Extend visibility - BIG-IP joins forces with CrowdStrike
Introduction The traditional focus in cybersecurity has prioritized endpoints like laptops and mobiles with EDR, as they are key entry points for intrusions. Modern threats target the full network infrastructure, like routers, ADCs, firewalls, servers, VMs, and cloud instances, as interconnected endpoints. All network software is a potential target in today’s sprawling attack surface. Summarizing some of those blind points below, Servers, including hardware, VMs, and cloud instances: Often under-monitored, rapid spin-up creates ephemeral risks for exfiltration and lateral movement. Network appliances: Enable traffic redirection, data sniffing, or backdoors, if compromised. Application delivery components: Vulnerable to session hijacking, code injection, or DDoS, due to high-traffic processing. Falcon sensor integration In this section, we go through download and installation steps, and observe how the solution works with detecting/blocking malicious packages. For more information, follow our KB articles, https://my.f5.com/manage/s/article/K000157015 Related content K000157015: Getting Started with Falcon sensor for BIG-IP K000156881: Install Falcon sensor for BIG-IP on the BIG-IP system K000157014: F5 Support for Falcon for BIG-IP https://www.f5.com/partners/technology-alliances/crowdstrike
Migration from i5800 to r5800
Hi, Request to help me migration plan step by step from i5800 to r5800. In our production we are using i5800 hardware box with Active and standby HA link with version 17.1.2 and running both LTM and GTM. The hardware i5800 is going to end of support we are planning to migrate to hardware r5800. I request to help me step by step plan without any production impact and also help for the plan like tenant to tenant moving to new hardware to test and move rest of the configuration.Please let me know if any more information is required. Thanks in advance!Introducing F5 WAF for NGINX with Intuitive GUI in NGINX One Console and NGINX Instance Manager
F5 WAF for NGINX (formerly NGINX App Protect WAF) now has an intuitive, GUI-based policy management experience within NGINX One Console and NGINX Instance Manager. It’s easier than ever to streamline security operations and reduce false positives and false negatives. Important Changes! This product release unites the latest version of F5 WAF for NGINX with NGINX One Console and NGINX Instance Manager to deliver major enhancements empowering SecOps teams. New and enhanced capabilities for F5 WAF for NGINX users include: A GUI for WAF Policy Management A modern, wizard-driven UI debuts in NGINX One Console and NGINX Instance Manager, for F5 WAF for NGINX. The initial phases of the new UI focus on foundational tasks for SecOps workflows, which will be followed by subsequent phases supporting additional advanced capabilities to mitigate false positives and false negatives. The current release delivers GUI based attack mitigation workflows that provide: Enabling or disabling signature sets for fast but broad categories of attacks Enabling or disabling signatures for a specific attack type Enabling or disabling signatures and defining actions for a specific user-defined URL, cookie, or parameter A New Name NGINX App Protect is now F5 WAF for NGINX and F5 DoS for NGINX. This is the first product rename to align with F5’s unified platform, enabling security for any app and API, anywhere. Any prior or historical articles, blogs, and other materials will remain unchanged. While the name has changed, all product functionality, code, and configurations remain intact, ensuring a seamless experience for customers. Only branding changes – from NGINX App Protect to F5 WAF for NGINX – have been made to documentation and materials to ensure that no breaking changes have been implemented. Existing workflows remain fully compatible. Upgrading also remains seamless. Users may move from v4.x (e.g. v4.16) to F5 WAF for NGINX v5.9, just as in prior version upgrades. Version Alignment Both packaged and containerized versions of F5 WAF for NGINX now share a single version label for this release: v5.9. This eliminates confusion, simplifies deployments, and ensures consistency across form factors. Additional information is available in the F5 WAF for NGINX 5.9 release notes. Documentation Update F5 WAF for NGINX and F5 DoS for NGINX now feature a completely redesigned documentation experience. Monolithic configuration pages have been replaced with streamlined, logically organized sections, making content easier to navigate, consume, and contribute for faster adoption and collaboration. For more details, refer to the F5 WAF for NGINX docs. Operations Simplification in Kubernetes (EA) This is an ‘Early Availability’ feature for limited customers in the F5 WAF for NGINX v5.9 release for NGINX Plus. This capability removes the need for custom policy compilation workflows. Users can now update policies directly – fully Kubernetes-native with support for JSON, YAML, and Bundle formats, streamlining security operations for modern environments. In future releases, this capability will also extend to NGINX Ingress Controller. For more details, refer to the NGINX docs. Please note that F5 WAF for NGINX v5.9 is a standard release, and upgrading to this version is at the customer’s option. Also, signature updates will continue for NGINX App Protect WAF v4.x customers under the current policy. GUI Eases Implementing Best Practices for WAF Workflows Start in Detection Mode Deploy signature sets in Transparent mode initially to analyze traffic patterns without blocking legitimate requests. This approach allows teams to identify false positives before switching to Block mode. Granular Exception Strategy Rather than broad exclusions that weaken security, implement targeted exceptions that address specific false positive scenarios while maintaining protection elsewhere. Continuous Monitoring and Adjustment Security teams should regularly review WAF logs to identify new false-positive patterns and adjust signature sets accordingly. WAF signatures are updated regularly, requiring ongoing tuning. Enable or disable signature sets for fast but broad categories of attacks. Enabling or disabling signatures for a specific attack type Enabling or disabling signatures and defining actions for a specific user-defined URL, cookie, or parameter The key to effective WAF deployment lies in precise tuning through signature sets and targeted exceptions, ensuring robust protection without disrupting business operations. Releases F5 WAF for NGINX v5.9 (formerly NGINX App Protect WAF) released in September 2025. The complete changelog details are here. F5 DoS for NGINX (formerly NGINX App Protect DoS) documentation update is here. There has been no new release of this package. NGINX One Console, with the GUI supporting the new workflows, will be released in early October 2025. Find all the latest additions to the NGINX One Console in the changelog here. NGINX Instance Manager with the GUI supporting the new workflows will be coming soon (November 2025).
SFP Port LEDs Blinking Yellow
Hi I upgraded the F5 OS to version 1.8 and the tenant software to 17.5.1.3. The upgrade went smoothly and both the Active and Standby devices successfully handled traffic after the upgrade. However I have noticed that the SFP port LEDs on both the Primary and Secondary devices are blinking yellow. Both devices appear to be operating normally but I would like to confirm whether this is expected behavior Could the yellow blinking indicate a speed mismatch or should the LEDs be green under normal conditionsF5 AppWorld 2026 Registration - early bird pricing.
Join us March 10–12 at Fontainebleau Las Vegas and Meet the Moment at F5 AppWorld 2026. Connect with your community and explore how the F5 Application Delivery and Security Platform gives you control without compromise. Over three days you will experience inspiring keynotes, learn new approaches in breakouts, deepen your skills in hands-on labs, and connect with peers, F5 leaders, and partners. Register early and save: Conference pass: $499 Conference pass + F5 Academy labs: $899 Team pass: 4 for the price of 3 Take advantage of early bird pricing and register today! We look forward to seeing you in Vegas. Your DevCentral Team. --- ** Early bird pricing expires Feb 13, 2026.How I did it - "High-Performance S3 Load Balancing of Dell ObjectScale with F5 BIG-IP"
As AI and data-driven workloads grow, enterprises need scalable, high-performance, and resilient storage. Dell ObjectScale delivers with its cloud-native, S3-compatible design, ideal for AI/ML and analytics. F5 BIG-IP LTM and DNS enhance ObjectScale by providing intelligent traffic management and global load balancing—ensuring consistent performance and availability across distributed environments. This article introduces Dell ObjectScale and its integration with F5 solutions for advanced use cases.
How are memory and disk allocated to different modules on bigip appliance?
hi, when doing "Resource Provisioning", the memory and disk space are auto allocated to LTM and ASM are shown as below. The amount of Memory and disk is minimum requirement, right? When a huge number of virtual server will be created later, will appliance auto allocate more spare memory and disk to the module? And what is he management module responsible for? Is it responsible for packet forwarding? should we set "Provisioning" to "Medium" or "Large" if the throughput is larger than 1Gbps? Can someone please advise? thanks in advance!Secure Extranet with Equinix Fabric and F5 Distributed Cloud
Why: The Challenge of Building a Secure Extranet Establishing a secure extranet that spans multiple clouds, partners, and enterprise locations is inherently complex. Organizations face several persistent challenges: Technology Fragmentation: Different clouds, vendors, and networking stacks introduce inconsistency and integration friction. Endpoint Proliferation: Each new partner or cloud region adds more endpoints to secure and manage. Configuration Drift: Manual or siloed configurations across environments increase the risk of misalignment and security gaps. Security Exposure: Without centralized control, enforcing consistent policies across environments is difficult, increasing the attack surface. Operational Overhead: Managing disparate systems and connections strains NetOps, DevOps, and SecOps teams. These challenges make it difficult to scale securely and efficiently, especially when onboarding new partners or deploying applications globally. What: A Unified, Secure, and Scalable Extranet Solution The joint solution from F5 and Equinix addresses these challenges by combining: F5® Distributed Cloud Customer Edge (CE): A virtualized network and security node deployed via Equinix Network Edge. Equinix Fabric®: A software-defined interconnection platform that provides private, high-performance connectivity between clouds, partners, and enterprise locations. Together, they create a strategic point of control at the edge of your enterprise network. This enables secure, scalable, and policy-driven connectivity across hybrid and multi-cloud environments. This solution: Simplifies deployment by eliminating physical infrastructure dependencies. Centralizes policy enforcement across all connected environments. Accelerates partner onboarding with pre-integrated, software-defined connectors. Reduces risk by isolating traffic and enforcing consistent security policies. How: Architectural Overview At the heart of the architecture is the F5 Distributed Cloud CE, deployed as a virtual network function (VNF) on Equinix Network Edge. This CE: Acts as a gateway node for each location (cloud, data center, or partner site). Connects to other CEs via F5’s global private backbone, forming a secure service mesh. Integrates with F5 Distributed Cloud Console for centralized orchestration, visibility, and policy management. The CE node(s) are interconnected to partners, vendors, etc. using Equinix Fabric, which provides: Private, low-latency interconnects to major cloud providers (AWS, Azure, GCP, OCI). Software-defined routing via Fabric Cloud Router. Tier-1 internet access for hybrid workloads. This architecture enables a hub-and-spoke or full-mesh extranet topology, depending on business needs. Key Tenets of the Solution Strategic Point of Control The CE becomes the enforcement point for traffic inspection, segmentation, and policy enforcement—across all clouds and partners. Unified Management F5 Distributed Cloud Console provides a single pane of glass for managing networking, security, and application delivery policies. Zero-Trust Connectivity Built-in support for mutual TLS, IPsec, and SSL tunnels ensures encrypted, authenticated communication between nodes. Rapid Partner Onboarding Equinix’s Fabric and F5 CE connectors allow new partners to be onboarded in minutes, not weeks. Operational Efficiency Automation hooks (GitOps, Terraform, APIs) reduce manual effort and configuration drift. Private interconnects and regional CE deployments help meet regulatory requirements. Additional Links F5 and Equinix Partnership The Business Partner Exchange - An F5 Distributed Cloud Services Demonstration Equinix Fabric Overview Additional Equinix and F5 partner information
