Are F5 devices devices supported in any way for scanning? (finding vulnerabilities in the devices themselves)
I believe the answer is a no already, and the next question, is there a path to have them added for updated scanning?
They are supported. Use a unix record and scan the management ip and port. If you search the knowledgebase, you will see multiple vulnerabilities for f5.
If you have any problems with the SSH authentication required for OS+version discovery, try adding privilege "advanced" to the ssh user shell. That was a recommendation from Qualys support (that I saw in an old community post), however something was still broken that they needed to fix for us last year to get SSH authentication to work properly. SNMP authentication works for pulling the OS/version string into INFO/QID=45017 via sysDescr, however Qualys will only use the SSH authenticated shell to set the OS/version. Additionally BIG-IP is supported for OS/version detection, but BIG-IQ is not.
Retrieving data ...