BigIP/IQ Security Compliance Scanner

Hello All,

I would like to initiate a discussion about a personal project I am developing. The following description of the project's goal will be an overview rather than a low-level description of how it will function. The project centers on a tool (desktop application/web app) that will allow F5 BigIP/IQ administrators/engineers to upload XML/JSON documents. The XML/JSON will contain a specific schema for security settings that the application parses and translates into iControl REST API calls or TMSH commands via SSH to verify if the BigIP/IQ server is configured with a particular setting. Below are some examples to help demonstrate the overall concept.

Example:

User uploads XML document that contains the following security settings

<?xml version="1.0" encoding="UTF-8"?>
<Settings>
    <OnDemandCertAuth>
        <VerifyText>Run the below command in TMSH</VerifyText>
            <Action>tmsh modify sys httpd auth-pam-validate-ip on</Action>
            <Action>tmsh save sys config</Action>
    </OnDemandCertAuth>
</Settings>

Now that the doc is uploaded, the app parses the XML for the "<Action>" element, then creates the related tmsh show command or potential iControl REST API call to verify if httpd is validating IPs on standard auth to the GUI, in this example.
Depending on the data returned from TMSH or the API, the application would then present the user with a table in the GUI that shows the checks that passed and failed. Then they could remediate the system to have the correct security setting for compliance.

Lastly, I'd like to provide a bit more background on the inspiration for this tool. I work a lot in the federal space, where we have to make sure our F5 products meet a baseline security standard. Currently, there are no tools that automate this like there are for Windows products, etc. If you have ever used the SCAP tool for DISA STIGs, then you'll understand the overall goal of this project.

Thank you for taking the time to review my post to the community. I'd love to hear your feedback!

compliance

management

security

Forum Discussion

BigIP/IQ Security Compliance Scanner

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Questions on R-Series 5800s

Questions on Migrating configs from iSeries to RSeries F5s

Random TCP Resets from F5

Create Domino LTPA token on F5 problem

RDP persistence with SNAT

Related Content

BIG-IP security hardening and compliance checks

Implementing F5 NGINX STIGs: A Practical Guide to DoD Security Compliance

Quarterly Security Notification October 2025

F5 BIG-IP Advanced WAF: OWASP Top 10 Application Security Risks 2021 Compliance Dashboard

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS