Manual Chapter :
F5 Access
Apps
Applies To:
Show Versions
BIG-IP APM
- 15.0.1, 15.0.0, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
F5 Access
Apps
Overview: Configuring APM for F5 Access
Apps
F5 Access for Android, F5 Access for iOS, and F5 Access for Chrome OS enable
secure network access for supported mobile clients.
Previously, the
Android and iOS products were called BIG-IP®
Edge Client® for Android and BIG-IP Edge Client for
iOS. For the clients
to connect, you need a Network Access configuration on BIG-IP Access Policy
Manager®. The Network Access Wizard creates a Network Access configuration with
authentication, an access policy, and a virtual server with connectivity and access profiles.
You might need to update the connectivity profile or the network access resource to complete
the configuration on APM®. Optionally, you can also configure SSO and ACLs,
and add items to the access policy to enable SSO and enforce ACLs.
Task summary
Running the Network Access Setup wizard
Your DNS server must be configured to resolve internal addresses with DNS.
Configure Access Policy Manager to provide users with full
network access when they use BIG-IP
Edge Client for iOS or BIG-IP Edge Client for Android.
You must specify either the DNS Default Domain Suffix or the DNS
Address Space in the Network Access configuration. Otherwise, the system cannot
resolve internal DNS addresses.
- On the Main tab, click.The Device Wizards screen opens.
- SelectNetwork Access Setup Wizard for Remote Access, and then clickNext.Follow the instructions in the wizard to create your access policy and virtual server.
- To ensure that Edge Apps can connect from supported mobile devices, forClient Side Checks, clear theEnable Antivirus Check in Access Policycheck box.Follow the instructions in the wizard to create your access policy and virtual server.
- To specify theDNS Address Spacesetting, on the Network Access screen perform these substeps:
- FromTraffic Options, selectForce Use split tunneling for traffic.Additional settings display.
- In theDNS Address Spacesetting, for each address space, type the address in the formsite.siterequest.comor*.siterequest.com, and clickAdd.
- On the DNS Hosts screen, you can type a value in theDNS Default Domain Suffixfield.
- After you complete the wizard screens and create the configuration, on the Setup Summary screen clickFinished.
You now have a network access configuration that supports BIG-IP Edge Client for
mobile devices. All configuration object names are prefixed with the policy name that
you entered in the wizard.
Configuring a
connectivity profile for
F5
Access for iOS
A connectivity profile automatically contains
default settings for
F5
Access for iOS. You should configure the connectivity profile settings
to fit your situation.
- On the Main tab, click.A list of connectivity profiles displays.
- Select the connectivity profile that you want to update and clickEdit Profile.The Edit Connectivity Profile popup screen opens and displays General Settings.
- From Mobile Client Settings in the left pane, selectiOS Edge Client.Settings for the iOS Edge Client display in the right pane.
- To enable users to save their passwords for reconnection purposes within a specified time period, select theAllow Password Cachingcheck box.The additional fields in the area become available.
- To enable device authentication on the client, selectRequire Device Authentication.
- ForSave Password Method, specify how to perform password caching:
- To allow the user to save the encrypted password on the device without a time limit, selectdisk.
- To specify that the user password is cached in the application on the user's device for a configurable period of time, selectmemory.
If you selectmemory, thePassword Cache Expiration (minutes)field becomes available. - If thePassword Cache Expiration (minutes)field displays, type the number of minutes you want the password to be cached in memory.
- In theOn Demand Disconnect Timeout (minutes)field, retain the default2, or type a different number of minutes before VPN on demand times out.
- To force the app to use a selected logon mode and prevent users from changing it:
- Select theEnforce Logon Modecheck box.
- From theLogon Methodlist, selectwebornative.
This feature is supported with F5 Access for iOS and F5 Access for Android. - ClickOK.The popup screen closes, and the Connectivity Profile List displays.
You have now configured the security settings for BIG-IP Edge Client for iOS.
To provide functionality with a connectivity profile, you must add the connectivity profile and an access profile to a virtual server.
Configuring a
connectivity profile for
F5
Access for Android
A connectivity profile automatically contains
settings for
F5
Access for Android. You should configure the settings to fit your
situation.
- On the Main tab, click.A list of connectivity profiles displays.
- Select the connectivity profile that you want to update and clickEdit Profile.The Edit Connectivity Profile popup screen opens and displays General Settings.
- From Mobile Client Settings in the left pane, selectAndroid Edge Client.Settings for the Android Edge Client display in the right pane.
- To enable users to save their passwords for reconnection purposes within a specified time period, select theAllow Password Cachingcheck box.The additional fields in the area become available.
- ForSave Password Method, specify how to perform password caching:
- To allow the user to save the encrypted password on the device without a time limit, selectdisk.
- To specify that the user password is cached in the application on the user's device for a configurable period of time, selectmemory.
If you selectmemory, thePassword Cache Expiration (minutes)field becomes available. - If thePassword Cache Expiration (minutes)field displays, type the number of minutes you want the password to be cached in memory.
- To enhance security on the client, retain the selection of theEnforce Device Lockcheck box (or clear the check box).This check box is selected by default. Edge Portal and Edge Client support password locking, but do not support pattern locking. If you clear this check box, the remaining settings in the area become unavailable.
- ForDevice Lock Method, retain the defaultnumeric, or select a different method from the list.
- ForMinimum Passcode Length, retain the default4, or type a different passcode length.
- ForMaximum Inactivity Time (minutes), retain the default5, or type a different number of minutes.
- To force the app to use a selected logon mode and prevent users from changing it:
- Select theEnforce Logon Modecheck box.
- From theLogon Methodlist, selectwebornative.
This feature is supported with F5 Access for iOS and F5 Access for Android. - ClickOK.The popup screen closes, and the Connectivity Profile List displays.
You have now configured the security settings for BIG-IP Edge Client for Android.