Applies To:Show Versions
BIG-IQ Centralized Management
This release note documents version 5.4.0 of BIG-IQ Centralized Management.
- New features
- Screen resolution requirement
- Browser support
- BIG-IP compatibility
- User documentation for this release
- Fixes, behavior changes, and known issues
- Removing BIG-IQ system services from a BIG-IP device running version 11.0
- Contacting F5 Networks
- Legal notices
You can now customize user access to managed devices, based on job responsibilities. This allows you to give specific permissions to view or modify only those BIG-IP objects you explicitly assign to a user.Pre- and post-upgrade backups for several managed devices at once
You can now create backups from BIG-IQ for one or more BIG-IP devices before and after you upgrade them.Change root and admin passwords for several managed devices at once
From BIG-IQ, you can change the root and/or admin passwords for one or more devices at the same time.Support for creating and running custom scripts for managed devices
From BIG-IQ, you can create custom scripts to run on your managed devices. For example, you could create a script that sets the DNS, NTP, host, and so forth for several of your managed devices.Custom application template catalog
You can create an application template catalog to help you rapidly deploy applications to multiple BIG-IP devices from BIG-IQ.Copy monitor and profiles
Standardizing BIG-IP applications is even easier because you can copy monitors and profiles from managed BIG-IP devices and deploy to other BIG-IP devices from BIG-IQ.Pool member management
Interact (view, enable, disable, force offline) with your BIG-IP pool members from a single screen..Licensing unmanaged devices
BIG-IQ can work through an orchestrator to create and install a license for unreachable or disconnected BIG-IP devices.Firewall packet tester
You can now determine from BIG-IQ how any packets will be handled by AFM for debugging and policy validation.Additional support for firewall NAT feature
BIG-IQ supports the firewall NAT feature introduced in BIG-IP version 12.0 and introduced NAT functionality in the firewall similar to a traditional firewall vendor with AFM- specific features (such as log throttling and customizable logging) for consistency with other AFM features.Support for send-to-virtual actions for firewall rules
BIQ-IQ now supports "send-to-virtual" action for firewall rules introduced in BIG-IP version13.0 across the device's life-cycle (discover/import, modification, deployment).Complete IP Intelligence configuration management support
You can now discover, import, modify IP Intelligence policies, global policies, blacklist category and feedlist through BIG-IQ. You can deploy policies if it is being used by a device-specific virtual server or route domain.UUID for rule/rulelist objects
You can now identify a specific firewall rule using a UUID (Universal Unique Identifier) with your existing tools for diagnostic, auditing, and compliance purposes.Add read/filter-only rule order for AFM rules
BIG-IQ now supports the ability to identify a rule within a firewall policy by "position" through the evaluation order within the policy, and the ability to go to a specific rule/position in a policy using that evaluation order number.Additional policy configuration support for Web Application Security policies
You can configure Web Application Security policies for protection against brute force attacks, as well as manage policy configuration settings for session tracking, CSRF protection, redirection protection, and server technologies. In addition, this release includes enhancements for policy configuration of sensitive parameters and of customizable response pages.Central Policy Builder support for Web Application Security
You can use the new Central Policy Builder feature in Web Application Security to aggregate suggestions for the same policy used by multiple BIG-IP devices into a central location. You can then manage (accept, ignore, delete) these suggestions from the BIG-IQ Centralized Management system and then deploy the resulting policy changes to all relevant devices. This is supported for BIG-IP devices version 13.1 or lateSupport for live update of signatures and engines for the Fraud Protection Service
You can use BIG-IQ Centralized Management to centrally manage and schedule deployments of the signature and engine files needed to keep your Fraud Protection Service infrastructure up-to-date. This allows you to avoid managing these updates individually on each BIG-IP device, as periodic changes are published by F5.Support for brute force configuration
You can now configure a BIG-IP device from BIG-IQ for protection against brute force attacks.Ability to create and delete Access Policies and Access Profiles
In addition to modifying, you can now create and delete Access Policies and Profiles from BIG-IQ.Retroactive application of transform rules to previously received alerts
You can apply new Fraud Protection Service transform rules received from the Security Operations Center (SOC) to alerts you received previously. This allows you to identify new trends due to advances in the transform rule set.Ability to create and delete Access Location Specific Objects
In addition to modifying, you can now create and delete Access Location Specific Objects (LSO) from BIG-IQ.Read-Only view of the main GSLB objects
You can now display properties for Global Server Load Balancing objects: Data Centers, Servers, Virtual Servers, Links, Pools and Wide IPs.Health Indicators for the main GSLB objects
You can now display the status (available, unavailable, offline, unknown) and reported reason, according to the configured monitors. Status is shown both per device and aggregated to the synch-group level.
Screen resolution requirement
To properly display, the BIG-IQ system requires that your screen resolution is set to 1280x1024 or higher.
BIG-IQ version 5.4.0 supports the following browsers and versions:
- Microsoft Internet Explorer version 11.x and later
- Microsoft Edge version 12.x and later
- Mozilla Firefox version 46.x and later
- Google Chrome version 51.x and later
SOL14592: Compatibility between BIG-IQ and BIG-IP releases provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.
In general, this table outlines managed device compatibility:
|Functional Description||Minimum BIG-IP version||Maximum BIG-IP version|
|Upgrade - legacy devices||10.2.0||11.4.1|
|Upgrade - managed devices||11.5.0 HF7||13.1.0|
|Licensing - BIG-IP VE||11.5.0 HF7||13.1.0|
|Licensing - WebSafe||12.0.0||13.1.0|
|ADC management||11.5.1 HF4||13.1.0|
User documentation for this release
- Software documentation
- For a list of user documentation for this software release, go to the BIG-IQ Centralized Management Knowledge Center and select version 5.4.0.
- Platform documentation
- For Virtual Edition or Cloud setup documentation organized by VE or Cloud type, refer to the Cloud Knowledge Center on AskF5 to select an option.
- For hardware platform documentation, visit the Hardware Knowledge Centers page on AskF5 to select the appropriate BIG-IQ hardware documentation.
Depending on whether you are installing a new system or upgrading an existing one, the following documentation resources can help you get started with version 5.4.0.
For information about planning and installing BIG-IQ Centralized Management, refer to the Planning and Implementing an F5 BIG-IQ Centralized Management Deployment and BIG-IQ Centralized Management: Licensing and Initial Setup guide.
For instructions about how to upgrade from BIG-IQ version 5.x to 5.4 refer to the F5 BIG-IQ Centralized Management Upgrading version 5.x to BIG-IQ version 5.4 guide.
For information about setting up authentication and providing role-based user access to your users, refer to F5 BIG-IQ Centralized Management: Users, User Groups, Roles, and Authentication guide.
If your configuration uses logging nodes, data collection devices, or logging node or DCD clusters, please refer to one or more of the following guides:
- F5 BIG-IQ Centralized Management: DCD Sizing Guide for assistance in determining the resources that are required to handle the data generated by the BIG-IP devices you manage.
- F5 BIG-IQ Centralized Management: Upgrading a DCD to Version 5.4
- F5 BIG-IQ Centralized Management: Upgrading 5.1 Logging Node Cluster to the Latest Version with Minimal Downtime.
- F5 BIG-IQ Centralized Management: Upgrading 5.2 or 5.3 DCD to the Latest Version with Minimal Downtime.
Fixes, behavior changes, and known issues
This release note contains known issues found only in this release. Fixes included in this release are for known issues found in previous releases. This release note does not include known issues found in previous releases that are not yet fixed. For information about known issues in past releases, view the applicable release notes for those versions.
Removing BIG-IQ system services from a BIG-IP device running version 11.0
- Log in to the command line of the BIG-IP device.
- Stop any running BIG-IQ system services.Note: The msgbusd service may not be installed. You can use the bigstart status command to see if it is running.
$ bigstart stop restjavad
- Remove the RPM packages related to the BIG-IQ system.
mount -o remount,rw /usr
rpm -qa | grep f5-rest-java | xargs rpm -e --nodeps
mount -o remount,ro /usr
This removes the BIG-IQ system components from the BIG-IP device.
Contacting F5 Networks
|Phone - North America:||1-888-882-7535 or (206) 272-6500|
|Phone - Outside North America, Universal Toll-Free:||+800 11 ASK 4 F5 or (800 11275 435)|
|Fax:||See Regional Support for your area.|
For additional information, please visit http://www.f5.com.
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: https://f5.com/support
- The AskF5 web site: https://support.f5.com/csp/home
- The F5 DevCentral web site: https://devcentral.f5.com/
- AskF5 Publication Preference Center: https://interact.f5.com/AskF5-SubscriptionCenter.html
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 Publication Preference Center
To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.
- TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
- TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
- Security Alerts: Timely security updates and ASM attack signature updates from F5.