Forum Discussion

Cpet's avatar
Cpet
Icon for Altocumulus rankAltocumulus
Jun 23, 2023

Upgrade to version 17.x.x ?

Hello,
I have a BIG-IP cluster Ver15.1.5 with 2 members and using the modules LTM-APM-WAF. The Ver 15.x.x will be supported until the end of December 2024.Also i read the new features that Ver17 has.
Could you inform\advise me if it is necessary to upgrade to version 17 for security reasons or i can continue using Ver15 and proceed with an upgrade to newest version such as 15.1.8.2 without security risk.
Thank you in advance,

  • Cpet I always recommend upgrading to the latest recommended by the vendor as long as it doesn't have bugs for something that you currently use in production. In conjunction with what CA_Valli and Mohamed_Ahmed_Kansoh have mentioned you can also upload a QKVIEW of your device to iHealth and it should provide you notable security concerns in informational, low, medium, and high risk and then what the resolution for each is. You can get to iHealth by going to the following link.

    https://ihealth.f5.com/qkview-analyzer/

    In addition to the above make sure that you look at the upgrade path to ensure that you can upgrade from your current code version to the latest recommended or even a different version without any incremental upgrade or possibly updating the service check date. The following should be helpful with that upgrade path and the second link for service check date requirements.

    https://my.f5.com/manage/s/article/K13845

    https://my.f5.com/manage/s/article/K7727

  • Cpet I always recommend upgrading to the latest recommended by the vendor as long as it doesn't have bugs for something that you currently use in production. In conjunction with what CA_Valli and Mohamed_Ahmed_Kansoh have mentioned you can also upload a QKVIEW of your device to iHealth and it should provide you notable security concerns in informational, low, medium, and high risk and then what the resolution for each is. You can get to iHealth by going to the following link.

    https://ihealth.f5.com/qkview-analyzer/

    In addition to the above make sure that you look at the upgrade path to ensure that you can upgrade from your current code version to the latest recommended or even a different version without any incremental upgrade or possibly updating the service check date. The following should be helpful with that upgrade path and the second link for service check date requirements.

    https://my.f5.com/manage/s/article/K13845

    https://my.f5.com/manage/s/article/K7727

  • If your concern is security reasons, you should be safe with v15 branch until the EOSD milestone on Dec. 31, 2024. 

    Up to that date, BIG-IP version v15 will be under full suport - this means that all provided software will be up-to-date with most recent bug fixes, and F5 will develop a software fix if any further CVE/.. is disclosed. Also, if you suspect undiscloses bugs/... in your environment, you can raise a support ticket if you have a support contract, and possibly have the R&D team develop a Custom Hotfix to be installed to address the bug.  

    (edit: goes without saying, but of course it's an administrator's duty to keep the installed software up to the latest version) 

  • Hi Cpet , 
    The Recommendation from F5 is to track the target version Bugs and security breaches.

    So No one will give trusted info about upgrade to newer versions more than ( F5 Bug Tracker ) 

    This is Link of F5 Bug tracker : https://my.f5.com/manage/s/bug-tracker 

    Choose the version that you aim to upgrade to. 
    and use filters by selecting ( your operative modules " APM , ASM , LTM ...." or even TMOS , Also look at blocking and critical, severe and high Vulnerabilities ). 

    This is the most ideal start to plan for your upgrade. 

     
    If you're satisfied by this reply , please mark it as accepted solution , because much users have huge concerns about bigip software versions, So letting them know about F5 Bug Scrub / tracker  is the right way to put them in the correct way. 

    Good Luck 🙂 

  • Cpet's avatar
    Cpet
    Icon for Altocumulus rankAltocumulus

    Dear all,
    Thank you for your prompt and helpful advices!
    Since I am covered by F5 and bearing in mind all that you have advised me, I will continue with the 15.x.x version until the licenses expire .
    Best regards,
    Christos