iControl REST API: models + specifications?
Hi. In these docs we can find the endpoints and options for the REST API. https://clouddocs.f5.com/api/icontrol-rest/ We don't find the models/specifications that these endpoints return. Eg. we can query for the list of pools. The answer contains the property 'loadBalancingMode'. https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_ltm_pool.html But where can we find the documented, complete list of values that this property can contain? From the GUI we can assume the values would be similar to Round Robin, Ratio (member), Least Connections (member), ... But where are all possible values of all properties of all the models defined and documented?
Install rpm packages using tmsh
Hi everyone, I’m trying to install the F5 Cloud Failover Extension (CFE) on my BIG-IP system, but I’m struggling to properly install the RPM package so that it appears under iApps → Package Management LX. Here’s what I have done so far: Successfully downloaded f5-cloud-failover-2.1.3-3.noarch.rpm Tried installing the package using rpm -ivh f5-cloud-failover-2.1.3-3.noarch.rpm. Restarted the REST API service using tmsh restart sys service restjavad. Despite these steps, the package does not appear under iApps → Package Management LX Also when I reinstall the package I get "package f5-cloud-failover-2.1.3-3.noarch is already installed" Is there a specific command to install RPM packages via TMSH so they are properly recognized? Or is there another step required to make the extension available? Thanks in advance for any insights!
How to upload a .pfx file using terraform in F5 Distributed Cloud Console.
Hi, I have the certificate.pfx file in the same directory with the terraform code. For the moment, this certificate is generated local with a simple password "password12345" stored in tfvars. How i can upload this certificate.pfx using volterra_certificate Can someone send me a example? Thanks!AS3 Limitations
Below are some limitations of AS3 as means of Automation. config deployment is locked down by Automation, no manual intervention possible for below use cases - incidents - new requirements/features need to wait for automation to be updated - Automation failures cause deployment to be stalled until automation is fixed - Operational issues, maybe require out-of-band changes outside of AS3 - Source of truth must be reconciled periodically with F5 device to check for config drift - 2 layers of failures during config deployment one is Automation and second is source of truth, therefore involves more troubleshooting effort - Reliance on an External Source of Truth management, non-native to F5 and not supported by F5 - AS3 is Less mature compared to iControl Rest, iControl Rest was introduced in TMOS 11.xMastering Imperative and Declarative Automation with F5 BIG-IP – AppWorld 2025
At AppWorld 2025, Anton Varkalevich and I will be hosting a hands-on lab, "Mastering Imperative and Declarative Automation with F5 BIG-IP." I'm Matt Mabis, a Senior Solutions Architect in the Business Development/Technical Alliances department at F5. I specialize in solution integrations with our partnerships with Red Hat (Ansible and OpenShift), VMware, and Omnissa Horizon. Anton Varkalevich is a Solutions Engineer III for Financial Services at F5, specializing in ensuring financial customers have the right solutions to meet their unique needs. Automation plays a critical role in financial institutions, enabling them to serve their customers quickly and effectively. This lab is the result of years of experience working with customers to streamline application deployments on F5 BIG-IP. We’ll use Ansible Automation Platform to demonstrate both imperative and declarative automation approaches. Participants will first deploy common use cases—such as HTTPS and SSL-delivered applications—using imperative automation with individual Ansible modules. Then, we’ll achieve the same outcomes using declarative automation, offering a side-by-side comparison to help attendees choose the best approach for their needs. By the end of this lab, you’ll have a solid understanding of both automation styles and how to apply them effectively in your environment. Join us at AppWorld 2025—we look forward to sharing our knowledge with you!
ASM Attack Signatures "Ready to be Enforced" change with iControl Rest API v17.1.x
Hi, Did anyone found out yet how to change the attack signatures that are "Ready to be Enforced" in v17.1.x can be change to "enforced" true Rest API ?? i'm trying to using this url: https://localhost/mgmt/tm/asm/policies/[policy-id]/signatures?ver=17.1.2 i can change all staging ones but but find to combination with "Ready to be Enforced" items. in K94215981 the talk about the attributes "hasSuggestions, "wasUpdatedWithinEnforcementReadinessPeriod" but it looks like the dont exist anymore in v17.1.x Any help is welcome. GIU -> Security > Policies > Policy List > (policy name) > Attack Signatures menu, and filter Status: Ready to be enforced.Installing and Locking a Specific Version of F5 NGINX Plus
A guide for installing and locking a specific version of NGINX Plus to ensure stability, meet internal policies, and prepare for controlled upgrades. Introduction The most common way to install F5 NGINX Plus is by using the package manager tool native to your Linux host (e.g., yum, apt-get, etc.). By default, the package manager installs the latest available version of NGINX Plus. However, there may be scenarios where you need to install an earlier version. To help you modify your automation scripts, we’ve provided example commands for selecting a specific version. Common Scenarios for Installing an Earlier Version of NGINX Plus Your internal policy requires sticking to internally tested versions before deploying the latest release. You prefer to maintain consistency by using the same version across your entire fleet for simplicity. You’d like to verify and meet additional requirements introduced in a newer release (e.g., NGINX Plus Release 33) before upgrading. Commands for Installing and Holding a Specific Version of NGINX Plus Use the following commands based on your Linux distribution to install and lock a prior version of NGINX Plus: Ubuntu 20.04, 22.04, 24.04 LTS sudo apt-get update sudo apt-get install -y nginx-plus=<VERSION> sudo apt-mark hold nginx-plus Debian 11, 12 sudo apt-get update sudo apt-get install -y nginx-plus=<VERSION> sudo apt-mark hold nginx-plus AlmaLinux 8, 9 / Rocky Linux 8, 9 / Oracle Linux 8.1+, 9 / RHEL 8.1+, 9 sudo yum install -y nginx-plus-<VERSION> sudo yum versionlock nginx-plus Amazon Linux 2 LTS, 2023 sudo yum install -y nginx-plus-<VERSION> sudo yum versionlock nginx-plus SUSE Linux Enterprise Server 12, 15 SP5+ sudo zypper install nginx-plus=<VERSION> sudo zypper addlock nginx-plus Alpine Linux 3.17, 3.18, 3.19, 3.20 apk add nginx-plus=<VERSION> echo "nginx-plus hold" | sudo tee -a /etc/apk/world FreeBSD 13, 14 pkg install nginx-plus-<VERSION> pkg lock nginx-plus Notes Replace <VERSION> with the desired version (e.g., 32-2*). After installation, verify the installed version with the command: nginx -v. Holding or locking the package ensures it won’t be inadvertently upgraded during routine updates. Conclusion Installing and locking a specific version of NGINX Plus ensures stability, compliance with internal policies, and proper validation of new features before deployment. By following the provided commands tailored to your Linux distribution, you can confidently maintain control over your infrastructure while minimizing the risk of unintended upgrades. Regularly verifying the installed version and holding updates will help ensure consistency and reliability across your environments.
