Manual Chapter :
BIG-IP Edge Client and F5 Access for
macOS
Applies To:
Show Versions
BIG-IP APM
- 15.0.1, 15.0.0, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
BIG-IP Edge Client and F5 Access for
macOS
Requirements for client installation and use on Mac
The table lists requirements for installing and using client components on a macOS
system. These requirements apply to the Network Access client component that is downloaded from
the browser and to BIG-IP
Edge Client for Mac and F5 Access for macOS.
Requirement |
Specification |
---|---|
Browser |
For App Tunnels to work, the browser must have Java enabled. For installation,
Java is optional. The client uses Java to streamline the installation process only.
Without Java, users can manually download and install the client packages. Java App Tunnels are supported on Edge Client only. |
Installation privilege |
The remote user must have superuser authority, or, must be able to supply an
administrative password to successfully install the Network Access client. |
About browser-based connections from Linux, Mac, and Windows clients
For Linux, Mac OS X, and Windows-based systems, the Network Access client component is
available for automatic download from the BIG-IP® system.
The client component supports secure remote web-based access to the network. It
is not the same as the customizable client package that is associated with the connectivity
profile.
The first time a remote user starts Network Access, APM® downloads a
client component. This client component is designed to be self-installing and self-configuring.
If the browser does not meet certain requirements, APM prompts the user to download the client
component and install it manually.
Overview: Configuring and installing Edge Client for Mac
Users of BIG-IP®
Edge Client®for Mac can connect securely and automatically to your network
while roaming using the automatic reconnect, password caching, and location awareness features of
Edge Client. You can customize the client package; you must download it and make it available to
users as hosted content on the BIG-IP system, or through another delivery mechanism.
Task summary
About Edge Client
location awareness
The BIG-IP Edge Client provides a location-awareness feature. Using
location awareness, the client connects automatically only when it is not on a specified
network. The administrator specifies the networks that are considered in-network, by adding
DNS suffixes to the connectivity profile. With a location-aware client enabled, a user with
a corporate laptop can go from a corporate office, with a secured wireless or wired network
connection, to an offsite location with a public wireless network connection, and maintain
a seamless connection to allowed corporate resources. Network location-awareness can be
triggered to run because of various reasons, such as IP changes and network interfaces
starting up or shutting down. In reconnect mode, Edge Client might briefly establish a VPN
tunnel before the network location-awareness feature can disconnect it. The Edge Client
matches DNS suffixes reported by the system API to detect network location.
During a network
switch, such as changing Wifi connections, Edge Client with network location-awareness must
detect whether the new connection is local or remote. During this detection timeframe,
there is a brief amount of time that Edge Client does not block certain external websites
and can be reachable during the network switch.
About Edge Client
automatic reconnection
BIG-IP Edge Client provides an automatic reconnection feature.
This feature attempts to automatically reconnect the client system to corporate network
resources whenever the client connection drops or ends prematurely.
Configuring a connectivity profile for Edge Client for Mac
Update the connectivity profile in your Network Access configuration to configure security settings, servers, and location-awareness for BIG-IP Edge Client for Mac.
- On the Main tab, click.A list of connectivity profiles displays.
- Select the connectivity profile that you want to update and clickEdit Profile.The Edit Connectivity Profile popup screen opens and displays General Settings.
- From the left pane of the popup screen, selectWin/Mac Edge Client.Edge Client settings for Mac and Windows-based systems display in the right pane.
- Retain the default (selected) or clear theSave Servers Upon Exitcheck box.Specifies whether Edge Client maintains a list of recently used user-entered APM servers. Edge Client always lists the servers that are defined in the connectivity profile, and sorts them by most recent access, whether this option is selected or not.
- To enable the client to launch an administrator-defined script on session termination, selectRun session log off scriptcheck box. The administrator specifies parameters which are passed by Edge Client to the script file. These parameters are defined by the session variablesession.edgeclient.scripting.logoff.params. The client retrieves parameters from BIG-IP after session establishment. The administrator has the flexibility to set up variable values according to policy branching. Each time the Edge Client closes an APM session, the configured script is invoked. On macOS, the script is located at/Library/Application Support/F5Networks/EdgeClient/Scripting/onSessionTermination.bat.TheRun session log off scriptcheck box is cleared by default.
- To enable the client to display a warning before launching the pre-defined script on session termination, selectShow warning to user before launching scriptcheck box.This is selected by default.
- To support automatic reconnection without the need to provide credentials again, allow password caching.
- Select theAllow Password Cachingcheck box.This check box is cleared by default.The remaining settings on the screen become available.
- To require device authentication to unlock the saved password, selectRequire Device Authentication.This option links the option to use a saved password to a device authentication method. Supported device authentication methods include PIN, passphrase, and biometric (fingerprint) authentication on iOS and Android. Android devices also support pattern unlocking.
- From theSave Password Methodlist, selectdiskormemory.If you selectdisk, Edge Client caches the user's password (in encrypted form) securely on the disk where it is persisted even after the system is restarted or Edge Client is restarted.If you selectmemory, Edge Client caches the user's password within the BIG-IP Edge Client application for automatic reconnection purposes.If you selectmemory, thePassword Cache Expiration (minutes)field displays with a default value of 240.
- If thePassword Cache Expiration (minutes)field displays, retain the default value or type the number of minutes to save the password in memory.
- To enable automatic download and update of client packages, from theComponent Updatelist, selectyes(default).If you selectyes, APM updates Edge Client software automatically on the client system when newer versions are available.
- Specify the list of APM servers to provide when the client connects.The servers you add here display as connection options in the BIG-IP Edge Client.Users can select from these servers or they can type a hostname.
- From the left pane of the popup screen, selectServer List.A table displays in the right pane.
- ClickAdd.A table row becomes available for update.
- You must type a host name in theHost Namefield.Typing an alias in theAliasfield is optional.
- ClickUpdate.The new row is added at the top of the table.
- Continue to add servers, and when you are done, clickOK.
- Specify DNS suffixes that are considered to be in the local network.Providing a list of DNS suffixes for the download package enables Edge Client to support the autoconnect option. WithAuto-Connectselected, Edge Client uses the DNS suffixes to automatically connect when a client is not on the local network (not on the list) and automatically disconnect when the client is on the local network.
- From the left pane of the popup screen, selectLocation DNS List.Location DNS list information is displayed in the right pane.
- ClickAdd.An update row becomes available.
- Type a name and clickUpdate.Type a DNS suffix that conforms to the rules specified for the local network.The new row displays at the top of the table.
- Continue to add DNS names and when you are done, clickOK.
- ClickOK.The popup screen closes, and the Connectivity Profile List displays.
Customizing a downloadable client package for Mac
Customize a macOS client package for a
connectivity profile to specify whether to launch BIG-IP Edge Client after a user logs
in to the Mac.
- On the Main tab, click.A list of connectivity profiles displays.
- Select a connectivity profile.
- Click the arrow on theCustomize Packagebutton and selectMac.The Customize Mac Client Package screen displays.
- Retain the selection or clear theAuto launch BIG-IP Edge Client after User Log Incheck box.
- Click Download.The customized package,BIGIPMacEdgeClient.zip, is downloaded to your client. It is available for you to distribute.
If you plan to distribute Mac client packages to your users and you customize
multiple Mac client packages (for different connectivity profiles), you need to rename
or otherwise organize the packages. Otherwise, your download location contains packages
named
BIGIPMacEdgeClient.zip
,
BIGIPMacEdgeClient.zip(1)
, and so on.Downloading the ZIP file for Edge Client for Mac
You can download a Mac Client package and distribute it to clients.
- On the Main tab, click.A list of connectivity profiles displays.
- Select a connectivity profile.
- Click the arrow on theCustomize Packagebutton and selectMac.The Customize Mac Client Package screen displays.
- ClickDownload.The screen closes and the package,BIGIPMacEdgeClient.zip, downloads.
The ZIP file includes a Mac installer package (PKG) file and configuration settings.
Specifying applications to start on a Mac
The launch application feature specifies a client application that starts when the
client begins a Network Access session. You can use this feature when you have remote
clients who routinely use Network Access to connect to an application server, such as a
mail server.
- On the Main tab, click.The Network Access Lists screen opens.
- In the Name column, click the name of the network access resource you want to edit.
- To configure applications to start for clients that establish a Network Access connection with this resource, clickLaunch Applicationson the menu bar.
- ClickAddto add an application list.
- In theApplication Pathfield, typeopen.
- In theParametersfield, type a parameter.For example, type-a/Applications/ie.app http://www.f5.com.
- From theOperating Systemlist, selectMac.
- ClickFinishedto add the configuration.
Now when remote users with assigned resources make a Network Access connection, the
application you configured starts automatically.
Editing the log level for Edge Client on Mac
You can edit log settings in the configuration file on Mac systems.
- In the~/Library/F5Networks.directory, open thef5networks.conffile.
- Edit the settings to change the log level.For debugging purposes, set the values to 48.
About connection
options on Edge Client for Mac
User interface on a
Mac

BIG-IP®
Edge Client® for Mac user interface displays these
connection options.
- Auto-Connect
- Starts a secure access connection as it is needed. This option uses the DNS suffix information defined in the connectivity profile to determine when the computer is on a defined local network. When the computer is not on a defined local network, the secure access connection starts. When the computer is on a local network, the client disconnects, but remains active in the system tray. This option does not display if DNS suffixes were not defined.
- Connect
- Starts and maintains a secure access connection at all times, regardless of the network location.
- Disconnect
- Stops an active secure access connection, and prevents the client from connecting again until a user clicksConnectorAuto-Connect.
About Network Access features for Mac clients
Access Policy Manager (APM) supports all of the primary Network Access
features for Mac clients, except for Drive Mappings and some endpoint security features.
For endpoint security support, refer to
BIG-IP
APM Client Compatibility Matrix
on AskF5 at http://support.f5.com/
. For information about Network Access features, refer to
BIG-IP Access Policy Manager: Network Access
on AskF5 at
http://support.f5.com/
. VPN component installation and log locations on a Mac
On Macintosh operating systems, the client installs the VPN components and writes VPN
logs to the locations listed in the table.
VPN component |
Location |
---|---|
Network Access plugin |
/Library/Internet Plugins/ |
Endpoint Security (client checks) |
~/Library/Internet Plugins/ |
VPN logs are written to the following directory:
~/Library/Logs/F5Networks
.