lailpratama
Nimbostratus
NimbostratusUpgrade BIG-IP auto update attack signatures
Hi,
I want upgrade BIG-IP to the latest version, is that need to update the attack signatures manual too or that auto updated after upgraded was done?
Forum Discussion
2 Replies
Nathan_F__F5_Employee
Hi lailpratama,
You do not need to upgrade the BIG-IP software version to also update the ASM attack signatures. To update the signatures you just need to make sure your license has been reactivated within the last 18 months. To see the full licensing requirements, please see the article below.
K8217: Managing BIG-IP ASM attack signatures (11.5.x - 14.0.x)
https://support.f5.com/csp/article/K8217
"For the system to initiate the attack signature update, the Service Check Date in the BIG-IP ASM system's license must be within 18 months of the system date."
Regarding attack signature updates being included in the software image, I believe that they are included. That being said, if a new attack signature update has been released after the software image that you are upgrading to then you will still need to update your attack signatures after the upgrade. My recommendation would be to simply do the upgrade and then check for attack signature updates via the GUI under Security ›› Security Updates : Application Security.
-Nathan F
Bob_RairighBe careful to read the notes. Prior to version 14 Java Script challenge updates come with the signature updates. It takes 48 hours for them to trickle in because of encryptions and 48 hours to back it out if needed.