What's new with F5 ADSP

New F5 BIG-IP NEXT CNF 2.0 optimizes apps and APIs in Kubernetes environments

F5 unveils F5 BIG-IP Next Cloud-Native Network Functions (CNF) 2.0, an evolved solution that significantly enhances the capabilities of the F5 Application Delivery and Security Platform (ADSP) for large-scale cloud-native applications. F5 BIG-IP Next CNF 2.0 leverages advanced Kubernetes-native features to deliver scalable, efficient, and secure network functionality, helping organizations manage complex, resource-intensive operations driven by high-bandwidth AI applications. Read the press release.

Other News and Analyst Reports:

• EMA: F5 Launches Application Delivery and Security Platform
• ZK Research: F5 Introduces Converged App Delivery and Security Platform Optimized for AI
• 451 Research: F5 aims to optimize and secure AI applications
• F5 Secures Sensitive Data and Streamlines Compliance with New FIPS Offering on Red Hat Enterprise Linux
• F5 Expands Global Footprint with New Point of Presence in Indonesia to Strengthen Data Sovereignty, Reduce Latency, and Secure AI-Powered Applications

Accelerate AI 2025

During the week of July 14th, F5 hosted Accelerate AI and provided an in-depth look into what it means to be ready as organizations travel the path to an AI-supported future. Each day we focused on a different theme—discussing the hurdles companies face securing, connecting, and scaling their AI applications. We showcased some of the industry-leading innovations we’re incorporating into the F5 Application Delivery and Security Platform (ADSP) as we help customers thrive in the AI era. Learn more about Accelerate AI, on f5.com.

AI Reference Architecture

As part of Accelerate AI we released the latest iteration of the F5 AI Reference Architecture interactive experience showcasing where F5 solutions and our partners fit into a full-scale AI architecture, from data ingest to model inference. Understanding where F5 fits given our widespread footprint in the largest global enterprises was a key request from customers who want to know how the F5 Application Delivery and Security Platform supports and secures AI workloads at scale. Tour the AI Reference Architecture.

2025 TrustRadius Top Rated Winner

TrustRadius, a customer feedback and peer review platform, named several F5 products with their Top RatedAward, an achievement based on unbiased recognition of excellent technology products. View the article here. 

• F5 Distributed Cloud Bot Defense for Application Security
• F5 Distributed Cloud WAF for Web Application Firewalls
• F5 Distributed Cloud API Security for API Security
• F5 Distributed Cloud Network Connect (first award) for Cloud Management
• F5 BIG-IP for Load Balancing

Distributed Cloud Services Release

New capabilities spanning API Security, WAF and Multicloud Networking. Some of the more notable features include:

• Proactive API Security Testing. Introduced automated testing for vulnerabilities like BOLA, Broken Authentication, BFLA, and SSRF – enabling earlier detection and remediation in the API lifecycle
• Client-Side Defense Enhancements. Added HTTP header tamper detection and PCI DSS 4.0 compliance support for AWS deployments – strengthening protection against client-side threats
• Security Dashboard for BIG-IP Observability. A new tab was added to provide centralized visibility into BIG-IP security events and metrics
• Malware Protection (early access). Enabled real-time scanning for malicious file uploads, enhancing WAAP capabilities for threat prevention
• Customer Edge (CE) Expansion. CE is now available on AWS Marketplace and GA on Nutanix, Google Cloud, OCI, and OpenStack – streamlining deployment across hybrid environments

For more information on all of the new features and fixes, please reference the changelog or the ATOM release summary on Highspot.

BIG-IP v17.5.1

New features and fixes that ensure readiness against fast-approaching threats and that enhance authentication and authorization support within BIG-IP, including:

• Protecting the future of privacy and security (Server-Side Post-Quantum Cryptography)
• Supporting encrypted versions of modern authentication means (Support for Okta Encrypted SAML Identity Providers Using the Retrieval Method)
• Enabling secure remote authentication and IPv6 (Support remote auth server connection over IPv6)
• Enhancing granular access controls (Dynamic support for up to 8KB claims data in OAuth authorization server)
• Streamlining troubleshooting and visibility (Support for EDNS0 Extended Error Codes in RFC 8914).

For more information on Post-Quantum Cryptography, please view the F5 press release. For additional details on the new features and fixes, please refer to the BIG-IP v17.5.1 release notes.

AI Gateway V1.1

Includes the following highlights:

• Major enhancements to transaction export, including a new format (this is a breaking change to an experimental feature), Azure Blob Storage support, and OpenTelemetry tracing for exports. Note: this feature remains experimental and may change in future releases
• Service reliability improvements: fallback and retry support for HTTP requests to services
• Expanded observability: new OpenTelemetry metrics for services and processors
• Expanded troubleshooting: stack trace debug logging on panics, and detailed raw HTTP logging

AI Gateway V1.1.1

This release includes a basic option for flagging to enable experimental features and an experimental LLM request/response header for propagation.

For more information, visit the release changelog for AI Gateway on CloudDocs.

BIG-IP Next for Kubernetes on NVIDIA BlueField-3 DPUs V2.1

Includes the following features:

• LLM routing with BIG-IP Next for Kubernetes
• Intelligent load balancing for AI with BIG-IP Next for Kubernetes
• Scaling MCP server instances
• Securing MCP servers with F5 BIG-IP Next for Kubernetes
• Token logging and policies

NGINX Ingress Controller 5.1

Features enhanced observability, strengthens API access control, and integrates with the NGINX One Console for unified management.

• Integration with NGINX One Console: Connect NGINX Ingress Controller deployments to the NGINX One Console for unified observability and management
• OpenTelemetry Tracing Support: Reintroduces observability through native OpenTelemetry Tracing
• Advanced API Rate Limiting: Add granular control to backend API access with enhanced rate-limiting capabilities

For more detailed information, as well as enhancements and bug fixes, please refer to the release notes.

NGINX Instance Manager 2.20

This update focuses on simplifying deployments, reducing system requirements, and enhancing management and telemetry options.

• Lightweight Mode: Reduce system requirements by deploying NGINX Instance Manager without the ClickHouse database. Metrics and events are unavailable in this mode, but core features remain fully functional.
• Support for Multiple Subscriptions: Manage and consolidate usage across multiple NGINX Plus subscriptions within a single Instance Manager deployment, even in air-gapped environments
• Telemetry Enhancements: Opt in or out of telemetry reporting to align with an organization’s data-sharing policies

For detailed information on these features, as well as other enhancements and bug fixes, please refer to the release notes.

NGINX Gateway Fabric 2.0.0

This release introduces a solution for a more scalable, distributed architecture, improved security, and advanced functionality. This release lays the groundwork for future integrations with the NGINX One Console and features:

• Data and Control Plane Separation: Decouples the control plane from the data plane, allowing for independent scaling, enhanced security, and expanded use cases
• Multiple Gateway Support: Define multiple Gateway objects, each with its own independently scalable deployment, for better isolation
• HTTP Request Mirroring: Mirror traffic to test new applications, analyze security issues, or observe production traffic without impacting users
• Listener Isolation: Guarantees that requests match only the most specific Listener to ensure intuitive setups and prevent accidental misconfigurations

For detailed information on these features, as well as other enhancements and bug fixes, please refer to the release notes.

NGINX Plus R34

This release brings features to enhance scalability, observability, and security in the data plane.

• Forward Proxy for Usage Reporting: allows NGINX customers to send their license telemetry to F5 via an existing enterprise forward proxy
• Native OIDC Support: Implementation of native OIDC module for more simplified configuration and better performance compared to the existing njs-based solution
• Dynamic SSL Certificate Caching: Improved NGINX reload experience by caching dynamic SSL certificates and preserving the cache across configuration reloads
• Enhanced OpenTelemetry: Improvements to the OTEL module including TLS support for sending OTEL traces

For more details, refer to the release notes.

NGINX One Console

This quarter was full of updates that enhanced fleet management, security, and collaboration.

• Fleet Visibility Alerts: customers can now receive critical updates and notifications about their NGINX fleet in their preferred method: SMS, email, Slack, Pager Duty, webhook, etc.
• RBAC with Namespaces: Isolate resources with namespaces and manage granular permissions for improved governance. Custom Roles: Use narrowly scoped API groups to create custom roles and enforce least-privilege access policies across distributed environments
• Import/Export for Staged Configurations: Share and apply configurations in isolated environments

For more details, refer to the release notes.

F5 NGINXaaS for Azure

GA of the Web Application Firewall (WAF) feature helps users secure, automate, and scale modern apps and APIs with a platform-agnostic WAF as a part of a unified cloud stack. For more details, refer to the announcement blog.

NGINX App Protect (NAP) WAF 4.15 and 5.7

• IP Intelligence / IP Reputation – enhances application security by proactively blocking threats based on the reputation of the IP address, including phishing proxies, infected sources, and more, bringing feature parity with BIG-IP and XC application security offerings (This enhancement is offered at no additional cost)
• Certification with Rocky Linux 9 – enables versatile NAP WAF deployments also for customers moving away from CentOS due to its EOL
• IP Address Lists (IP Groups) – simplifies operations by allowing users to define and manage groups of IP addresses or networks, instead of handling them individually (This enhancement applies both at the policy level and as a condition for Override Rules)

Additional information is available in 4.15 and 5.7 release notes.