What’s New in BIG-IQ v8.4.1?
Introduction F5 BIG-IQ Centralized Management, a key component of the F5 Application Delivery and Security Platform (ADSP), helps teams maintain order and streamline administration of BIG-IP app delivery and security services. In this article, I’ll highlight some of the key features, enhancements, and use cases introduced in the BIG-IQ v8.4.1 release and cover the value of these updates. Effective management of this complex application landscape requires a single point of control that combines visibility, simplified management and automation tools. Demo Video New Features in BIG-IQ 8.4.1 Support for F5 BIG-IP v17.5.1.X and BIG-IP v21.0 BIG-IQ 8.4.1 provides full support for the latest versions of BIG-IP (BIG-IP 17.5.1.X and 21.0) ensuring seamless discovery and compatibility across all modules. Users who upgrade to BIG-IP 17.5.1.X+ or 21.0 retain the same functionality without disruptions, maintaining consistency in their management operations. As you look to upgrade BIG-IP instances to the latest versions, our recommendation is to use BIG-IQ. By leveraging the BIG-IQ device/software upgrade workflows, teams get a repeatable, standardized, and auditable process for upgrades in a single location. In addition to upgrades, BIG-IQ also enables teams to handle backups, licensing, and device certificate workflows in the same tool—creating a one-stop shop for BIG-IP device management. Note that BIG-IQ works with BIG-IP appliances and Virtual Editions (VEs). Updated TMOS Layer In the 8.4.1 release, BIG-IQ's underlying TMOS version has been upgraded to v17.5.1.2, which will enhance the control plane performance, improve security efficacy, and enable better resilience of the BIG-IQ solution. MCP Support BIG-IP v21.0 introduced MCP Profile support—enabling teams to support AI/LLM workloads with BIG-IP to drive better performance and security. Additionally, v21.0 also introduces support for S3-optimized profiles, enhancing the performance of data delivery for AI workloads. BIG-IQ 8.4.1 and its interoperability with v21.0 helps teams streamline and scale management of these BIG-IP instances—enabling them to support AI adoption plans and ensure fast and secure data delivery. Enhanced BIG-IP and F5OS Visibility and Management BIG-IQ 8.4.1 introduces the ability to provision, license, configure, deploy, and manage the latest BIG-IP devices and app services (v17.5.1.X and v21.0). In 8.4, BIG-IQ introduced new visibility fields—including model, serial numbers, count, slot tenancy, and SW version—to help teams effectively plan device strategy from a single source of truth. These enhancements also improved license visibility and management workflows, including exportable reports. BIG-IQ 8.4.1 continues to offer this enhanced visibility and management experience for the latest BIG-IP versions. Better Security Administration BIG-IQ 8.4.1 includes general support for SSL Orchestrator 13.0 to help teams manage encrypted traffic and potential threats. BIG-IQ includes dedicated dashboards and management workflows for SSL Orchestrator. In BIG-IQ 8.4, F5 introduced support and management for Venafi Trust Protection Platform v22.x-24.x, a leading platform for certificate management and certificate authority services. This integration enables teams to automate and centrally manage BIG-IP SSL device certificates and keys. BIG-IQ 8.4.1 continues this support. Finally, BIG-IQ 8.4.1 continues to align with AWS security protocols so customers can confidently partner with F5. In BIG-IQ 8.4, F5 introduced support for IMDSv2, which uses session-oriented authentication to access EC2 instance metadata, as opposed to the request/response method of IMDSv1. This session/token-based method is more secure as it reduces the likelihood of attackers successfully using application vulnerabilities to access instance metadata. Enhanced Automation Integration & Protocol Support BIG-IQ 8.4.1 continues with BIG-IQ's support for the latest version of AS3 and templates (v3.55+). By supporting the latest Automation Toolchain (AS3/DO) BIG-IQ is aligned with current BIG‑IP APIs and schemas, enabling reliable, repeatable app and device provisioning. It reduces deployment failures from version mismatches, improves security via updated components, and speeds operations through standardized, CI/CD-friendly automation at scale. BIG-IQ 8.4 (and 8.4.1) provides support for IPv6. IPv6 provides vastly more IP addresses, simpler routing, and end‑to‑end connectivity as IPv4 runs out. BIG‑IQ’s IPv6 profile support centralizes configuration, visibility, and policy management for IPv6 traffic across BIG‑IP devices—reducing errors and operational overhead while enabling consistent, secure IPv6 adoption. Upgrading to v8.4.1 You can upgrade from BIG-IQ 8.X to BIG-IQ 8.4.1. BIG-IQ Centralized Management Compatibility Matrix Refer to Knowledge Article K34133507 BIG-IQ Virtual Edition Supported Platforms BIG-IQ Virtual Edition Supported Platforms provides a matrix describing the compatibility between the BIG-IQ VE versions and the supported hypervisors and platforms. Conclusion Effective management—orchestration, visibility, and compliance—relies on consistent app services and security policies across on-premises and cloud deployments. Easily control all your BIG-IP devices and services with a single, unified management platform, F5® BIG-IQ®. F5® BIG-IQ® Centralized Management reduces complexity and administrative burden by providing a single platform to create, configure, provision, deploy, upgrade, and manage F5® BIG-IP® security and application delivery services. Related Content Boosting BIG-IP AFM Efficiency with BIG-IQ: Technical Use Cases and Integration Guide Five Key Benefits of Centralized Management F5 BIG-IQ What's New in v8.4.0?
F5 BIG-IQ What's New in v8.4.0?
Introduction F5 BIG-IQ Centralized Management, a key component of the F5 Application Delivery and Security Platform (ADSP), helps teams maintain order and streamline administration of BIG-IP app delivery and security services. In this article I’ll highlight some of the key features in the BIG-IQ v8.4.0 release. Demo Video Upgrading to BIG-IQ Version 8.4 Supported upgrade paths You can upgrade from BIG-IQ 8.x.0 to BIG-IQ 8.4.0 version. New Features in BIG-IQ Version 8.4.0 BIG-IQ Support for AWS IMDSv2 AWS introduced a token-based Instance Metadata Service API (IMDSv2) that enhances security, requiring authentication for metadata access. Previously, BIG-IQ used the older IMDSv1, which does not require authentication and remained the default for launching instances. Without IMDSv2 support, instances that require this version could not be licensed, relicensed, or used for metadata-based features. For BIG-IQ, this limitation affected SSH key authentication and license activation, as its API calls to EC2 instances like m5.xlarge failed due to missing authentication token implementation. This release adds IMDSv2 support, which allows BIG-IQ to work properly in AWS environments that require IMDSv2. Instances can now be licensed, metadata-based features are functional, and SSH key authentication works well, ensuring full compatibility with AWS security standards. BIG-IQ Support for BIG-IP 17.5.0 BIG-IQ provides full support for BIG-IP 17.5.0, ensuring seamless discovery and compatibility across all modules. Users who upgrade to the BIG-IP 17.5.0 version retain the same functionality without disruptions, maintaining consistency in their management operations. Interoperability Support for BIG-IP Access 17.5.0 BIG-IQ supports the creation, import, modification, and deployment of BIG-IP Access 17.5.0 version configurations. This update ensures full interoperability between BIG-IQ and BIG-IP 17.5.0 for managing access policies. Support for AS3 Compatibility with BIG-IQ 8.4.0 With this release, the AS3 schema is fully compatible with BIG-IQ 8.4.0, enabling seamless deployment of applications using Application Templates through the BIG-IQ user interface. Venafi 22.x, 23.x, and 24.x Support for BIG-IQ BIG-IQ now integrates with Venafi 22.x, 23.x, and 24.x versions that enable centralized certificate lifecycle management for BIG-IP devices. This update introduces support for AES256 encryption, enhancing security beyond the existing OpenSSL algorithm. By automating certificate management, this integration eliminates the manual and time-consuming process of maintaining certificates across various BIG-IP devices. Supported BIG-IP Services BIG-IP 17.5.0 support BIG-IQ now includes support for the following services running on BIG-IP version 17.5.0: Access Policy Manager (APM) Advanced Firewall Manager (AFM) Application Delivery Controller (ADC) Web Application Security (ASM / WAF) Fraud Protection Service (FPS) Statistics and Monitoring Application Services Extension 3 (AS3) support BIG-IQ supports Application Services Extension 3 (AS3) version 3.53.0 and later. Declarative Onboarding (DO) support BIG-IQ supports Declarative Onboarding (DO) version 1.29 and later. All objects up to 17.5.0 are supported. BIG-IP SSL Orchestrator (SSLO) support BIG-IQ now supports SSLO RPM version 12.0. You can now discover, import, configure, and deploy configurations for managed BIG-IP devices running this RPM version. To learn more about features supported in this SSLO RPM version, refer to the F5 SSL Orchestrator Release Notes version 17.5.0-12.0. F5OS Platform Management Support to display the VELOS device information You can now see the details such as Model type, Serial Number, Platform Version, and Blade Configuration for the VELOS platform Support to export F5OS Inventory details You can now export the F5OS platform or devices inventory information into a .CSV format file regardless of the status or assignment. Support to delete remote backup You can now delete backup files stored in the F5OS rSeries or VELOS platforms. This will also delete the partition backup files, when you delete the local F5OS backup file in the BIG-IQ. Support IPv6 address for F5OS VELOS partition This release now supports IPv6 addresses for F5OS VELOS partitions. Export F5OS backups to the external server You can now store a copy of the F5OS backup remotely on an SCP or SFTP server. BIG-IQ License Management License pool properties enhancements The License Pool UI was enhanced to include the following: You can now select the number of registration keys displayed per page under the Registration Keys section. You can now view information about the Service Check Date, Max allowed Throughput Rate, Max Allowed VE Cores, and Permitted SW Version of the Registration keys. All licenses usage report You can now generate a CSV report that meticulously includes all licenses from the selected group. F5 Advanced Web Application Firewall (On-Box) service as an SSL Orchestrator Service BIG-IP SSL Orchestrator (SSLO) Support BIG-IQ 8.4.0 supports configuring and deploying Advanced WAF profiles within the SSL Orchestrator interface for all topologies. This update makes it easier to set up and manage Advanced WAF profiles. You can set them up directly within SSL Orchestrator. In addition, you can also validate the service as a service chain object. For this setup, you should have Application Security Manager (ASM) and Advanced Web Application Firewall (WAF) profiles set up, licensed, and provisioned on BIG-IQ. Security Policy enhancements SSL Orchestrator Security Policy now has the following enhancements while creating a new rule: A new drop-down list contains the "is" and "is not" operators to compare or negate your specified condition. A new condition, "IP Protocol," lets you match SSL traffic based on Internet Protocols such as TCP and UDP. With the new "Bypass (Client Hello)" setting in SSL Proxy Action, you can bypass traffic on certain conditions without triggering the TLS handshake. However, the SSL conditions such as "Server Certificate (Issuer DN, SANs, Subject DN)" and "Category Lookup (All)" do not have this setting enabled. In a custom security policy, you can now redirect the traffic to a remote URL for the specified conditions (matches). BIG-IQ Centralized Management Compatibility Matrix Refer to Knowledge Article K34133507 BIG-IQ Virtual Edition Supported Platforms BIG-IQ Virtual Edition Supported Platforms provides a matrix describing the compatibility between the BIG-IQ VE versions and the supported hypervisors and platforms. Conclusion Managing hundreds or thousands of apps across a hybrid, multicloud environment is complex. Your apps must be always available and secure, no matter where they're deployed, creating a need for a new kind of Application Delivery Controller (ADC)—one that provides holistic, unified visibility and management of apps, services, and infrastructure everywhere. F5® BIG-IQ® Centralized Management reduces complexity and administrative burden by providing a single platform to create, configure, provision, deploy, upgrade, and manage F5® BIG-IP® security and application delivery services. Related Content BIG-IQ 8.4.0 Product Documentation Boosting BIG-IP AFM Efficiency with BIG-IQ: Technical Use Cases and Integration Guide Blog: Five Key Benefits of Centralized Management
Get Started with BIG-IP and BIG-IQ Virtual Edition (VE) Trial
Welcome to the BIG-IP and BIG-IQ trials page! This will be your jumping off point for setting up a trial version of BIG-IP VE or BIG-IQ VE in your environment. As you can see below, everything you’ll need is included and organized by operating environment — namely by public/private cloud or virtualization platform. To get started with your trial, use the following software and documentation which can be found in the links below. Upon requesting a trial, you should have received an email containing your license keys. Please bear in mind that it can take up to 30 minutes to receive your licenses. Don't have a trial license? Get one here. Or if you're ready to buy, contact us. Looking for other Resources like tools, compatibility matrix... BIG-IP VE and BIG-IQ VE When you sign up for the BIG-IP and BIG-IQ VE trial, you receive a set of license keys. Each key will correspond to a component listed below: BIG-IQ Centralized Management (CM) — Manages the lifecycle of BIG-IP instances including analytics, licenses, configurations, and auto-scaling policies BIG-IQ Data Collection Device (DCD) — Aggregates logs and analytics of traffic and BIG-IP instances to be used by BIG-IQ BIG-IP Local Traffic Manager (LTM), Access (APM), Advanced WAF (ASM), Network Firewall (AFM), DNS — Keep your apps up and running with BIG-IP application delivery controllers. BIG-IP Local Traffic Manager (LTM) and BIG-IP DNS handle your application traffic and secure your infrastructure. You’ll get built-in security, traffic management, and performance application services, whether your applications live in a private data center or in the cloud. Select the hypervisor or environment where you want to run VE: AWS CFT for single NIC deployment CFT for three NIC deployment BIG-IP VE images in the AWS Marketplace BIG-IQ VE images in the AWS Marketplace BIG-IP AWS documentation BIG-IP video: Single NIC deploy in AWS BIG-IQ AWS documentation Setting up and Configuring a BIG-IQ Centralized Management Solution BIG-IQ Centralized Management Trial Quick Start Azure Azure Resource Manager (ARM) template for single NIC deployment Azure ARM template for three NIC deployment BIG-IP VE images in the Azure Marketplace BIG-IQ VE images in the Azure Marketplace BIG-IQ Centralized Management Trial Quick Start BIG-IP VE Azure documentation Video: BIG-IP VE Single NIC deploy in Azure BIG-IQ VE Azure documentation Setting up and Configuring a BIG-IQ Centralized Management Solution VMware/KVM/Openstack Download BIG-IP VE image Download BIG-IQ VE image BIG-IP VE Setup BIG-IQ VE Setup Setting up and Configuring a BIG-IQ Centralized Management Solution Google Cloud Google Deployment Manager template for single NIC deployment Google Deployment Manager template for three NIC deployment BIG-IP VE images in Google Cloud Google Cloud Platform documentation Video: Single NIC deploy in Google Other Resources AskF5 Github community (f5devcentral, f5networks) Tools to automate your deployment BIG-IQ Onboarding Tool F5 Declarative Onboarding F5 Application Services 3 Extension Other Tools: F5 SDK (Python) F5 Application Services Templates (FAST) F5 Cloud Failover F5 Telemetry Streaming Find out which hypervisor versions are supported with each release of VE. BIG-IP Compatibility Matrix BIG-IQ Compatibility Matrix Do you have any comments or questions? Ask hereShare what you learned on DevCentral in 2025
Hello! With the year quickly coming to a close it feels like there is no better time to have everyone share something they learned on DevCentral over this past year. Whether it be from a post you or someone else made, a technical article, or code share. Leave a comment with your favorite or most valuable piece of knowledge you learned from the community. Or drop a link to the post and share what it taught you. Thank you to everyone who has shared or sought knowledge within DevCentral this year! I look forward to seeing what everyone has to share. -Melissa
BIG-IQ: how to change interval checks for health status of pools and poolmembers
Greetings, yesterday I noticed that the BIG-IQ does take its sweet time to notify the user of a failing healthcheck. In my case I noticed that the poolmember went down at 04:20 PM (source LTM log) at the BIG-IQ informed me via GUI at 04:24 PM with the message that the poolmember went down at 04:20PM I'm guessing that the BIG-IQ checks the LB for health status in an interval. Looks like a value between 3 to 5 minutes. Does anyone know how I can lower the interval so the user in BIG-IQ gets notified more sooner than 3-5 minutes ?
Big-IP not recognized by Big-IQ
Dear Techs, I'm in a strange situation where I'm supposed to add both F5 Big-IP with Big-IQ. Both Big-IP and Big-IQ are in same subnet, so firewall isn't a question. The Big-IP are in HA. I've successfully added the Standby unit with Big-IQ without any issues while adding the Active unit I'm getting below error message : The device <Big-IP-Management-IP> (null) is not a Big-IP device. I've added a total of 7 devices successfully, using the same procedure, same authentication. Any help with be greatly appreciated. Big IQ version : 8.0.0 Big-IP version : 14.1.4 thank you
BigIQ integration with Cisco ACS (TACACS+)
I'm working with Big-IQ Central Manager and would like to authenticate against our TACACS (Cisco ACS) and use the RBAC capabilities; however the documentation is slim at best. I'm getting an error, "User has no roles or groups associations. Trying to compare what we set our LTMs to authenticate using remote roles that are defined in ACS (below) to what I have on our BigIQ. On our LTMs: 1. No users defined local 2. Authentication - Remote - TACACS+ 3. Remote Role Groups a. Group Name = TAC-Auth b. Line Order 20 (Relative to our env.) c. Attribute String = F5-LTM-User-Info-1=TAC-Auth d. Remote Acccess = Enabled e. Assigned Role = Other = %F5-LTM-User-Role f. Partition Access = Other = %F5-LTM-Partition g. Terminal Access = Other = %F5-LTM-User-Console On ACS (Only giving one example) Shell Profiles 1. F5-Device-TACAuth-Admin 2. Custom Attributes a. F5-LTM-User-Info-1 = TAC-Auth b. F5-LTM-User-Console = enable c. F5-LTM-User-Role = Administrator d. F5-LTM-Partition = All BigIQ 1. Auth Providers = a. Name = NA_ACS b. Type = TACACS+ 2. User Groups a. F5_Admin c. Authorization Attributes F5-BigIQ-User-Info = F5_Admin %F5-BigIQ-User-Role = Administrator ACS - Note: My understanding is that since BigIQ doesn't use partitions or the Terminal/Console role it might not be needed. 2. Custom Attributes a. F5-LTM-User-Info-1 = F5_Admin b. F5-LTM-User-Role = Administrator Thank you in advance for any insight! /jeffBIG-IQ 8.3 - no BIG IQ Central Management option
Trying to build a BIG IQ v 8.3 on Hyper V but I keep running into an issue where I can licence the box using a trial licence (all appears to be working as expected) create the Master Keys and reset the Password but as soon as I get to the System Personality the option for BIG-IQ Central Management is not available. It only presents me the option of BIG-IQ Data Collection Device. If skip the licence at Step 1 then I also get the option to create a License Manager but that's not really very useful either. 🤨 The guide I am following is the F5 one - BIG IQ Build Guide - and have assigned the VM 32GB RAM and 8 cores after initially trying it with half the above figures which I thought might be the issue but still no joy. Have deleted the VM and recreated using a new copy of the VHD file - same problem seen so I am at a bit of a loss as to what to try next. Any suggestions would be much appreciated.
