What’s coming in BIG-IP Next Access and SSL Orchestrator

In April, BIG-IP Next version 20.2 was posted to the F5 download site. This is a Limited Availability release that contains Access and SSL Orchestrator functionality on BIG-IP Next. Version 20.3 was posted in October.

Table of Contents

SSL Orchestrator details

New Functionality/Features

Support for Data Groups

SSL Orchestrator now supports using data groups while defining a policy condition. If you have created a data group in Central Manager, you can select the data group from the value drop-down while defining a policy condition.

Declarative API

An API-first, fully declarative configuration environment, through F5 AS3, Ansible, Terraform, and other options.

Container-native architecture

Divided into container-based software modules, BIG-IP Next accelerates application delivery with app services that can be deployed and managed wherever they’re needed. These services are supported by programmatic interfaces that are declarative and backward compatible. Its architecture enables quicker setup as well as more frequent and simpler upgrading and updating. It streamlines security management, eases purchasing and managing licenses, and robustly protects any app, anywhere.

Supported Deployment Modes/Type:

  • Inbound Application (Layer 3)
  • Inbound Gateway (Layer 3)
  • Outbound Gateway (Layer 3)

Supported Inspection Services:

  • Generic TAP
  • Generic ICAP
  • Generic Inline L2
  • Generic Inline L3
  • HTTP Transparent Inline
  • HTTP Explicit Inline

Resources

*The SSLO Orchestrator articles in DevCentral are available in the Community Group “BIG-IP Next Academy”. You must have a DevCentral account and request access to this group in order to view these articles. Click HERE to get started.

Next Access details

New Functionality/Features

Access as Code

An API-first, fully declarative configuration environment, through F5 AS3, Ansible, Terraform, and other options.

Simplified policy management

Simple policy creation and management regardless of policy complexity for both basic and advanced use cases via Visual Policy Designer (VPD) or API.

Centralized management

Holistic approach to management through Next CM with global session support and shared pool of licenses.

Container-native architecture

Divided into container-based software modules, BIG-IP Next accelerates application delivery with app services that can be deployed and managed wherever they’re needed. These services are supported by programmatic interfaces that are declarative and backward compatible. Its architecture enables quicker setup as well as more frequent and simpler upgrading and updating. It streamlines security management, eases purchasing and managing licenses, and robustly protects any app, anywhere.

Supported features:

  • SAML as Service Provider
  • OAuth Client
  • OAuth Resource Server
  • Multiple SSOs Types (Kerberos, HTTP Basic, OAuth Bearer, Forms and Client-initiated Forms)
  • Per-Session HTTP Connector
  • AD, LDAP, Client Cert Authentication, CRLDP Authentication
  • Resources: Webtops, Webtop Sections, Network Access, ACLs
  • VPN – Full & Split Tunnel (IPv4)
  • VPN – Client Installer Customization
  • VPN – CCU Utilization Dashboard

October update:

  • OAuth support for JWE (Jason Web Encryption).
  • VPN split tunnelling for IPv6 traffic. 
  • Visual Policy Designer (VPD) enhancements.

Coming Soon (December/January)

Supported features:

  • Access policy versioning
  • JSON formatted logging
  • Global Session support
  • DHCP server support for VPN

Resources

*The Next Access articles in DevCentral are available in the Community Group “BIG-IP Next Academy”. You must have a DevCentral account and request access to this group in order to view these articles. Click HERE to get started.

Updated Nov 07, 2024
Version 10.0
big-ip next
BIG-IP Next Access
Security
SSL Orchestrator
No CommentsBe the first to comment