Manual Chapter :
Defining Connectivity Options
Applies To:
Show VersionsBIG-IP APM
- 16.0.1, 16.0.0
Defining Connectivity Options
About connectivity
profiles and Network Access
A connectivity profile defines connectivity and client settings for a
Network Access session.
A connectivity profile contains:
- Compression settings for network access connections and application tunnels
- Citrix client settings
- Virtual servers and DNS-location awareness settings for BIG-IP Edge Client® for Windows, Mac, and Linux
- Password caching settings for BIG-IP Edge Client for Windows, Mac, and mobile clients
- Settings for mobile clients
A connectivity profile is also associated with customizable client
download packages for Edge Client for Windows and Edge Client for Mac.
Create a connectivity profile for access tunnels and
clients
You create a connectivity profile to
configure client connections for a network access tunnel, application access tunnel, and
clients.
- On the Main tab, click.A list of connectivity profiles displays.
- ClickAdd.The Create New Connectivity Profile popup screen opens and displays General Settings.
- Type aProfile Namefor the connectivity profile.
- Select aParent Profilefrom the list.APM provides a default profile,/Common/connectivity.
- Select aFEC Profilefrom the list.This setting is optional.You can select a previously configured FEC profile only when FEC is included in the BIG-IP system.
- From the Compression Settings folder, clickNetwork Accessand make changes to the network access compression settings.The settings specify compression settings for network access tunnels.The default settings are displayed in the right pane.
- From the Compression Settings folder, clickApp Tunneland make changes to the application tunnel compression settings.The settings specify available compression codecs for server-to-client connections. By default, compression is enabled, but no codecs are selected in the Available Codecs area.The default settings are displayed in the right pane.
- ClickCitrix Client Settingsfolder to specify the Citrix client bundle. A Citrix client bundle enables delivery of a Citrix Receiver client to a user's Windows computer when a client is not currently installed, or when a newer client is available. By default, a connectivity profile includes the default Citrix bundle, /Common/default-citrix-client-bundle, which contains a download URL, receiver.citrix.com.
- To configure security settings, servers, OAuth settings, and location-awareness for BIG-IP Edge Client for Windows and macOS, clickWin/Mac Edge Client. Edge Client settings for Mac and Windows-based systems display in the right pane.Refer sectionsConfiguring a connectivity profile for Edge Clientfor Windows and macOS in theBIG-IP Access Policy Manager: Edge Client and Application Configurationfor more details.
- Retain the default (selected) or clear theSave Servers Upon Exitcheck box to specify Edge Client to maintain a list of recently used user-entered APM servers.
- To enable the client to try to use the Windows logon session for an APM session also, select theReuse Windows Logon Sessioncheck box.
- To enable the client to try to use the credentials that they typed for Windows logon in an APM session also, select theReuse Windows Logon Credentialscheck box.To support this option, you must also include theUser Logon Credentials Access Servicein the Windows client package for this connectivity profile, and you must ensure that the access policy includes an uncustomizedLogon Pageaction.
- To enable the client to launch an administrator-defined script on session termination, select theRun session log off scriptcheck box.
- To enable the client to display a warning before launching the pre-defined script on session termination, selectShow warning to user before launching scriptcheck box.
- To support automatic reconnection without the need to provide credentials again, select theAllow Password Cachingcheck box.
- To cache the user's password securely on thediskor in thememory, select the location to save from theSave Password Methodlist. If you selectmemory, thePassword Cache Expiration (minutes)field displays with a default value of 240. You can either retain the default value or type the number of minutes to save the password in memory.
- To enable automatic download and update of client packages, from theComponent Updatelist, selectyes(default).
- ClickOAuth Settingsin the left pane to specify optional OAuth settings that Edge Client will use for authenticating Native Apps using OpenID Connect specification. When OAuth is configured, the end-users are required to authenticate via the OAuth authentication flow. This OIDC support provides consistent authentication experience by enabling two-factor verification and Single Sign-On across Browser and Edge Client. Refer sectionConfiguring policies for OAuth client and resource serverin theBIG-IP Access Policy Manager: OAuth Concepts and Configurationfor details on adding an OAuth Resource Server to the access policy.BIG-IP 16.0.0 includes ability to configure OAuth settings that will work only with a compatible version of client (7.2.1 or above).For security reasons, when configuring for OAuth settings, ensure that the BIG-IP local traffic policy enforces HTTPS by redirecting HTTP requests to HTTPS for a virtual server on the BIG-IP system. Refer OIDC RFC for details on OAuth 2.0 Authorization Framework.
- Select the OAuth provider in theProviderlist. If you selectNone, OAuth configuration is disabled.
- Specify the OAuth Client ID identifier in theClient IDfield. OAuth configuration is disabled if the client ID is not specified.
- Specify the scopes that will be requested by the client in theScopesfield. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings defined by the authorization server. When using multiple strings, the order does not matter. All printable ASCII characters are allowed excluding quote (") and backslash (\).
- In theComplete Redirection URIfield, enter the optional URI for OAuth client to be directed to when authentication completes or fails. The default APM page is used if this URI is not specified.
- ClickServer Listin the left pane to specify the list of APM servers to provide when the client connects. The servers you add here display as connection options in the BIG-IP Edge Client.
- ClickLocation DNS Listin the left pane to specify DNS suffixes that are in the local network. Providing a list of DNS suffixes for the download package enables Edge Client to support the auto-connect option. WithAuto-Connectselected, Edge Client uses the DNS suffixes to automatically connect when a client is not on the local network (not on the list) and automatically disconnect when the client is on the local network.
- TheMobile Client Settingsfolder in the left pane contains settings to configure F5 Access for iOS and Android and Edge Portal for iOS and Android. A connectivity profile contains default settings for mobile clients, but you can configure them to fit your situation.Refer sectionsConfiguring a connectivity profile for Edge Portalfor iOS and Android andConfiguring a connectivity profile for F5 Accessfor iOS and Android in theBIG-IP Access Policy Manager: Edge Client and Application Configurationfor more details.
- ClickOK.The popup screen closes, and the Connectivity Profile List displays.
To provide functionality with a connectivity profile, you must add the connectivity profile and an access profile to a virtual server.
About connectivity
profile compression settings
Compression settings specify the available compression codecs for
server-to-client connections. The server compares the available compression types configured in
the connectivity profile with the available compression types on the client, and chooses the most
effective mutual compression setting.
Connectivity profile general settings
You can configure the following general settings in a connectivity profile.
Profile setting | Value | Description |
---|---|---|
Profile Name | Text. | Text specifying name of the connectivity profile. |
Parent Profile | A connectivity profile, selected from a list. | A profile inherits settings from its parent profile. |
FEC Profile | A forward error correcting (FEC) profile, selected from a list. | A FEC profile applies to a network access tunnel.
FEC profiles might not be available on all BIG-IP systems. |
Description | Text. | Text description of the connectivity profile. |
Partition | Text. | Text specifying the partition and path in which the profile is stored and
used. |
Connectivity profile network access compression settings
You can configure the following network access compression settings in a connectivity
profile.
Setting | Value | Description |
---|---|---|
Compression Buffer Size | Number of bytes. The default is 4096 . | Specifies the size of the output buffers containing compressed data. |
gzip Compression Level | A preset, or a value between 1 and
9 . | Specifies the degree to which the system compresses the content. Higher compression
levels cause the compression process to be slower and the result to be more compressed. The
default compression level is 6 - Optimal Compression (Recommended) ,
which provides a balance between level of compression and CPU processing time. You can also
select compression level 1 - Least Compression (Fastest) , the lowest
amount of compression, which requires the least processing time, or 9 - Most
Compression (Slowest) , the highest level of compression, which requires the most
processing time. You can also select a number between 1 and
9 . |
gzip Memory Level | 1 -256 kb. | Specifies the number of kilobytes of memory that the system uses for internal
compression buffers when compressing data. You can select a value between
1 and 256 . |
gzip Window Size | 1 -128 kb. | Specifies the number of kilobytes in the window size that the system uses when
compressing data. You can select a value between 1 and
128 . |
CPU Saver | Selected or cleared. | Specifies, when enabled, that the system monitors the percentage of CPU usage and
adjusts compression rates automatically when the CPU usage reaches either the
High value or the Low Value. |
High | Percentage | Specifies the percentage of CPU usage at which the system starts automatically
decreasing the amount of content being compressed, as well as the amount of compression which
the system is applying. |
Low | Percentage | Specifies the percentage of CPU usage at which the system resumes content compression
at the user-defined rates. |
Connectivity profile application tunnel compression settings
You can configure the following application tunnel compression settings in a connectivity
profile.
Setting | Value | Description |
---|---|---|
Compression | Enable or Disable | Specifies the available compression codecs for server-to-client connections. The
server compares the available compression types configured here, with the available compression
types on the client, and chooses the most effective mutual compression setting. |
Adaptive Compression | Enable or Disable | Specifies whether to enable to disable adaptive compression between the client and the
server. |
Deflate Level | From 1 to 9 | Specifies a compression level for deflate compression. Higher numbers compress more,
at the cost of more processing time. |
lzo | Enable or Disable | Specifies LZO compression. LZO compression offers a balance between CPU resources and
compression ratio, compressing more than Deflate compression, but with less CPU resources than
Bzip2. |
deflate | Enable or Disable | Specifies deflate compression. Deflate compression uses the least CPU resources, but
compresses the least effectively. |
bzip2 | Enable or Disable | Specifies Bzip2 compression. Bzip2 compression uses the most CPU resources, but
compresses the most effectively. |
Connectivity profile Win/Mac Edge Client settings
You can configure the following Windows and Mac Edge Client
settings in a connectivity profile.
Setting | Value | Description |
---|---|---|
Save Servers Upon Exit | Enable or Disable | Specifies whether Edge Client
maintains a list of recently used user-entered APM servers. Edge Client always lists the
servers that are defined in the connectivity profile, and sorts them by most recent
access, whether this option is selected or not. This is selected by default. |
Reuse Windows Logon Session | Enable or Disable | Specifies to enable the client to
reuse the Windows logon session for an APM session too. This is cleared by default. |
Reuse Windows Logon Credentials | Enable or Disable | Specifies to enable the client to
reuse the credentials that end-users typed for Windows logon for the APM session too. This
is cleared by default. |
Run session log off script | Enable or Disable | Specifies to enable the client to
launch an administrator-defined script on session termination. This
is cleared by default. The administrator specifies parameters
which are passed by Edge Client to the script file. These parameters are
defined by the session variable session.edgeclient.scripting.logoff.params . The client
retrieves parameters from BIG-IP after session establishment. The
administrator has the flexibility to set up variable values according to
policy branching. Each time the Edge Client closes an APM session, the
configured script is invoked. On Windows, the script is located at
C:\Program Files\F5
VPN\scripts\onSessionTermination.bat . |
Show warning to user before launching script | Enable or Disable | Specifies to enable the client to
display a warning before launching the pre-defined script on session termination. This is
selected by default. |
Allow Password Caching | Enable or Disable | Specifies to support automatic
reconnection without the need to provide credentials again. This is cleared by default. |
Save Password Method | Password method, selected from a
list. | Specifies the location to cache
the user's password securely. Select disk to cache the user's
password (in encrypted form) securely on the disk where it is persisted even after the
system is restarted or Edge Client is restarted. Select memory to
cache the user's password within the BIG-IP Edge Client application for automatic
reconnection purposes. |
Password Cache Expiration (minutes) | Unsigned integer with value
between 0 and 4294967295 . | Specifies the number of minutes
until the password expires. The default value is 240. |
Component Update | Client component update,
selected from a list. | Specifies how Windows and Mac Edge
Clients associated with this connectivity profile get secure access client component
updates. Select yes to automatically update client components when
available, select prompt to prompt before installing updates, and
select no to neither prompt nor install updates. |
OAuth Settings
Specifies optional
OAuth Settings
that Edge Client will use for authentication. Setting | Value | Description |
---|---|---|
Provider | An OAuth provider, selected from
a list. | Specifies the OAuth provider. If
you select None , OAuth
configuration is disabled. |
Client ID | Text. | Specifies the OAuth Client ID
identifier. The client identifier is not a secret and is exposed by the BIG-IP APM virtual
server. OAuth configuration is disabled if client ID is not specified. |
Scopes | Text. The value of the scope
parameter is expressed as a list of space-delimited, case-sensitive strings defined by the
authorization server. | Specifies the scopes that will be
requested by the client. All printable ASCII characters are allowed excluding quote (")
and backslash (\). |
Complete Redirection URI | Text. | Specifies the optional URI for
OAuth client to be directed to when authentication completes or fails. The default APM
page is used if this URI is not specified. The URI should start with "https://", "http://"
or "/". |
Server List
Specifies virtual servers for the connectivity profile.
Setting | Value | Description |
---|---|---|
Alias | Text. | Specifies an alternative name of
the host name. |
Host Name | Text. | Specifies the host name of the APM
server to provide to the end-user when the client connects. |
Location DNS List
Specifies DNS suffixes that are considered to be in the local, or internal network.
Setting | Value | Description |
---|---|---|
Location DNS Name | Text. | Specifies the DNS suffixes that
are in the local network. With Auto-Connect selected, Edge Client uses the DNS suffixes to automatically
connect when a client is not on the local network (not on the list) and automatically
disconnect when the client is on the local network. |