v3.13.2

Updated the repository for AS3 v3.13.2. This release was a patch for the v3.13.1 LTS release and contains only the following change:

• Updated the schema description for Pool minimumMonitors.

v3.14.0

Updated the repository for AS3 v3.14.0. This release contains the following changes. See the Document revision history for more information and links.

Updated the documentation for AS3 v3.14.0. This release contains the following changes:

• Added the URL Query Parameter showHash for POST requests which, when set to true, sets an optimisticLock on tenants in the declaration
• Added support for creating a TCP analytics profile in a declaration
• Added support for referencing existing RTSP profiles in a declaration
• Added support for referencing existing TFTP profiles in a declaration
• Added support for referencing existing Anti-Fraud profiles in a declaration
• Added support for using existing Connectivity and Access profiles in a declaration
• Added support for enabling NAT64 in a declaration
• Added support for getting Congestion Control to BBR in a TCP profile
• Clarified the guidance in the FAQ about AS3 and the Common tenant/partition
• Updated the example in 5: Enabling and disabling clientSSL (server SSL profile) from Endpoint policies to properly reference an AS3 clientSsl action and clarify server vs client SSL in AS3

Issues Resolved:

• Unable to use the bigip keyword with profileDOS in a virtual
• Fix possible socket hang up errors with service discovery
• Fix issue where invalid properties would not get caught by validation when async=true
• Unable to update static pool members when event driven discovery is used
• Clean up service discovery tasks when AS3 fails

v3.13.1

Released AS3 3.13.1 as a LTS (Long Term Support) version. See Support.md for more information on the AS3 support policy.

v3.13.0

Updated the repository for AS3 v3.13.0. This release contains the following changes. See the Document revision history for more information and links.

• Added support for including one section of a declaration in another using the include property
• Added support for using certificates in HTTPS health monitors
• Added support for changing the enforcement mode of a WAF policy retrieved from a URL
• Added support for using the reject and accept-decisively actions in a firewall rule
• Added support for creating a DNS Cache in a declaration
• Updated the description of the replace row in the PATCH section of the API Methods reference page to change the example from add to adminState
• Added a new troubleshooting entry for setting Persistence to none

Issues Resolved:

• Analytics profile fails after upgrading between AS3 versions
• Fix problem where using bigip reference to certificate wouldn’t also reference the key
• Allow GSLB Virtual Server to accept 0 for port and addressTranslationPort
• Cannot reference pre-existing endpoint policies
• Allow 'all' value for Pool minimumMonitors
• Fix DOS_Profile's bot defense mode option on BIG-IP 14.1+
• Fix idempotency issues in DOS_Profile on BIG-IP 14.1+
• Allow reference to an existing policy when ASM is not provisioned; previously the system would unnecessarily check if ASM was provisioned.

v3.12.0

Updated the repository for AS3 v3.12.0. This release contains the following changes. See the Document revision history for more information and links.

• Added support for authenticationFrequency in TLS_Client
• Added support for referencing iRules LX profiles in a declaration
• DNS profiles can now point to transparent and validating resolver caches
• Added the schema files from previous releases to the GitHub repository
• Updated Validating a Declaration to clarify the schema URL to use
• Updated the documentation theme and indexes

Issues Resolved:

• BIG-IQ 6.1 rejects pkcs12Options
• AS3 cannot create IPv6 wildcard fastL4 VS
• Service Discovery nodes created only in /Common/
• schemaOverlay can conflict with defaults during a patch action
• AWS Service Discovery needs to be deployed twice to be successful
• SNAT not applied to NAT policy
• BIG-IQ can sometimes fail to authorize with X-F5-Auth-Token
• Generic GSLB servers can not be created without any monitors
• Address that has ‘use’ which refers to an address of 0.0.0.0 causes wrong mask

v3.11.0

Updated the repository for AS3 v3.11.0. This release contains the following changes. See the Document revision history for more information and links.

• Increased the character limit of property name, label, and remark from 47 to 64
• Modified DELETE behavior so it no longer deletes the entire declaration history
• Added support for discovering virtual servers in GSLB Servers
• Added support for using Persist actions in an Endpoint policy
• Added support for OCSP Certificate Validation
• Added a detailed declaration example for using the staplerOCSP parameter in a declaration
• Enabled the use property for Pointer_SSL_Certificate (DOS_Profile, Certificate, Certificate_Validator_OCSP)
• Added support for Consul Service Discovery with CA Certificates
• Added support for using Consul Service Discovery without certificate validation
• Added a troubleshooting entry and a note in the Warnings section stating that AS3 doesn’t automatically install across Device Groups
• Added a section on uninstalling AS3
• Added a detailed declaration example for using shareNodes to reuse nodes across tenants
• Added a note to the Warnings section about using AS3 with GSLB features
• Added a section on about upgrading BIG-IP versions when AS3 is installed

Issues Resolved:

• HTTP Redirects not working when fetching remote WAF_Policy file
• id value of null causes rest framework timeout
• Attach LDAP Profile startTLS to virtual server
• Missing bot-defense profile properties for 14.1
• /CIDR notation is not working in Service_HTTP
• Deleting tenant, also deleted GSLB topology
• Service_L4 declarations failing in TMSH with profileTrafficLogs

Released on 5/7/19

v3.10.0

Updated the repository for AS3 v3.10.0. This release contains the following changes. See the Document revision history for more information and links.

• Added support for Stream Profiles
• Added support for application security options in the Security Log Profile
• Added support for Splunk as a Log Destination type
• Added support for securing LDAP with STARTTLS
• Added support for creating FTP profiles
• Added support for FTP monitors
• Added support for sending multiple declarations in a request with BIG-IQ
• Added support for sending multiple declarations in a request with the Docker container
• Added support for using SSH Proxy profiles
• Added support for Accelerated Signatures and TLS Signatures properties in a DOS Profile
• Improved the consistency of async responses
• Added a new troubleshooting entry for an error when sending large declarations
• Added a new troubleshooting entry for Service Discovery configuration in 3.10.0
• Added a note to the Notes and Tips section and the relevant example declaration sections about when a Firewall_Address_List contains zero addresses, a dummy IPv6 address of ::1:5ee:bad:c0de is added in order to maintain a valid Firewall_Address_List.
• Added two new FAQ entries, one describing why an AS3 TLS_Client creates a BIG-IP Server SSL profile and TLS_Server creates a Client SSL profile, and :the other on how to synchronize BIG-IP configurations with AS3

Issues Resolved

• AS3 fails to start if restjavad is not fully ready
• Malformed POST body causes restnoded to reboot
• ?async=true universally triggers cloud-libs installation
• Large declarations report failure
• DNS Profiles with default properties can error on 12.1
• POST requests to the /declare endpoint on BIG-IQ always trigger cloud-libs install
• Cloud-libs always installs from Container
• Disable non-POST requests for Container
• Discovery worker encryption fails on 14.1
• Empty array in declaration throws error
• Unwanted error messages in /var/log/ltm
• Security_Log_Profile declaration produced errors if storageFormat key was not provided
• Radius_Profile not idempotent on BIG-IP 13.0
• PATCH requests to BIG-IQ are not always applied to the right tenant
• PATCH async=true does not work
• No addresses in Firewall_Address_List throws error
• The /task endpoint does not work when running in a container
• authenticationTrustCA not validating in Visual Studio Code
• Upgrading AS3 can fail when Telemetry Streaming is already installed
• Deleting a large config throws "connection refused" error
• Posting to AS3 container can fail querying Service-Discovery config from target device
• Cannot add a wildcard virtual address with defaultRouteDomain
• Pool members not deleted properly
• Multi-declaration posts periodically fail to 'Cannot read property installCloudLibsNeeded of undefined'
• Error POSTing declaration with large number of Endpoint_Policy referencing ASM policies

v3.9.0

Updated the repository for AS3 v3.9.0. This release contains the following changes. See the Document revision history for more information and links.

• Added instructions for using Microsoft Visual Studio Code to validate declarations. Removed all references and versions of the previous validator from GitHub.
• Added support for using Clone pools
• Added support for Event-Driven Service Discovery
• Added support for HTTP (web) Acceleration profiles
• Added using Capture filters in an Analytics profile
• Added support for using Client Certificate Constrained Delegation (C3D) features in TLS Client and Server profiles
• Added support for remarks on Endpoint policies and Endpoint policy rules
• Renamed the example declarations in the Postman Collection posted to GitHub which makes identifying individual declarations easier

Issues Resolved

• Unable to update parentProfile for Classification_Profile
• Unable to delete Classification_Profile
• Unable to update parentProfile for Radius_Profile and IP_Other_Profile
• Unable to create Radius_Profile or update other properties when PEM is not provisioned
• Unable to resume declaration if interrupted by cloud-libs installation
• Discovery Worker Pool Members not respecting per-member settings
• DNS_Zone class not idempotent
• GSLB_Server declarations are not idempotent
• GSLB_Pools can encounter read-only metadata failure
• HTTP_Profile fallbackRedirect: declaration is invalid should match format URL, not Hostname
• translateServerAddress for virtuals not set to correct default on 12.1
• Unable to use non-default tcp profile on HTTPS services on 12.1
• External monitors not created or deleted properly
• Idempotence problem with HTTP_Compress
• Leftover declaration after POSTing almost empty tenant
• Requests may incorrectly return 202 for service discovery component installation
• Encryption/secret invalid radius server value on 14.1
• Service discovery pool members set the pool monitor as their per-member monitor
• Unable to attach WAF policy to service
• AS3 fails to start in container
• AS3 sometimes deletes gtm pools from /Common on 12.1
• Unable to detect management port 8443 on 1-NIC deployments by default
• Endpoint_Strategy operands to do not parse correctly
• Enforcement_Radius_AAA_Profile not idempotent
• Enforcement_Service_Chain_Endpoint fails to create service-endpoints
• Enforcement_Policy fails to DELETE when using serviceChain
• Enforcement Format Script cannot ready property “tclScript” of undefined
• Enforcement_Format_Script cannot read property “replace” of undefined
• Enforcement_Policy not idempotent with flowInfoFilters
• Idempotence problem with Log_Publisher when removing description
• insertHeader of HTTP_Profile adds slash
• Some remote users could not successfully complete declarations
• Unable to POST DNS_Profile without setting loggingEnabled to false

v.3.8.1

Updated the repository for AS3 v3.8.1. This maintenance release contained the following changes (see the Document revision history for more information and links):

• Corrected an issue that prevented AS3 3.8.0 from running in the container (see AS3 in a Container)
• Corrected an issue where “forEach” was not working in policyWAF
• Corrected a Service Discovery Pool member monitor issue
• Corrected an idempotent issue around SD address-lists
• Added another example declaration to help clarify the serviceMain naming requirement

v3.8.0

AS3 v3.8.0 contains the following changes. See the Document revision history for more information and links.

• Posted a Postman Collection to GitHub which contains all of the example declarations in this guide
• AS3 now auto-generates an ID if you do not specify an ID in a declaration (such as "id": "autogen_5bb43bfa-85ee-42ff-8ad9-a00598da590d")
• Added support for using a Multiplex (OneConnect) profile
• Added support for Route Advertisement for Service_Address
• Added support for RADIUS monitors
• Added support for referencing existing SIP and FTP profiles
• Added support for using Traffic Log profiles
• Added support for WebSocket profiles
• Added support for Rewrite profiles
• Added support for an Endpoint policy rule for disabling the WAF
• Added support for Endpoint polices with SSL SNI Match conditions and HTTP action
• Added an example declaration with client and server TLS/SSL profiles in the same declaration
• Updated the All AS3 properties example declaration, which is now auto-generated and will always be up-to-date
• Added additional categories to the Additional Declarations section.
• Removed the self-test endpoint, and the self test page from this guide. Use GET to the /info endpoint to verify successful AS3 installation

Issues Resolved:

• chainCA Common reference throws error
• Security_Log_Profile Schema incorrectly contains string values for booleans
• Remark fields do not work on analytics profiles, DNS nameservers, GSLB servers, and multiplex profiles
• The tcpOptions for TCP_Profile are not always idempotent
• Cannot rename FQDN nodes

Released on 1/23/19