IP version 12.0 and introduced NAT functionality in the firewall similar to a traditional firewall vendor with AFM- specific features (such as log throttling and customizable logging) for consistency with other AFM features.

Support for send-to-virtual actions for firewall rules

BIQ-IQ now supports "send-to-virtual" action for firewall rules introduced in BIG-IP version13.0 across the device's life-cycle (discover/import, modification, deployment).

Complete IP Intelligence configuration management support

You can now discover, import, modify IP Intelligence policies, global policies, blacklist category and feedlist through BIG-IQ. You can deploy policies if it is being used by a device-specific virtual server or route domain.

UUID for rule/rulelist objects

You can now identify a specific firewall rule using a UUID (Universal Unique Identifier) with your existing tools for diagnostic, auditing, and compliance purposes.

Add read/filter-only rule order for AFM rules

BIG-IQ now supports the ability to identify a rule within a firewall policy by "position" through the evaluation order within the policy, and the ability to go to a specific rule/position in a policy using that evaluation order number.

Additional policy configuration support for Web Application Security policies

You can configure Web Application Security policies for protection against brute force attacks, as well as manage policy configuration settings for session tracking, CSRF protection, redirection protection, and server technologies. In addition, this release includes enhancements for policy configuration of sensitive parameters and of customizable response pages.

Central Policy Builder support for Web Application Security

You can use the new Central Policy Builder feature in Web Application Security to aggregate suggestions for the same policy used by multiple BIG-IP devices into a central location. You can then manage (accept, ignore, delete) these suggestions from the BIG-IQ Centralized Management system and then deploy the resulting policy changes to all relevant devices. This is supported for BIG-IP devices version 13.1 or late

Support for live update of signatures and engines for the Fraud Protection Service

You can use BIG-IQ Centralized Management to centrally manage and schedule deployments of the signature and engine files needed to keep your Fraud Protection Service infrastructure up-to-date. This allows you to avoid managing these updates individually on each BIG-IP device, as periodic changes are published by F5.

Support for brute force configuration

You can now configure a BIG-IP device from BIG-IQ for protection against brute force attacks.

Ability to create and delete Access Policies and Access Profiles

In addition to modifying, you can now create and delete Access Policies and Profiles from BIG-IQ.

Retroactive application of transform rules to previously received alerts

You can apply new Fraud Protection Service transform rules received from the Security Operations Center (SOC) to alerts you received previously. This allows you to identify new trends due to advances in the transform rule set.

Ability to create and delete Access Location Specific Objects

In addition to modifying, you can now create and delete Access Location Specific Objects (LSO) from BIG-IQ.

Read-Only view of the main GSLB objects

You can now display properties for Global Server Load Balancing objects: Data Centers, Servers, Virtual Servers, Links, Pools and Wide IPs.

Health Indicators for the main GSLB objects

You can now display the status (available, unavailable, offline, unknown) and reported reason, according to the configured monitors. Status is shown both per device and aggregated to the synch-group level.

To manage a BIG-IP device using the BIG-IQ system, you must install specific BIG-IQ system components onto that device using the procedure outlined in BIG-IQ System: Licensing and Initial Configuration. If you have to remove these services for any reason, use this procedure. Perform these steps only if you no longer want to manage a BIG-IP running version 11.0 device, or you want to re-discover the BIG-IP device running version 11.0 (which reinstalls the REST framework from the BIG-IQ system).

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

• The F5 Networks Technical Support web site: https://f5.com/support
• The AskF5 web site: https://support.f5.com/csp/home
• The F5 DevCentral web site: https://devcentral.f5.com/
• AskF5 Publication Preference Center: https://interact.f5.com/AskF5-SubscriptionCenter.html

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 Publication Preference Center

To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.

• TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
• TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
• Security Alerts: Timely security updates and ASM attack signature updates from F5.