F5 System Scanner - How I deployed it at scale
Does anyone uses the F5 System Scanner regularly? I was surprised when, a while back, one of my clients told me about this tool. I hadn't read about it anywhere before, and I thought I was pretty well-informed. What is it? https://my.f5.com/manage/s/article/K000160515 It is a small tool that calculates hashes from installed files and compares it with hashes provided by F5. Basically, it's a simple host-based intrusion detection system. You can download it from myF5. Test I tested it the other day, and it seems to work well, except for 1 or 2 false positives because the latest Hotfix isn't supported. I simply changed the hashes in the dat file and the status was ok. My deployment scenario Installing the tool manually on a fleet of F5s and running the scans by hand is not my operating modal. I implemented a Restsh function f5.system-scanner that does the heavy lifting for me in an automatable way. It uploads the f5-system-scanner binary and the dat file with the hashes to the F5. Runs the f5-system-scanner in the background and downloads the report after it finishes it. The script exits with an error code if the scanner found a hash mismatch. This is the ideal basis to put it in a pipeline and deploy it at scale. You can download Restsh for free: https://github.com/AxiansITSecurity/Restsh The pipeline itself is part of the Axians Automation Framework, a enterprise ready GitOps framework for F5 BIG-IP. The Future I hope F5 maintenance this nice small utility further and updates the hashes for future F5 releases. Has anyone more infos about it than I have?F5OS cloud-init on 21.1 does tenants come with DO and AS3 RPM installed?
Hello Everyone, This great new feature https://techdocs.f5.com/en-us/bigip-21-1-0/big-ip-f5os-cloud-init-support-velos-rseries/cloud-init-support-velos-rseries.html is not very well described. I think F5 making a demo session or a Guide with pictures will be helpful. For example do the F5os Tenants come with RPM AS3 and DO installed by default for this to work ? Other than that it is mentioned that the DO yaml file needs to be hosted on F5OS ? Where exactly ?
Changes to DO and AS3 GitHub - no longer monitored
I see Changes to DO and AS3 GitHub pages have been updated with these notices: " AS OF FEBRUARY 2026, THIS GITHUB REPOSITORY WILL NO LONGER BE MONITORED OR UPDATED. This repository will remain available, at least temporarily. You can find the latest RPMs and other files on MyF5 Downloads. Refer to 'Filing Issues and Getting Help' for additional details. " I'm also seeing [Deprecated] notices on some VS Code extensions, which may or may not be related. I haven't been able to find any larger announcements regarding these. I have not been able to find any additional detail. Does anyone know if we are about to see a a large shift (or loss) of tooling around BIG-IP?
CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM
We are experiencing an issue where Prometheus is scraping metrics from F5 BIG-IP LTM, causing high CPU and memory utilization on the F5 device. Initial step, we have adjusted the scraping interval to 1 minute, but the issue still. Are there any recommended tuning options or best practices?
Need BIG-IP VE Lab License for Personal Study/Learning
Hi F5 Community, I am setting up a personal home lab to learn. F5 BIG-IP for certification preparation. I have deployed BIG-IP VE but need a lab license. to access the management GUI. Could anyone help me get a free lab/evaluation? license for personal learning purposes? Thank you.
CLI Tool for BIG-IP - f5 cli
I'm releasing a CLI tool for inspecting and manipulating configuration. It’s a whole suite of tools in one, from `f5 grep` through to the advanced jq-style `f5 query` This tool is based on my last 20 years of using and abusing BIG-IP, and the ideas behind all the tooling I built along the way. https://github.com/bitwisecook/tcl-lsp/blob/main/INSTALL-cli.md https://github.com/bitwisecook/tcl-lsp/tree/main/docs/references/f5_query https://github.com/bitwisecook/tcl-lsp/tree/main/samples/for_f5_query there’s lots of documentation, worked examples, KCS style docs covering it, contending help including shell completion support. It requires Python 3.10+ for now. feel free to discuss here or raise issues on GitHub. This is part of my much larger work on an LSP, MCP, and AI tooling for all editors and harnesses to improve f5 tooling. The `query` verb can do stuff like $ f5 query --name ltm=ltm.conf --name gtm=gtm.conf --merge --raw ' $gtm.gtm.wideip[] as $w | $w.pools[] as $gp | $gp.members[] | last(split(., ":")) as $vspath | $ltm.ltm.virtual[] | select(."full-path" == $vspath) as $vs | $vs.pool.members[] | tsv($w.name, $gp.name, $vs.name, $vs.pool, .address, port(.name)) ' ltm.conf gtm.conf | sort -u api.example.com api_app_pool api_vs /Common/api_pool 10.0.2.20 8443 api.example.com api_app_pool api_vs /Common/api_pool 10.0.2.21 8443 www.example.com example_app_pool web_vs /Common/web_pool 10.0.1.10 80 www.example.com example_app_pool web_vs /Common/web_pool 10.0.1.11 80F5 Config - API Access on servers
Hello,, Pl. be gentle as I am new to this and am asking this on behalf of someone as their networking resource is ooo on some emergency. There are two separate, identical server instances hosting identical API's e.g. here is a sample endpoint for one of those API's https://prod1.mydomain.com:8443/ne/curr/CheckInventory https://prod2.mydomain.com:8443/ne/curr/CheckInventory F5 has been configured Round-Robin mode Both Servers added to a new Pool VIP created with ssl enabled (default port 443) https://app.mydomain.com Questions: What additional config neeeds to happen so any request from an external client for CheckInventory endpoint is processed What will be the new endpoint for this API? https://app.mydomain.com/CheckInventory Can it be changed to something else Is there an API mapping that has to be created withing the F5 config that will translate the Request ( https://app.mydomain.com/CheckInventory) to what the server is expecting (https://prod1 (or prod2).mydomain.com:8443/ne/curr/CheckInventory) Thank you
F5 Visual Studio Code extension not listing Big IP device partitions for 17.5.1.5 QKViews
As a general practice, after I upload qkviews to iHealth I then copy them to my visual studio code workspace. In the past, pulling them up using the Big IP extension, it would show all the source conf files and partions. For all 17.5.1.5 qkviews I've generated this past weekend, none of them have the source/partition data. Is this a bug, did F5 change something in the way this new build processes qkviews? The extension is pretty much worthless without it. To be sure it's limited to 17.5, I pulled up several 17.1.3.1 QKViews and the partitions/sources loaded fine.
