Forum Discussion
Seek to check CVE database and recently release in F5 firewall
Dear alls,
I writing this to seek assist to check the CVE databse and recently relecase in F5 firewall. Where can I find it in F5 firewall.
Thanks,
Samphas
If you are looking to see if a WAF signature has been updates for a CVE to protect your applications - please see this KB - https://my.f5.com/manage/s/article/K62525205. If you are wondering if BIG-IP software is exposed to a CVE start be searching the F5 support database at my.f5.com or follow the QKVIEW / ihealth path mentioned by whisperer.
- Heath_ParrottEmployee
If you are looking to see if a WAF signature has been updates for a CVE to protect your applications - please see this KB - https://my.f5.com/manage/s/article/K62525205. If you are wondering if BIG-IP software is exposed to a CVE start be searching the F5 support database at my.f5.com or follow the QKVIEW / ihealth path mentioned by whisperer.
- samphasNimbostratus
How is F5 firewall in customer on-premise got new IPS sinagature update?
First, the F5 is not a firewall. Now, that said... there are always CVEs with any product, application delivery controller, firewall, DNS appliance, etc. Hackers will find workarounds, and developers will introduce bugs due to lack of sleep and long night programming. That is the nature of the game and the business.
That said, what version of BIG-IP are you running? You can check open CVEs by uploading a QKView to the F5 iHealth website. This can be used to figure out how important the issue is and how it can be mitigated either by configuration change or eligible available software release:
https://my.f5.com/manage/s/article/K12878
Finally, you can also look at the release notes for the F5 BIG-IP software on the downloads page to see what newer software resolves.
- AubreyKingF5Moderator
Great data.
My only comment would be that many F5 BIG-IP software devices are definitely firewalls now. I have designed clusters of SP firewalls on VE that scale to 64M PPS per pop, geoscaled by Anycast with absolutely no load balancing involved. The provider referred to it as "Infinite Scale Security". I've designed a massive enterprise VIPRION pair that take 4 inbound 100 Gbps pipes and run DDoS and WAF only for a consolidated back-end DMZ with PA / Cisco firewalls as a firewall for the firewalls before any load balancing (besides inbound link LB) happens anywhere. It's been rock solid for 8 years. No outages since implemented.
I would argue that F5 *IS* a firewall and a formidable one, at that. My last 6 years selling here, 100% of my designs for service provider were AFM / ASM. Some GTM, some LTM, but all of them had AFM or ASM deployed.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com