Manual Chapter : F5 Access Apps

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0
Manual Chapter

F5 Access Apps

Overview: Configuring APM for F5 Access Apps

F5 Access for Android, F5 Access for iOS, and F5 Access for Chrome OS enable secure network access for supported mobile clients. Previously, the Android and iOS products were called BIG-IP®Edge Client® for Android and BIG-IP Edge Client for iOS. For the clients to connect, you need a Network Access configuration on BIG-IP Access Policy Manager®. The Network Access Wizard creates a Network Access configuration with authentication, an access policy, and a virtual server with connectivity and access profiles.
You might need to update the connectivity profile or the network access resource to complete the configuration on APM®. Optionally, you can also configure SSO and ACLs, and add items to the access policy to enable SSO and enforce ACLs.

Task summary

Running the Network Access Setup wizard

Your DNS server must be configured to resolve internal addresses with DNS.
Configure Access Policy Manager to provide users with full network access when they use BIG-IP Edge Client for iOS or BIG-IP Edge Client for Android.
You must specify either the DNS Default Domain Suffix or the DNS Address Space in the Network Access configuration. Otherwise, the system cannot resolve internal DNS addresses.
  1. On the Main tab, click
    Wizards
    Device Wizards
    .
    The Device Wizards screen opens.
  2. Select
    Network Access Setup Wizard for Remote Access
    , and then click
    Next
    .
    Follow the instructions in the wizard to create your access policy and virtual server.
  3. To ensure that Edge Apps can connect from supported mobile devices, for
    Client Side Checks
    , clear the
    Enable Antivirus Check in Access Policy
    check box.
    Follow the instructions in the wizard to create your access policy and virtual server.
  4. To specify the
    DNS Address Space
    setting, on the Network Access screen perform these substeps:
    1. From
      Traffic Options
      , select
      Force Use split tunneling for traffic
      .
      Additional settings display.
    2. In the
      DNS Address Space
      setting, for each address space, type the address in the form
      site.siterequest.com
      or
      *.siterequest.com
      , and click
      Add
      .
  5. On the DNS Hosts screen, you can type a value in the
    DNS Default Domain Suffix
    field.
  6. After you complete the wizard screens and create the configuration, on the Setup Summary screen click
    Finished
    .
You now have a network access configuration that supports BIG-IP Edge Client for mobile devices. All configuration object names are prefixed with the policy name that you entered in the wizard.

Configuring a connectivity profile for F5 Access for iOS

A connectivity profile automatically contains default settings for F5 Access for iOS. You should configure the connectivity profile settings to fit your situation.
  1. On the Main tab, click
    Access
    Connectivity / VPN
    Connectivity
    Profiles
    .
    A list of connectivity profiles displays.
  2. Select the connectivity profile that you want to update and click
    Edit Profile
    .
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  3. From Mobile Client Settings in the left pane, select
    iOS Edge Client
    .
    Settings for the iOS Edge Client display in the right pane.
  4. To enable users to save their passwords for reconnection purposes within a specified time period, select the
    Allow Password Caching
    check box.
    The additional fields in the area become available.
  5. To enable device authentication on the client, select
    Require Device Authentication
    .
  6. For
    Save Password Method
    , specify how to perform password caching:
    • To allow the user to save the encrypted password on the device without a time limit, select
      disk
      .
    • To specify that the user password is cached in the application on the user's device for a configurable period of time, select
      memory
      .
    If you select
    memory
    , the
    Password Cache Expiration (minutes)
    field becomes available.
  7. If the
    Password Cache Expiration (minutes)
    field displays, type the number of minutes you want the password to be cached in memory.
  8. In the
    On Demand Disconnect Timeout (minutes)
    field, retain the default
    2
    , or type a different number of minutes before VPN on demand times out.
  9. To force the app to use a selected logon mode and prevent users from changing it:
    1. Select the
      Enforce Logon Mode
      check box.
    2. From the
      Logon Method
      list, select
      web
      or
      native
      .
    This feature is supported with F5 Access for iOS and F5 Access for Android.
  10. Click
    OK
    .
    The popup screen closes, and the Connectivity Profile List displays.
You have now configured the security settings for BIG-IP Edge Client for iOS.
To provide functionality with a connectivity profile, you must add the connectivity profile and an access profile to a virtual server.

Configuring a connectivity profile for F5 Access for Android

A connectivity profile automatically contains settings for F5 Access for Android. You should configure the settings to fit your situation.
  1. On the Main tab, click
    Access
    Connectivity / VPN
    Connectivity
    Profiles
    .
    A list of connectivity profiles displays.
  2. Select the connectivity profile that you want to update and click
    Edit Profile
    .
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  3. From Mobile Client Settings in the left pane, select
    Android Edge Client
    .
    Settings for the Android Edge Client display in the right pane.
  4. To enable users to save their passwords for reconnection purposes within a specified time period, select the
    Allow Password Caching
    check box.
    The additional fields in the area become available.
  5. For
    Save Password Method
    , specify how to perform password caching:
    • To allow the user to save the encrypted password on the device without a time limit, select
      disk
      .
    • To specify that the user password is cached in the application on the user's device for a configurable period of time, select
      memory
      .
    If you select
    memory
    , the
    Password Cache Expiration (minutes)
    field becomes available.
  6. If the
    Password Cache Expiration (minutes)
    field displays, type the number of minutes you want the password to be cached in memory.
  7. To enhance security on the client, retain the selection of the
    Enforce Device Lock
    check box (or clear the check box).
    This check box is selected by default. Edge Portal and Edge Client support password locking, but do not support pattern locking. If you clear this check box, the remaining settings in the area become unavailable.
  8. For
    Device Lock Method
    , retain the default
    numeric
    , or select a different method from the list.
  9. For
    Minimum Passcode Length
    , retain the default
    4
    , or type a different passcode length.
  10. For
    Maximum Inactivity Time (minutes)
    , retain the default
    5
    , or type a different number of minutes.
  11. To force the app to use a selected logon mode and prevent users from changing it:
    1. Select the
      Enforce Logon Mode
      check box.
    2. From the
      Logon Method
      list, select
      web
      or
      native
      .
    This feature is supported with F5 Access for iOS and F5 Access for Android.
  12. Click
    OK
    .
    The popup screen closes, and the Connectivity Profile List displays.
You have now configured the security settings for BIG-IP Edge Client for Android.