Manual Chapter : Additional Access Policy Manager Configuration Information

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
Manual Chapter

Additional Access Policy Manager Configuration Information

F5 Access
for Chrome OS
Session variables

The following table contains a list of session variables and their attributes.

F5 Access Session Variables

F5 Access for Chrome OS supports the following session variables and values.
Session variable
Description
Example value
session.client.app_version
Returns the version of the F5 Access app.
1.0.0.0
session.client.cpu
Returns the client CPU type.
ARM
,
ARM64
,
x86
or
x64
session.client.model
Returns the type of client device.
Chromebook
,
Chromebox
,
Chromebit
, or
Chromebase
session.client.platform
Returns the operating system name.
ChromeOS
session.client.platform_version
Returns the version of the operating system.
45.0.2454.4
session.client.type
Returns the client type.
For this client, this value is always
Standalone
session.client.activex
Returns results of the ActiveX check.
For this client, this value is always
0
session.client.jailbreak
Returns results of a jailbreak check.
For this client, this value is always
0
session.client.version
Returns the client protocol version.
For this client, this value is always
2.0
session.client.js
Returns results of the JavaScript check.
For this client, this value is always
0
session.client.plugin
Returns results of the client plugin capability check.
For this client, this value is always
0
session.client.vpn_scope
Returns the VPN connection scope.
For this client, the value is always
device
session.client.vpn_scope
Returns the VPN tunnel type.
For this client, the value is always
L3
session.client.vpn_start_type
Returns the VPN connection start method.
For this client, the value is always
manual

Access Policy Manager
configuration tips

The following table provides tips for setting up
F5 Access for Chrome OS devices.
Feature
Information
Client endpoint checks
Client endpoint checks
are not currently supported.
Password caching policy
  • Under
    Client Policy
    , if
    Enforce session settings
    is not enabled, clients can save their encrypted password to disk, regardless of what settings are configured under
    Session Settings
    .
  • Under
    Password Caching Options
    if you set
    Cache password within application for
    for a specific amount of time, after a successful logon the submitted credentials are cached until one of the following events occurs:
    • The specified credential cache duration expires.
    • The server address of the configuration within the application changes.
    • The user name of the configuration within the application changes.
    • The BIG-IP® Edge Client® user switches between configurations and makes a new connection.
    • The configuration is deleted and a new one is created.
  • On the
    Chrome OS device
    , even if a user clicks
    Disconnect
    , then terminates the application or restarts the device, cached credentials are not cleared until the specified cache time.
Client certificates
Client certificate authentication is supported in Web Logon mode with or without a password. In standard logon mode, certificates are supported, but a password is required. A password (including an empty password) can be saved in the configuration.

About defining a server from a URL

You can add BIG-IP® server definitions to F5 Access from a URL. You can provide these URLs to users, so they can create and/or start VPN connections without having to manually start the application.
Use the following URL and parameters to create a server:
Special characters in parameters must be URL-encoded.
The syntax to define a server from a URL follows.
server
The server address is either a DNS name or an IP address.
name
An optional description of the server.
username
An optional parameter used to specify the user name with which to start the connection. When the
username
is specified without a
password
, then an authentication prompt is displayed. If no
username
is specified during server creation, the user is prompted for it at session initiation, if required.
password
An optional parameter used to specify the password with which to start the server connection. When the
password
parameter is specified, it is used as a one-time password and not saved in the configuration.
logon_mode
Specifies whether the logon mode is the standard logon (
native
) or web logon (
web
). The default logon mode is
native
.

Examples of defining a server from a URL

The following examples illustrate how to define servers for F5 Access connections from a URL.
Create a server at
access.siterequest.com
in Web Logon mode:
http://cdn.f5.com/product/apm/edgeclient/chromeos/api/create?server=access.siterequest.com&logon_mode=web
Create a server named ChromeAccess at:
access.siterequest.com
In this scenario,
logon_mode
is not specified, so native logon mode is assumed.
http://cdn.f5.com/product/apm/edgeclient/chromeos/api/create?name=ChromeAccess&server=access.siterequest.com
Create the same server with a user name, password, and certificate:
http://cdn.f5.com/product/apm/edgeclient/chromeos/api/create?name=ChromeAccess&server=access.siterequest.com&username=ChromeAccess&password=ChromeOSdemo&cert_issuer_cn=DemoIssuerCA
Create the same server with a user name and certificate:
http://cdn.f5.com/product/apm/edgeclient/chromeos/api/create?name=ChromeAccess&server=access.siterequest.com&username=ChromeAccess&cert_issuer_cn=DemoIssuerCA
Create the same server with a certificate:
http://cdn.f5.com/product/apm/edgeclient/chromeos/api/create?name=ChromeAccess&server=access.siterequest.com&cert_issuer_cn=DemoIssuerCA

Enforcing logon mode for F5 Access clients

You can force F5 Access clients to log on through the native logon dialog box, or to log on with a web page, by enforcing the logon mode.
  1. On the Main tab, click
    Access Policy
    Secure Connectivity
    .
    A list of connectivity profiles displays.
  2. Select the connectivity profile that you want to update and click
    Edit Profile
    .
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  3. From the left pane of the popup screen, select
    Chrome OS Edge Client
    .
    F5 Access settings for Chrome OS systems display in the right pane.
  4. To force the app to use a selected logon mode and prevent users from changing it:
    1. Select the
      Enforce Logon Mode
      check box.
    2. From the
      Logon Method
      list, select
      web
      or
      native
      .
  5. Click
    OK
    .
    The popup screen closes, and the Connectivity Profile List displays.