What’s new in BIG-IP version 15.0

I like reading the features and enhancements of new versions to know what I can configure in new installations. I’m used to installing the last technologies. Therefore, I have to know what it’s the last features that fit with the customers requirements. I wrote about What’s new in BIG-IP version 14.0 and What’s new in BIG-IP version 13.1. I’ll write about what’s new in BIG-IP version 15.0. However, from my point of view, version 14.1.0.6 and 14.1.2.3 are the recommended versions for production right now. Version 15 is cool but only for testing right now.

BIG-IP v15 includes lots of features and enhancements but I’m going to highlight only the security features because I think this new version has lots of security improvements. In fact, I think, there are more security enhancements than anything else. F5 Access Guard is one of them. This is a security feature for F5 APM which is a new client software designed to help administrators validate the security posture of incoming web connections from remote desktop clients. F5 Access Guard allows real-time posture information to be inspected with per-request policy subroutines on APM.

F5 Access Guard

Another interesting security feature is included in F5 Advanced WAF. It is a new dashboard spherically dedicated to OWASP Top 10 compliance that provides a security score relative OWASP top 10 related policies (e.g. injections). It also enable admins to see coverage status of each OWASP top 10 requirement for a selected policy. In addition, admins will be able to improve coverage and perform configuration changes directly from the dashboard. The dashboard also shows overview statistics for policy/application compliance/enforcement status.

OWASP Top 10 Compliance Dashboard

 

F5 SSL Orchestrator (SSLO) is not one of the most F5 device sold but I think we are going to use it more and more from version 15 because it is already supported in VIPRION chassis and vCMP. Therefore, it will be easy to deploy SSLO to optimize the SSL infrastructure, provide security devices with visibility of SSL/TLS encrypted traffic, and maximize efficient use of that existing security investment. F5 SSLO along with a network packet broker appliance such as Gigamon will improve and empower cyber security deployments.

F5 BIG-IP SSL Orchestrator

 

There are many more security enhancements in this new version. Enhancements such as Zone-based Firewall Configuration in F5 AFM where we can configure groups of VLANs into zone object to apply efficiently into firewall policies. Enhancements such as new IP Intelligence capabilities that enable the use of FQDNs which simplify policy management. Or enhancements such as Intelligence Asset Discovery which allows auto discovery of active systems and services to simplify DDoS mitigation deployment.

IP Intelligence Policy

 

To sum up, there are lots of new features and enhancements in this new version. It’s up to you testing these new features and be ready to apply them in the near future.

Regards! Stay at home!