v3.20.0

Updated the repository for AS3 v3.20.0. This release contains the following changes. See the Document revision history for more information and links.

• The Generic template is now the default, which effectively eliminates the serviceMain naming requirement. All example declarations have been updated accordingly
• Added support for sharing IP addresses between virtual servers
• Added support for using traceResponse in async mode
• Added the value property to Protocol Inspection profile service compliance checks
• Added support for logging protocol inspection events
• Added support for setting the status code used during a redirect with an endpoint policy
• Added support for using TCP address and port conditions in an endpoint policy
• Added support for configuring management port log destinations
• Added support for re-using IP addresses in a declaration that already exist in /Common
• Pointer_GSLB_Monitor now supports all possible monitor types (previously only bigip, http, and http GTM/DNS monitors were supported)
• Added support for adding addresses to exclude for NAT source translation
• Added support for configuring an ingress HTTP/2 profile
• Added support for use when referencing FTP profiles
• Clarified expiration statement in the async description in “POSTing to a specific tenant”
• AS3 now sets the userAgent string on declarations sent from BIG-IQ

Issues Resolved:

• Fix Data_Group key validation
• Modify schema to improve compatibility with BIG-IQ 7.0
• Fix maximum value on hstsPeriod, GitHub Issue 258
• Unexpected json property message in icrd log when processing declaration

v3.19.1

Released AS3 3.19.1 as a LTS (Long Term Support) version. See the Support page for more information on the AS3 support policy.

This release contains the following change from 3.19.0:

• Changes to the schema to improve compatibility with BIG-IQ 7.0

v3.19.0

Updated the repository for AS3 v3.19.0. This release contains the following changes. See the Document revision history for more information and links.

• Added support for additional TLS options, GitHub Issue 233
• Added support for setting maximum bandwidth on a virtual with AFM
• Added preserve-strict as an option for translateClientPort
• Added support for Idle Timeout policies
• Added support for SSL forward proxy settings in SSL profiles
• Added support for referencing virtualAddresses using the bigip keyword from the Service Classes
• Added Burst Handling as an experimental feature

Issues Resolved:

• Wrong netmask can be configured when a Service_Address precedes a Service_Core-derived class in the declaration that refers to the Service_Address with the use keyword.
• Occasional timeouts waiting for CLI script
• Updated service discovery version to no longer delete and then recreate nodes when a task is updated
• GitHub Issue 247 :Requests to tenant endpoints over-validate
• AS3 errors on DOS_Profile when disabling scrubbingEnable and rtbhEnable
• TLS_Server SSL forward proxy settings are not idempotent on BIG-IP 12.1

v3.18.0

Updated the repository for AS3 v3.18.0. This release contains the following changes. See the Document revision history for more information and links.

Updated the documentation for AS3 v3.18.0. This release contains the following changes:

• Added support for adding Basic Authentication when retrieving objects from a URL
• Added support for enabling traces in responses, GitHub Issue 147
• Added support for configuring IP or L2 forwarding in a declaration
• Added support for multiple SSL profiles in the same virtual server, GitHub Issue 201

Issues Resolved:

• Cannot use malformed DOS vector
• Incorrect word wrapping applied to external monitors
• Path lengths improperly being labeled as too long
• Declarations fail when including Pkcs12 encrypted passphrase
• Possible conflict error when using shareNodes with service discovery
• BIG-IQ doesn’t appear to support TLS1.3 through AS3
• restnoded restarts immediately after posting the declaration (GitHub Issue 232)
• Updated service discovery version to not show Azure secrets in restnoded log

v3.17.1

Released AS3 v3.17.1. This release was a patch for the v3.17.0 release only and contains the following change:

• Fixed an issue in which Path lengths were improperly being labeled as too long

v3.17.0

Updated the repository for AS3 v3.17.0. This release contains the following changes. See the Document revision history for more information and links.

• Added support for cipher rules and cipher groups, as well as referencing a cipher group from the TLS Server or TLS client class
• Added support for negative string conditions in Endpoint policies
• Added support for creating Protocol Inspection profiles
• Added support for the use pointer for Endpoint policies
• Added support for the use pointer for pools and iRules in a declaration
• Added support for referencing existing Bot Defense profiles
• Added support for dots and hyphens in Application and Tenant names, and item names longer than 64 characters
• Added a FAQ entry to define the F5 Automation Toolchain API contract
• Added a FAQ entry about the BIG-IP modules AS3 supports

Issues Resolved:

• Improved idempotency of DNS and LDAP monitors
• Fixed used of ‘action: dry-run’ when running on BIG-IQ
• Fixed regression for cipher rules and cipher groups on 12.1
• Fixed idempotency of GSLB_Pool (A, AAAA) and GSLB_Server on BIG-IP 15+
• FQDN members break deploy in 3.16.0
• Corrected Service Discovery examples to include accessKeyId and secretAccessKey fields.
• Changing a referenced monitor’s destination address (to/from wildcard) can cause HA sync issues

v3.16.0

Updated the repository for AS3 v3.16.0. This release contains the following changes. See the Document revision history for more information and links.

• Added support for internal virtual servers
• Added support for referencing Request and Response Adapt profiles in a declaration
• Added support for referencing ICAP profiles in a declaration
• Added support for configuring virtual address settings on the destination IP while using Source address filtering
• Added support for Server Technologies in a WAF policy
• Added support for referencing external Access (IAM) profiles from a URL
• Added support for PEM iRules
• Added support for skipping certificate validation when retrieving URI data
• Added a note explaining object naming changes in 3.16 and later
• Added an example declaration showing how to use Service Discovery for a specific Consul Service
• Added support for ip-low-ttl and non-tcp-connection for DOS_Profile Network vectors
• Added support for nxdomain and qdcount for DOS_Profile DNS vectors
• Added support for disabledSignatures override to WAF Policies
• Added a note to the top of the Warnings list about AS3 saving the configuration even when AS3 returns No Change

Issues Resolved:

• Service_TCP adds botDefense profile when ASM not provisioned on BIG-IP 14.1+
• Event-Driven SD: pool members deleted when monitor changed
• HTTP_Profile’s properties responseChunking and requestChunking are not compatible with BIG-IP 15.0+
• WAF policy changes are not applied
• Stored declaration is not updated in no change operations
• Expanded declaration is stored by default on BIG-IQ, which causes re-POST and PATCH failures with schema overlay
• File upload to BIG-IP can fail if partial upload of file already exists
• Error messages could have cert and keys in it. The messages are much more general now.
• Error when declaring CA_Bundle with existing cert (certItem[contentKey].replace is not a function).
• Incorrect Container device type is assigned instead of actual product (BIG-IQ, BIG-IP).

Released on 12-03-2019

v3.15.1

Released AS3 v3.15.1. This release was a patch for the v3.15.0 release only and contains the following change:

• Fixed an issue in which the expanded declaration was stored by default on BIG-IQ, which caused re-POST and PATCH failures with schema overlay

v3.14.1

Released AS3 v3.14.1. This release was a patch for the v3.14.0 release only and contains only the following change:

• Updated the schema description for Pool minimumMonitors.

v3.15.0

Updated the repository for AS3 v3.15.0. This release contains the following changes. See the Document revision history for more information and links.

Updated the documentation for AS3 v3.15.0. This release contains the following changes:

• Added support for referencing existing PPTP profiles in a declaration
• Added support for referencing security logging profiles from a NAT rule
• Added support for using VLANs as sources for Firewall Rules
• Added a SCTP Service class and support for referencing existing SCTP profiles
• Added simple examples for using HTTP analytics profiles
• Removed the Service Discovery page from the User Guide as the same information exists in the Service Discovery examples page
• Added a Warning to the shareNodes example about updating declarations using shareNodes
• Added an example declaration showing a virtual service with both Source and Destination IP addresses
• Added support for using event-driven port discovery (see Event-Driven Service Discovery example)
• Added a note to the BIG-IQ page with a link to an article about BIG-IQ and AS3 compatibility and upgrade instructions (see Requirements
• Added an FAQ entry about AS3 collecting non-identifiable usage data (see Usage data
• Added a troubleshooting entry and other notes about the /dist directory going away on GitHub, and the AS3 RPM being available as a release Asset
• Added a note to Route Advertisement example about the serviceAddress location
• Added link on the BIG-IQ page to the BIG-IQ and AS3 video

Issues Resolved:

• Semicolon in endpoint policy rule location causes errors
• Endpoint policy rule that contains “wam” incorrectly adds “acceleration” to the policy controls object
• Unable to remove declaration after posting to service discovery endpoint multiple times
• Reduce log severity when previous declaration is not found on startup
• Fix mis-application of bot-defense when ASM is not provisioned