Forum Discussion

RiadSanchz's avatar
RiadSanchz
Icon for Cirrus rankCirrus
Mar 29, 2021

Should you disable ASM LTM software update checks on the BIG-IPs when enabling them on BIG-IQ?

Hello F5'ers -

I am new to BIG-IQ and I am trying to figure out if I should disable the ASM signatures updates and SW updates on the BIG-IPs if I am enabling this option on the BIG-IQ's. System-> Software Management > Update Check and Live Update? And does BIG-IQ push these SW updates? I have reviewed multiple online docs but it's still not clear to me, nor is it noted anywhere if you should disable these updates from the BIG-IP's. We have a combination of BIG-IP VIPRION hosts --with multiple guests and virtual Editions in our environment. Appreciate your help!! Maria

ASM Advanced WAF
BIG-IQ
security
  • Nikoolayy1's avatar
    Nikoolayy1
    Apr 06, 2021

    The F5 documentation is one of the best I have seen, so the answer is there. You can have Auto updates from the F5 devices or make the BIG-IQ to do it, it is your choise. When you have BUG-IQ better do it from there, so better stop it on the F5 devices.

     

     

    https://techdocs.f5.com/en-us/bigiq-7-1-0/big-iq-web-application-security/managing-signature-files.html

     

     

     

    The issue you could see is that after 14.0 the F5 devices use live updates and not signature files and so better to have the BIG-IQ on a 7.1.x version or newer and F5 devices on 14.1.x or newer for this to work.

     

     

    https://support.f5.com/csp/article/K8217

  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    Apr 06, 2021

    The F5 documentation is one of the best I have seen, so the answer is there. You can have Auto updates from the F5 devices or make the BIG-IQ to do it, it is your choise. When you have BUG-IQ better do it from there, so better stop it on the F5 devices.

     

     

    https://techdocs.f5.com/en-us/bigiq-7-1-0/big-iq-web-application-security/managing-signature-files.html

     

     

     

    The issue you could see is that after 14.0 the F5 devices use live updates and not signature files and so better to have the BIG-IQ on a 7.1.x version or newer and F5 devices on 14.1.x or newer for this to work.

     

     

    https://support.f5.com/csp/article/K8217

    • RiadSanchz's avatar
      RiadSanchz
      Icon for Cirrus rankCirrus
      Apr 14, 2021

      Nikoolayy1 - Thanks for answering my questions. Seems redundant to have updates on the BIG-IP and BIG-IQ. I have successfully disabled BIG-IP updates and the BIG-IQ has been updating the BIG-IP's. Thanks so much for the clarification!!