Applies To:Show Versions
Defining Connectivity Options
profiles and Network Access
- Compression settings for network access connections and application tunnels
- Citrix client settings
- Virtual servers and DNS-location awareness settings for BIG-IP Edge Client® for Windows, Mac, and Linux
- Password caching settings for BIG-IP Edge Client for Windows, Mac, and mobile clients
- Settings for mobile clients
Create a connectivity profile for access tunnels and
- On the Main tab, click.A list of connectivity profiles displays.
- ClickAdd.The Create New Connectivity Profile popup screen opens and displays General Settings.
- Type aProfile Namefor the connectivity profile.
- Select aParent Profilefrom the list.APM provides a default profile,/Common/connectivity.
- Select aFEC Profilefrom the list.This setting is optional.You can select a previously configured FEC profile only when FEC is included in the BIG-IP system.
- From the Compression Settings folder, clickNetwork Accessand make changes to the network access compression settings.The settings specify compression settings for network access tunnels.The default settings are displayed in the right pane.
- From the Compression Settings folder, clickApp Tunneland make changes to the application tunnel compression settings.The settings specify available compression codecs for server-to-client connections. By default, compression is enabled, but no codecs are selected in the Available Codecs area.The default settings are displayed in the right pane.
- ClickCitrix Client Settingsfolder to specify the Citrix client bundle. A Citrix client bundle enables delivery of a Citrix Receiver client to a user's Windows computer when a client is not currently installed, or when a newer client is available. By default, a connectivity profile includes the default Citrix bundle, /Common/default-citrix-client-bundle, which contains a download URL, receiver.citrix.com.
- To configure security settings, servers, OAuth settings, and location-awareness for BIG-IP Edge Client for Windows and macOS, clickWin/Mac Edge Client. Edge Client settings for Mac and Windows-based systems display in the right pane.Refer sectionsConfiguring a connectivity profile for Edge Clientfor Windows and macOS in theBIG-IP Access Policy Manager: Edge Client and Application Configurationfor more details.
- Retain the default (selected) or clear theSave Servers Upon Exitcheck box to specify Edge Client to maintain a list of recently used user-entered APM servers.
- To enable the client to try to use the Windows logon session for an APM session also, select theReuse Windows Logon Sessioncheck box.
- To enable the client to try to use the credentials that they typed for Windows logon in an APM session also, select theReuse Windows Logon Credentialscheck box.To support this option, you must also include theUser Logon Credentials Access Servicein the Windows client package for this connectivity profile, and you must ensure that the access policy includes an uncustomizedLogon Pageaction.
- To enable the client to launch an administrator-defined script on session termination, select theRun session log off scriptcheck box.
- To enable the client to display a warning before launching the pre-defined script on session termination, selectShow warning to user before launching scriptcheck box.
- To support automatic reconnection without the need to provide credentials again, select theAllow Password Cachingcheck box.
- To cache the user's password securely on thediskor in thememory, select the location to save from theSave Password Methodlist. If you selectmemory, thePassword Cache Expiration (minutes)field displays with a default value of 240. You can either retain the default value or type the number of minutes to save the password in memory.
- To enable automatic download and update of client packages, from theComponent Updatelist, selectyes(default).
- ClickOAuth Settingsin the left pane to specify optional OAuth settings that Edge Client will use for authenticating Native Apps using OpenID Connect specification. When OAuth is configured, the end-users are required to authenticate via the OAuth authentication flow. This OIDC support provides consistent authentication experience by enabling two-factor verification and Single Sign-On across Browser and Edge Client. Refer sectionConfiguring policies for OAuth client and resource serverin theBIG-IP Access Policy Manager: OAuth Concepts and Configurationfor details on adding an OAuth Resource Server to the access policy.BIG-IP 16.0.0 includes ability to configure OAuth settings that will work only with a compatible version of client (7.2.1 or above).For security reasons, when configuring for OAuth settings, ensure that the BIG-IP local traffic policy enforces HTTPS by redirecting HTTP requests to HTTPS for a virtual server on the BIG-IP system. Refer OIDC RFC for details on OAuth 2.0 Authorization Framework.
- Select the OAuth provider in theProviderlist. If you selectNone, OAuth configuration is disabled.
- Specify the OAuth Client ID identifier in theClient IDfield. OAuth configuration is disabled if the client ID is not specified.
- Specify the scopes that will be requested by the client in theScopesfield. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings defined by the authorization server. When using multiple strings, the order does not matter. All printable ASCII characters are allowed excluding quote (") and backslash (\).
- In theComplete Redirection URIfield, enter the optional URI for OAuth client to be directed to when authentication completes or fails. The default APM page is used if this URI is not specified.
- ClickServer Listin the left pane to specify the list of APM servers to provide when the client connects. The servers you add here display as connection options in the BIG-IP Edge Client.
- ClickLocation DNS Listin the left pane to specify DNS suffixes that are in the local network. Providing a list of DNS suffixes for the download package enables Edge Client to support the auto-connect option. WithAuto-Connectselected, Edge Client uses the DNS suffixes to automatically connect when a client is not on the local network (not on the list) and automatically disconnect when the client is on the local network.
- TheMobile Client Settingsfolder in the left pane contains settings to configure F5 Access for iOS and Android and Edge Portal for iOS and Android. A connectivity profile contains default settings for mobile clients, but you can configure them to fit your situation.Refer sectionsConfiguring a connectivity profile for Edge Portalfor iOS and Android andConfiguring a connectivity profile for F5 Accessfor iOS and Android in theBIG-IP Access Policy Manager: Edge Client and Application Configurationfor more details.
- ClickOK.The popup screen closes, and the Connectivity Profile List displays.
profile compression settings
Connectivity profile general settings
Text specifying name of the connectivity profile.
A connectivity profile, selected from a list.
A profile inherits settings from its parent profile.
A forward error correcting (FEC) profile, selected from a list.
A FEC profile applies to a network access tunnel.
FEC profiles might not be available on all BIG-IP systems.
Text description of the connectivity profile.
Text specifying the partition and path in which the profile is stored and used.
Connectivity profile network access compression settings
Compression Buffer Size
Number of bytes. The default is
Specifies the size of the output buffers containing compressed data.
gzip Compression Level
A preset, or a value between
Specifies the degree to which the system compresses the content. Higher compression levels cause the compression process to be slower and the result to be more compressed. The default compression level is
6 - Optimal Compression (Recommended), which provides a balance between level of compression and CPU processing time. You can also select compression level
1 - Least Compression (Fastest), the lowest amount of compression, which requires the least processing time, or
9 - Most Compression (Slowest), the highest level of compression, which requires the most processing time. You can also select a number between
gzip Memory Level
Specifies the number of kilobytes of memory that the system uses for internal compression buffers when compressing data. You can select a value between
gzip Window Size
Specifies the number of kilobytes in the window size that the system uses when compressing data. You can select a value between
Selected or cleared.
Specifies, when enabled, that the system monitors the percentage of CPU usage and adjusts compression rates automatically when the CPU usage reaches either the
Highvalue or the
Specifies the percentage of CPU usage at which the system starts automatically decreasing the amount of content being compressed, as well as the amount of compression which the system is applying.
Specifies the percentage of CPU usage at which the system resumes content compression at the user-defined rates.
Connectivity profile application tunnel compression settings
Specifies the available compression codecs for server-to-client connections. The server compares the available compression types configured here, with the available compression types on the client, and chooses the most effective mutual compression setting.
Specifies whether to enable to disable adaptive compression between the client and the server.
From 1 to 9
Specifies a compression level for deflate compression. Higher numbers compress more, at the cost of more processing time.
Specifies LZO compression. LZO compression offers a balance between CPU resources and compression ratio, compressing more than Deflate compression, but with less CPU resources than Bzip2.
Specifies deflate compression. Deflate compression uses the least CPU resources, but compresses the least effectively.
Specifies Bzip2 compression. Bzip2 compression uses the most CPU resources, but compresses the most effectively.
Connectivity profile Win/Mac Edge Client settings
Save Servers Upon Exit
Specifies whether Edge Client maintains a list of recently used user-entered APM servers. Edge Client always lists the servers that are defined in the connectivity profile, and sorts them by most recent access, whether this option is selected or not. This is selected by default.
Reuse Windows Logon Session
Specifies to enable the client to reuse the Windows logon session for an APM session too. This is cleared by default.
Reuse Windows Logon Credentials
Specifies to enable the client to reuse the credentials that end-users typed for Windows logon for the APM session too. This is cleared by default.
Run session log off script
Specifies to enable the client to launch an administrator-defined script on session termination. This is cleared by default. The administrator specifies parameters which are passed by Edge Client to the script file. These parameters are defined by the session variable
session.edgeclient.scripting.logoff.params. The client retrieves parameters from BIG-IP after session establishment. The administrator has the flexibility to set up variable values according to policy branching. Each time the Edge Client closes an APM session, the configured script is invoked. On Windows, the script is located at
C:\Program Files\F5 VPN\scripts\onSessionTermination.bat.
Show warning to user before launching script
Specifies to enable the client to display a warning before launching the pre-defined script on session termination. This is selected by default.
Allow Password Caching
Specifies to support automatic reconnection without the need to provide credentials again. This is cleared by default.
Save Password Method
Password method, selected from a list.
Specifies the location to cache the user's password securely. Select
diskto cache the user's password (in encrypted form) securely on the disk where it is persisted even after the system is restarted or Edge Client is restarted. Select
memoryto cache the user's password within the BIG-IP Edge Client application for automatic reconnection purposes.
Password Cache Expiration (minutes)
Unsigned integer with value between
Specifies the number of minutes until the password expires. The default value is 240.
Client component update, selected from a list.
Specifies how Windows and Mac Edge Clients associated with this connectivity profile get secure access client component updates. Select
yesto automatically update client components when available, select
promptto prompt before installing updates, and select
noto neither prompt nor install updates.
An OAuth provider, selected from a list.
Specifies the OAuth provider. If you select
None, OAuth configuration is disabled.
Specifies the OAuth Client ID identifier. The client identifier is not a secret and is exposed by the BIG-IP APM virtual server. OAuth configuration is disabled if client ID is not specified.
Text. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings defined by the authorization server.
Specifies the scopes that will be requested by the client. All printable ASCII characters are allowed excluding quote (") and backslash (\).
Complete Redirection URI
Specifies the optional URI for OAuth client to be directed to when authentication completes or fails. The default APM page is used if this URI is not specified. The URI should start with "https://", "http://" or "/".
Specifies an alternative name of the host name.
Specifies the host name of the APM server to provide to the end-user when the client connects.
Location DNS List
Location DNS Name
Specifies the DNS suffixes that are in the local network. With
Auto-Connectselected, Edge Client uses the DNS suffixes to automatically connect when a client is not on the local network (not on the list) and automatically disconnect when the client is on the local network.