Post on 01-Feb-2018
F5 BIG-IP v13.0
Piotr Borkowski Veracomp SA
Introducing F5 BIG-IP v13.0
Delivers feature upgrades for:
• TMOS/Local Traffic Manger (LTM)
• DNS - formerly Global Traffic Manager (GTM)
• Advanced Firewall Manager (AFM)
• Application Security Manager (ASM)
• Access Policy Manager (APM)
• …
BIG-IP v13.0 TMOS/LTM
BIG-IP v13.0 TMOS/LTM
• TMOS/LTM • New Built-in TCP Profiles (f5-tcp-wan, f5-tcp-lan, f5tcp-mobile, f5-tcp-
progressive)
• TCP Nagle Auto mode
• TCP Auto Buffer Tuning
• Diameter High Availability
• SIP and Diameter Connection Auto-Initialization
• Diameter Election Process Support (RFC 6773)
• Diameter In-Band Monitor
BIG-IP v13.0 TMOS/LTM
• TMOS/LTM • ECDH and ECDSA for external crypto offload
• FIPS key management using tmsh
• Global VLAN based SYN flood protection
• Upgrade status dialog in the GUI now reports status of long-running upgrade processes
• Cipher Rules and Cipher Groups configuration
• HTTP/2 replaces SPDY
• BIG-IP VE, single NIC for cloud environment
Single NIC for all cloud environments
Profile TCP, Auto Proxy Buffer, Receive Window and Send Buffer
Auto Receive Window Specifies, when enabled, that the system uses the network measurements to set the optimal receive window size. Auto Send Buffer Specifies, when enabled, that the system uses the network measurements to set the optimal send buffer size. Auto Proxy Buffer Specifies the proxy buffer level, in bytes, at which the receive window is closed.
Profile TCP, Enhanced Loss Recovery
v12.1.2 v13.0.0
Profile ClientSSL Cipher Group
System Traffic Certificate Management (moved from file management menu)
Device Group Overview
HA Group
v12.1.2
v13.0.0
Virtual Server, SPDY profile removed
v12.1.2 v13.0.0
Profile Netflow
Support Snapshot (Qkview) and upload to ihealth
Boot status more details
BIG-IP v13.0 DNS
BIG-IP v13.0 DNS
• DNS (GTM) • Multiple probe setting for pool members
• Support for adding BIG-IP LTM systems in a device group with more than two members
• Allow more returned records in a GSLB query response (increased from 16 to 500)
Pool List, Availability requirement, Require
Device Cluster support
v12.1.2 v13.0.0
BIG-IP v13.0 AFM
BIG-IP v13.0 AFM
• AFM • Packet testing
• Auto thresholding for DoS
• DoS Enhancements
• Dynamic DoS vectors
DOS Dashboard
DoS Protection, Device Configuration, Network
DoS Protection, Device Configuration, Network
Network Behavioral DDoS
Packet Tracer
BIG-IP v13.0 ASM
BIG-IP v13.0 ASM
• ASM • Layered Policies
• Proactive Bot Defense Logging and Reporting Enhancements
• Client Reputation Use in Policy Builder
• Compact Mode Learning Optimization
• ASM Policy Setting Usability Improvements
• JSON Support and Granularity Improvements
• Classification of Request Content for URLs
• Fingerprinting Improvements
BIG-IP v13.0 ASM
• ASM • Overlapping Staging for Updated Signatures
• Single Page (URL) Application Protection via Enabling JavaScript-Based Challenges with AJAX Applications
• Automatic Server Technology Detection
• AVR DoS Visibility and Scheduled Reports
• ASM Proxy Log GUI Improvement
• Advanced Exception Handling
• Policy Enhancements
BIG-IP v13.0 ASM
• ASM • BADoS Unified Server Health Check Mechanism Based on L7 Analysis
• BADoS DDoS Mitigation Based on Behavior Analysis and Integration with Whitelist
• BADoS Logging and Reporting Improvement
• BADoS Automatic Generation of Aack Request Signatures
• ASM DoS Add Automatic Threshold Tuning to ASM DoS Protection
• ASM DoS Heavy URL Improvements
BIG-IP v13.0 ASM
• ASM • Overlapping Staging for Updated Signatures
• Single Page (URL) Application Protection via Enabling JavaScript-Based Challenges with AJAX Applications
• Automatic Server Technology Detection
• AVR DoS Visibility and Scheduled Reports
• ASM Proxy Log GUI Improvement
• Advanced Exception Handling
• Policy Enhancements
ASM GUI Policy redesign v12.1.2
v13.0.0
ASM Traffic Learning Page redesign
ASM Layered Policy
• Parent policy is a virtual policy and can’t be assigned to VS.
• Child policy is a Standard security policy, which can be assigned to VS
ASM Layered Policy
ASM Layered Policy
ASM Layered Policy
ASM DoS Reporting redesign
BIG-IP v13.0 APM
BIG-IP v13.0 APM
• APM • Endpoint Check and Network Access for Chrome Browser, Firefox, and
Edge Browser
• OAuth 2.0 Authorization Server, Resource Server and Client
• Ping Identity: PingAccess Policy Enforcement Point
• APM Integration with VMware Horizon Access Portal/Identity Manager
• Launch native RDP client from APM webtop without F5 client component code
BIG-IP v13.0 APM
• APM
• Microsoft Remote Apps published on APM Webtop and in native RDP client
• Step-up Authentication
• Forward Proxy Chaining
• Enhanced iRules support for Subsessions with Per Request Policies (Example: Step-up authentication)
• Google reCAPTCHA V2 Support
• Support for WebSockets for Portal Access
• Enhanced F5 Access Policy Manager Menu Navigation
BIG-IP v13.0 APM
• APM • Additional Troubleshooting and Usability Change
• Support For Exclusion Lists with Edge Client for Windows Always-On VPN Mode (Locked Client Mode)
• Enhanced SSO Configuration Tools and Consistent Logging across all APM services
• ACL Enhancements
• Dynamic RDP
• Launch multiple Horizon View client instances from APM webtops
• Enhanced VDI client selection from APM Webtop
• Enhanced VDI logging
Access Policy menu – reorganized
v12.1.2 v13.0.0
APM VPN browser component download menu
APM RDP, Server type and RDP Client Type
BIG-IP v13.0 AVR
BIG-IP v13.0 AVR
• AVR • Extended information about DoS attack system impact
• Enhanced visibility of HTTP statistics
• Extended support for Scheduled Reports
• Data Exporting Capabilities
Analytics Scheduled reports
BIG-IP 13.0 DDoS Hybrid Defender (DHD)
Simplified configuration
Simplified configuration
Simplified configuration
Simplified configuration
And many more…
• Released Feb 2017 • https://support.f5.com/csp/article/K9412 • https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/relnote-supplement-bigip-13-0-0.html • https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-13-0-0.html • https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ve-13-0-0.html • https://support.f5.com/kb/en-us/products/big-ip-aam/releasenotes/product/relnote-aam-13-0-0.html • https://support.f5.com/kb/en-us/products/big-ip-afm/releasenotes/product/relnote-afm-13-0-0.html • https://support.f5.com/kb/en-us/products/big-ip_analytics/releasenotes/product/relnote-avr-13-0-0.html • https://support.f5.com/kb/en-us/products/big-ip_apm/releasenotes/product/relnote-apm-13-0-0.html • https://support.f5.com/kb/en-us/products/big-ip_apm/releasenotes/related/relnote-helper-apps-13-0-0.html • https://support.f5.com/kb/en-us/products/big-ip_asm/releasenotes/product/relnote-asm-13-0-0.html • https://support.f5.com/kb/en-us/products/big-ip-dns/releasenotes/product/relnote-dns-lc-13-0-0.html • https://support.f5.com/kb/en-us/products/big-ip-pem/releasenotes/product/relnote-pem-13-0-0.html
Thank you : )
Piotr Borkowski