For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nathan_F__F5_'s avatar
Nathan_F__F5_
Icon for Employee rankEmployee
Jul 23, 2019

Hi lailpratama,

 

You do not need to upgrade the BIG-IP software version to also update the ASM attack signatures. To update the signatures you just need to make sure your license has been reactivated within the last 18 months. To see the full licensing requirements, please see the article below.

 

K8217: Managing BIG-IP ASM attack signatures (11.5.x - 14.0.x)

https://support.f5.com/csp/article/K8217

 

"For the system to initiate the attack signature update, the Service Check Date in the BIG-IP ASM system's license must be within 18 months of the system date."

 

Regarding attack signature updates being included in the software image, I believe that they are included. That being said, if a new attack signature update has been released after the software image that you are upgrading to then you will still need to update your attack signatures after the upgrade. My recommendation would be to simply do the upgrade and then check for attack signature updates via the GUI under Security ›› Security Updates : Application Security.

 

-Nathan F