WAF Feature Mapping between BIG-IP and BIG-IP Next¶

URLs¶

BIG-IP TMOS Sub Feature	BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Allowed URLs	Supported. Clickjacking not tested	Supported Partially Not supported: * Positional parameters * Clickjacking protection * Support rendering in iframe * Header-based content profiles * HTMS5 Cross-domain Request enforcement * Override character on URL * Methods override
Differentiate between HTTP/HTTPS	Supported	Not Supported
Flows URL	Not Supported	Not Supported
Disallowed URL's	Supported	Not Supported
Web-sockets URL's	Not Supported	Not Supported
Wildcards Order	Supported	Not Supported
Character Set	Supported	Not supported

Cookies¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported Partially Not Supported: * Wildcard order * base64 Decoding * Insert Same site attribute

IP Allow list/Deny List¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

Parameters¶

BIG-IP TMOS Sub Feature	BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Navigational Parameters	Not tested	Not Supported
Parameter Level	Supported except Flow	Only global (no URL, Flow)
Parameter Location	Supported	Path, header, and Cookie not supported
Parameter value type - User input value	Supported	Supports only Alphanumeric and File upload (partially) Not supported: * Parameter value type - Array value, Ignore value, Static content, JSON value, XML value * Data type - Regular expression, Base64, Enum * Value Meta Characters
Parameter value type - Dynamic + Parameters extractions	Support extract from URL Out of scope: * Extract from: File types, Regex * Extraction methods configuration	Support extract from URL Out of scope: * Extract from: File types, Regex * Extraction methods configuration
Sensitive Parameters	Supported	Not Supported
Wildcards order	Supported	Not Supported
Character Set	Supported	Not supported

Mitigation Pages¶

BIG-IP TMOS Sub Feature	BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Default Mitigation Page	Erase Cookies not supported	Erase Cookies not supported
Login Page	Erase Cookies not supported	Not Supported
XML	Supported	Not Supported
Cookie Hijacking	Not Supported	Not Supported
CAPTCHA	Not Supported	Not Supported
CAPTCHA Fail	Not Supported	Not Supported

File Types¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Tested disallowed file types	Supported

Evasion Techniques¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

Attack Signatures¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

Custom signatures¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Not Supported

Custom signatures-sets¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Not Supported

Bot Signatures and Basic Bot¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

HTTP Validation¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

RFC Compliance¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

JSON Content Profile¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Not Supported

XML Content Profile¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Not Supported

OpenAPI/Swagger Content Profile¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Not Supported

CSRF- headers only¶

BIG-IP TMOS Feature	BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Verify Origin	Supported	Supported, without setting parameters
CSRF Token	Not Supported	Not Supported

DataGuard¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

Disallow Geo Locations¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

HTTP/2¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

HTTPS¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

Security Event Logging (traffic logging)¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

Bot logging as part of Security Event Logging¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

System Logging Support¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Not Supported

iRules Support¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported with exceptions documented: WAF related iRules on NEXT	Supported with exceptions WAF related iRules on NEXT

GraphQL Content Profile¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Maximum Query Cost not tested	Not Supported

Signature Updates¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

Threat Campaigns¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported, without option to view the TC signatures and override actions

SSRF¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

IPI¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported, without option to change mitigations Per IPI category

Central Policy Builder¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

WAF Statistics in CM¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

Violation Rating Based Enforcement¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

BADOS¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

DoS Profile¶

General Settings¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Not Supported	Not Supported

TPS Based Detection¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Not Supported	Not Supported

Behavioral and Stress Based Detection¶

BIG-IP TMOS Sub Feature	BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Operation Mode	Enabled/Disabled Supported Blocking/transparent - Not supported. Operation mode == transparent, mitigation mode is set to none.	Enabled/Disabled Supported Blocking/transparent - Not supported. Operation mode == transparent, mitigation mode is set to none.
Thresholds Mode	Not Supported	Not Supported
Stress-based Detection and Mitigation	Not Supported	Not Supported
Behavioral Detection and Mitigation	Bad Actor Detection Supported Request Signature Detection - supported Mitigation Level: none/conservative/standard. Aggressive Protection not supported (Migrated to standard)	Bad Actor Detection Supported Request Signature Detection - supported Mitigation Level: none/conservative/standard. Aggressive Protection not supported (Migrated to standard)
Prevention duration	Not Supported	Not Supported
Record Traffic	Not Supported	Not Supported

Bot Profile¶

General Settings¶

BIG-IP TMOS Sub Feature	BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Enforcement Mode	Supported	Supported
Signature Staging	Not supported	Not supported
Response and Blocking Pages	Not Supported	Not Supported

Bot Mitigation Settings¶

BIG-IP TMOS Sub Feature	BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Mitigation Settings - classes	All classes supported (malicious-bot, suspicious-browser, trusted-bot, unknown, untrusted-bot) + browser Supported Actions: alarm, block ,detect, ignore Unsupported Actions: CAPTCHA, Honeypot, Redirect to Pool, TCP Reset, Rate Limit	All classes supported (malicious-bot, suspicious-browser, trusted-bot, unknown, untrusted-bot) + browser Supported Actions: alarm, block ,detect, ignore Unsupported Actions: CAPTCHA, Honeypot, Redirect to Pool, TCP Reset, Rate Limit
Strict Mitigation Enforcement Cases	Not Supported	Not Supported

|Mitigation Settings Exceptions|Supported: class, signatures, anomalies exceptions.

Not Supported: category exception - workaround exists: add exceptions for all sub signatures/anomalies|Signatures Exceptions|

Microservice Protection¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Not Supported	Not Supported

Browsers¶

BIG-IP TMOS Sub Feature	BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Browser Access	Supported	Not Supported
Browser Validation	Only JS-Free is supported Supported in NEXT: A list of Browser names +min Version +max Version + alarm/block/detect action	Not Supported
Device ID Mode	Not Supported	Not Supported
Verification and Device-ID Challenges in Transparent Mode	Not Supported	Not Supported
Single Page Application	Not Supported	Not Supported
Cross Domain Requests	Not Supported	Not Supported

Mobile Applications¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Not Supported	Not Supported

Signature Enforcement¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Supported	Supported

Whitelist¶

BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
Not Supported	Not Supported

Environmental Capabilities¶

BIG-IP TMOS Feature	BIG-IP Next Support Status	BIG-IP Next CM UI Support Status
HA Support	Supported	Supported
QKView Support	Supported	Supported
Backup & Restore	Supported	Supported

Previous Next

Leave Feedback [+]