Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

RiadSanchz's avatar
RiadSanchz
Icon for Cirrus rankCirrus
Mar 29, 2021
Solved

Should you disable ASM LTM software update checks on the BIG-IPs when enabling them on BIG-IQ?

Hello F5'ers - I am new to BIG-IQ and I am trying to figure out if I should disable the ASM signatures updates and SW updates on the BIG-IPs if I am enabling this option on the BIG-IQ's. System-> S...
ASM Advanced WAF
BIG-IQ
security
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Apr 06, 2021

The F5 documentation is one of the best I have seen, so the answer is there. You can have Auto updates from the F5 devices or make the BIG-IQ to do it, it is your choise. When you have BUG-IQ better do it from there, so better stop it on the F5 devices.

 

 

https://techdocs.f5.com/en-us/bigiq-7-1-0/big-iq-web-application-security/managing-signature-files.html

 

 

 

The issue you could see is that after 14.0 the F5 devices use live updates and not signature files and so better to have the BIG-IQ on a 7.1.x version or newer and F5 devices on 14.1.x or newer for this to work.

 

 

https://support.f5.com/csp/article/K8217

RiadSanchz's avatar
RiadSanchz
Icon for Cirrus rankCirrus
Apr 14, 2021

Nikoolayy1 - Thanks for answering my questions. Seems redundant to have updates on the BIG-IP and BIG-IQ. I have successfully disabled BIG-IP updates and the BIG-IQ has been updating the BIG-IP's. Thanks so much for the clarification!!