For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

irbk's avatar
irbk
Icon for Cirrus rankCirrus
Nov 17, 2023

Help understanding iHealth status

I've just uploaded a new qkview to iHealth and I'm looking at it and I'm really confused.  I thought iHealth was supposed to help me understand how the health of my BigIP was but either iHeath is giv...
security
irbk's avatar
irbk
Icon for Cirrus rankCirrus
Nov 17, 2023

Well, according to support, the answer is "because".  I really felt like I didn't get a straight answer out of support for this question.  Like I had to ask the same question 3 times before getting any kind of answer.  I'm not sure if they weren't understanding my question or if I wasn't understanding their answer.
Apparently looking at diagnostics won't tell you what's wrong, only what *may* be an issue.  It's up to you to dig into each item and determine if you are effected by it.  Sort of deminishes the value of iHealth IMHO.  Also, apparently iHealth looks at ALL the software on your device, even non-active partitions.  It's good practice to keep the old software on the system as a roll back point.  Thus, 17.1.0.3 Point Release 3 0.0.4 is still on my system in a non-active partition.  The issue is detected in the 17.1.0.3 Point Release 3 0.0.4 which is on my system (though it's not an active partition) so that's also why I'm seeing it. 
I just hope I never have to give this diagnostic page to an auditor.  I don't want to have to try and explain to the auditor that while the diag SAYS I have 3 critical vulnerabilites, I don't REALLY have them.  Then have to go through the process of proving it as well.
I really want to see if deleting the non-active partition off my system will clear the error or not.  However my current plan is to always keep the older version on a non-active partition until it's time to upgrade to the next version.  IE 17.1.0.3 Point Release 3 0.0.4 will stay on my box until I'm ready to upgrade to 17.1.1 and only then in one of the first few steps in installing the 17.1.1, I delete the 17.1.0.3 partition. 

Paulius's avatar
Paulius
Icon for MVP rankMVP
Nov 18, 2023

irbk That's a bummer that it looks at all partitions even if they aren't active. I'm the same as you, always keep the previous working partition until the next upgrade. If you feel that you have to delete the old one you should be fine as long as you have been running on the new one for some time without any issues. Typically auditors do not go off of iHealth but instead they do their own digging and as long as what they're looking for doesn't match anything you are fine. For instance, we got dinged for STP being enabled on the F5 because it could pass this information out of other routed interfaces but because we are in one-arm mode and not in path we don't really have to worry about it.