Release Notes : BIG-IQ Centralized Management 6.1.0 :: New and Installation

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 6.1.0
Release Notes
Original Publication Date: 01/31/2019 Updated Date: 05/29/2019

Summary:

This release note documents version 6.1.0 of BIG-IQ Centralized Management.

Contents:

New features

Add multiple BIG-IP devices to BIG-IQ at the same time

You can now simultaneously add multiple BIG-IP devices and discover and import their services to BIG-IQ. You can do this from the Devices screen, or by uploading a CSV file with device details.

Conflict resolution when discovering and importing services for BIG-IP devices

When adding multiple BIG-IP devices and discovering and importing their services at the same time, you can specify a conflict resolution policy if BIG-IQ finds any default monitors or LTM profiles with different parameters. The options are:
  • Use BIG-IQ, BIG-IQ replaces conflicting shared objects with the object that exists on this BIG-IQ.
  • Use BIG-IP, BIG-IQ replaces any conflicting shared objects with the objects it's importing from the BIG-IP device.
  • Create Version, BIG-IQ creates an instance of the object that is specific to the software version running on the BIG-IP device you are importing.

Auto-scaling in an Azure cloud environment

You can now securely manage traffic to applications in an Azure cloud environment, specifying the parameters in a service scaling group (SSG) to dynamically deploy and delete BIG-IP devices as needed. BIG-IQ manages the BIG-IP devices that are load balancing to the BIG-IP VE devices in the cloud, as well as to the BIG-IP devices' application servers.

Host verification for secure encrypted SSL communication

BIG-IQ communicates with managed BIG-IP devices (and with its peer in a BIG-IQ high availability configuration) through an encrypted SSL session. To make this communication even more secure, you can now enable host verification. When enabled, BIG-IQ verifies the host's identity by comparing the host's SSL certificate against the certificate authorities or the individual certificates trusted by BIG-IQ.

Managing Applications with Application Services 3 Extension (AS3) and BIG-IQ

Through declarative API calls made to AS3, you can now deploy applications through BIG-IQ to managed BIG-IPs and provide role-based access to view statistics and monitor these applications using the BIG-IQ application dashboards.

LTM policy support service catalog template

You can now add or import LTM policies and policy rules to the service catalog templates you create.

Provide access to specific utility license offerings to a license manager

You can now provide permissions to a user for access to grant certain utility license offerings.

Schedule automated billing reports and submission for subscription licenses

This new release of BIG-IQ includes a feature that enables you to schedule and automatically submit a usage report to F5 Networks for billing purposes.

Custom identifiers for utility pool license offerings

You can now add a custom identifier for utility pool license offerings to make it easier for you to track usage when you run reports and to filter for certain offerings.

Visibility into DDoS attack data

You can now monitor from a single summary dashboard active HTTP, Network Security, and DNS DDoS activity against protected objects. The added visibility allows you to evaluate attack details to ensure that your objects can sufficiently withstand a DDoS attack. Additional analysis screens provide visibility into historical DDoS data for all of your system’s monitored objects, per security protocol.

Note: BIG-IP versions 13.1.0.5 or later must have AVR provisioned.

Visibility into Network Security access control list (ACL) data

You can now monitor data regarding the volume of traffic managed by your network ACLs.

Note: BIG-IP versions 13.1.0.5 or later must have AVR provisioned.

Visibility into Secure Web Gateway (SWG) data

You can now monitor data regarding traffic managed by your SWG services.

Note: BIG-IP versions 13.1.0.5 or later must have AVR provisioned.

Configure Layer 7 protection and logging from a single dashboard

You can now manage and edit your Layer 7 security for your monitored applications and virtual servers from a single dashboard. The new dashboard also provides quick access to edit and create Web Application Security policies, DoS profiles and log profiles.

Note: BIG-IP versions 13.1.0.5 or later must have AVR provisioned.

LTM policy support in service catalog templates

You can now add or import LTM policies and policy rules to the service catalog templates you create.

GSLB prober pool management

You can now create, edit, or delete GSLB prober pools and prober pool members on the devices you manage.

Support for Web Application Security (WAS) features introduced in BIG-IP 14.1

Support has been added for downloading, uploading, and installing WAS Signature files, Server Technologies files, and Browser Challenges files, and for scheduling automatic file updates.

Threat Intelligence Menu

A Threat Intelligence Menu has been added in the Security section of the Configuration tab. The Threat Intelligence Menu includes the following sections:
  • Web Application Security: In this section, you can download, upload, and install WAS Signature files, Server Technologies files, and Browser Challenges files, and schedule automatic file updates.
  • Fraud Protection Service: In this section, you can download, upload, and install FPS Signature files and Engine files, and schedule automatic file updates.

Improved Global Search

Global Search capabilities now support Server Technologies and Browser Challenges files.

Screen resolution requirement

To properly display, the BIG-IQ system requires that your screen resolution is set to 1280x1024 or higher.

If you’re a Windows user, do not increase (zoom) the screen size more than 100%, because it can limit what you can view on the screen.

Browser support

BIG-IQ v6.1 is supported with the latest versions (at the time of each BIG-IQ release) of:

  • Google Chrome (tested v. 66)
  • Mozilla Firefox (tested v. 59)
  • Microsoft Edge (tested v. v42 - EdgeHTML v17)

Note:

Since browsers are always releasing new versions and fixes (some security related) F5 makes all necessary efforts to support future releases of these browsers with previously-released versions of BIG-IQ. If a newer browser version has compatibility issues with your BIG-IQ user interface:

  1. Switch to the browser version in the tested list.
  2. Call Tech support and open a ticket documenting the exact versions and compatibility problems observed.

 

Known Issue ID Number 722458: Chrome 67 is unsupported for BIG-IQ version 6.1.0. Chrome 67 will crash if you use it to try to view or modify an Application Services configuration (such as adding a pool or virtual server) or view or modify an Access Policy configuration. To work around this issue, use a supported browser: Chrome versions 65.x or 66.x, Firefox 59.x or 60.x, or Microsoft Edge.

BIG-IP compatibility

K34133507: BIG-IQ Centralized Management compatibility matrix provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.

User documentation for this release

Software documentation
For access to the user documentation for this software release, go to the BIG-IQ Centralized Management Knowledge Center and select version 6.1.0.

For updated information about troubleshooting specific use cases, go to: https://github.com/F5Networks/f5-aws-cloudformation/tree/master/supported/solutions/autoscale.

Platform documentation
For Virtual Edition or Cloud setup documentation organized by VE or Cloud type, refer to the Cloud Knowledge Center on AskF5 to select an option.
For hardware platform documentation, visit the Hardware Knowledge Centers page on AskF5 to select the appropriate BIG-IQ hardware documentation.
Title Use to:
   
F5 BIG-IQ Centralized Management: Which Systems Setups Support an Upgrade to version 6.1.0 Select the relevant upgrade process based on the version and configuration (with or without DCD devices).
F5 BIG-IQ Centralized Management: Upgrading Version to 5.2, 5.3, 5.4, or 6.0 to version 6.1.0 Upgrade a BIG-IQ system running version 5.2, 5.3, 5.4, or 6.0 to version 6.1.0.
F5 BIG-IQ Centralized Management: Upgrading Version 5.2 or 5.3 with a DCD Cluster to version 6.1.0 Upgrade version 5.2 or 5.3 a DCD and BIG-IQ Cluster to version 6.1.0.
F5 BIG-IQ Centralized Management: Upgrading Version 5.4 or 6.0.0 with a DCD Cluster to version 6.1.0  
F5 BIG-IQ Centralized Management: Upgrading Version 6.0.0 with a DCD Cluster to version 6.1.0 with Minimal Downtime  
Planning and Implementing an F5 BIG-IQ Centralized Management Deployment Plan deployment, license, and set up the BIG-IQ system in your network.
F5 BIG-IQ Centralized Management: Core Concepts Find out more about the concepts about the core functionality included with BIG-IQ Centralized Management.
F5 BIG-IQ Centralized Management DCD Sizing Guide Determine the resources that are required to handle the data generated by the BIG-IP® devices you manage. Requirements vary according to the type and amount of data you generate.
F5 BIG-IQ Centralized Management: Authentication, Roles, and User Management
  • Configure authentication through a 3rd-party provider (LDAP, RADIUS or TACAS+).
  • Use built-in and custom roles to manage user access.
F5 BIG-IQ Centralized Management: Monitoring and Reports
  • Set up health monitoring and alerts and statistics collections.
  • Manage audit logs, run reports, and analyze statistics.
  • Troubleshoot Access reports.
F5 BIG-IQ Centralized Management: Device
  • Discover BIG-IP devices and import F5 services.
  • Deploy software images, licenses, SSL certificates, backup files, and configurations.
BIG-IQ Centralized Management: DNS Administration  
F5 BIG-IQ Local Traffic & Network Implementations Manage:
  • Local Traffic profiles
  • Virtual servers
  • Network objects
  • iRules
  • Applications and application templates
As well as configuring an IPsec tunnel and event viewing.
F5 BIG-IQ Centralized Management: Security Manage:
  • Object pinning
  • Firewall contexts
  • Address and port lists
  • Rules, rule lists, policies, and rule reports
  • Service, timer, and port misuse policies
  • NAT policies and translations
  • FQDN resolvers
  • Change verifications
  • External logging devices
  • Shared security for virtual servers, DoS profiles, device DoS configurations, network whitelists, logging profiles, and SSH profiles
  • Bot signatures and bot signature categories
  • IP intelligence settings
  • External redirection settings
  • Application Securities Policies
  • Signature files, custom attack signatures and sets
  • Web Application Security event logs
F5 BIG-IQ Centralized Management: Access
  • Configure an Access group, HA pair, and cluster.
  • Manage access groups.
  • View and edit access configurations.
  • Configure authentication for Active Directory, SecurID, HTTP, Oracle Access Manager, OCSP responder, CRLDP, and Kerberos.
  • Manage audit logs
F5 BIG-IQ Centralized Management: Fraud Protection Service Set up, manage, and monitor alerts for fraud protection.
F5 BIG-IQ Centralized Management Use Case: Provide Role-Based User Access to an Application Give role-based user access to a SharePoint application.
F5 BIG-IQ Centralized Management: Auto-Scale in a VMware Cloud Start auto-scaling BIG-IP VE devices in a VMware cloud to manage applications.
F5 BIG-IQ Centralized Management: Auto-Scale in a AWS Cloud Start auto-scaling BIG-IP VE devices in an AWS cloud to manage applications.
BIG-IQ Centralized Management: Monitoring and Managing Application Services Monitor the health and statistics for your application services.​

Fixes, behavior changes, and known issues

This release note contains known issues found only in this release. It does not contain any known issues found in previous releases that are not yet fixed.

Fixes included in this release are for known issues found in previous releases.

For a comprehensive list of fixes, behavior changes, and known issues, see:

For information about fixes and known issues for past releases, refer to the version-specific release notes.

Contacting F5

North America 1-888-882-7535 or (206) 272-6500
Outside North America, Universal Toll-Free +800 11 ASK 4 F5 or (800 11275 435)
Additional phone numbers Regional Offices
Web http://www.f5.com
Email support@f5.com

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Support

https://f5.com/support :: Self-solve Options

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5 Knowledge Base

https://support.f5.com/csp/home

The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer

https://f5.com/support/tools/ihealth

BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration.

F5 DevCentral

https://devcentral.f5.com/

Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more.

Communications Preference Center

https://interact.f5.com/F5-Preference-Center.html

Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products.

Legal notices