1.2. What’s new in SSL Orchestrator 8?

SSL Orchestrator 8.0 adds the following new features:

  • Improved HA behavior - A streamlined SSL Orchestrator upgrade procedure allows upgrade capabilities that do not break the HA pair.

  • Monitoring and remediation dashboard - SSL Orchestrator upgrades, deployments, and synchronization can be painful if the HA pair is in a bad state. This feature provides status of your HA pair before the upgrade and a remediation button to help fix any issues to ensure you proceed with the HA upgrade when in a good state. This feature also prevents unwanted configuration changes or modifications to an existing SSL Orchestrator configuration, minimizing discrepancies between the two HA devices and their configuration.

  • Strictness improvements - The SSL Orchestrator Protected/Unprotected Configurations improvements provide: the ability to view the configuration differences between created and out of band (OOB) modified changes; the ability to preview configuration changes before applying the changes to the system; the option to either overwrite configuration changes or accept the changes before deployment.

  • Simplied ability to modify network objects - This feature allows you to change network objects thru iApplx. Network objects created for SSL Orchestrator Services like IPs and VLANs can now be modified once created without needing to delete/recreate the service in order to change the network objects.

  • HA recovery tool (ha-sync) - SSL Orchestrator users with a HA setup may use the ha-sync tool and script to troubleshoot and fix HA setup issues (such as when gossip has gone out of sync, when some REST blocks are missing/out of sync, or even when MCP data is out of sync between devices). The ha-sync script includes the diagnostic capability to identify potential issues and can print out all of the issues found with the HA setup. The ha-sync script can then perform a sync-up, which should fix those issues, and ensure that both devices are fully in sync (both in MCP and REST). See the F5 Guided Configuration for SSL Orchestrator: High Availability Diagnostics and Sync-Repair Tool guide for detailed information.

SSL Orchestrator 8.1, 8.3, and 8.4 are bugfix releases.

SSL Orchestrator 8.2 adds the following updates:

  • Data group support - Provides access to data groups in the SSL Orchestrator security policy, for client/server IP geolocation, client/server IP subnet match, and client/server port match. Port match can also now use a range value.


Note the following software dependencies:

  • SSL Orchestrator 8.0 through 8.2 require BIG-IP 16.0.0 and higher 16.0.x.

  • SSL Orchestrator 8.3 and 8.4 require BIG-IP 16.0.1 and higher 16.0.x.

Please refer to the official SSL Orchestrator 8.0 release notes for detailed update information:


Please refer to the official SSL Orchestrator 8.1 release notes for details update information:


Please refer to the official SSL Orchestrator 8.2 release notes for details update information:


Please refer to the official SSL Orchestrator 8.3 release notes for details update information:


Please refer to the official SSL Orchestrator 8.4 release notes for details update information: