F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IP APM
  4. BIG-IP Access Policy Manager: Edge Client and Application Configuration
  5. BIG-IP Edge Client for Mac
Manual Chapter : BIG-IP Edge Client for Mac

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 11.4.1, 11.4.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

About client installation on Macintosh systems

The BIG-IP® Access Policy Manager ®(APM) includes network access support for remote Mac OS X clients. You can use APM® for secure remote access in mixed-platform environments. You do not need to preinstall or preconfigure any client software if the client allows installation of the required browser components.

The first time a remote user starts network access, the BIG-IP APM downloads a client component. This client component is designed to be self-installing and self-configuring, but the user's browser must have Java enabled on Macintosh systems. If the browser does not support this requirement, the BIG-IP APM prompts the user to download the controller client component from the controller and install it manually.
Note: The remote user must have superuser authority, or must be able to supply an administrative password in order to successfully install the network access client.
The Macintosh systems must also include PPP support; (this is most often the case). When the user runs the network access client and makes a connection for the first time, the client detects the presence of PPPD (Point-to-Point Protocol Daemon), and determines whether the user has the necessary permissions to run it. If PPPD is not present, or if the user does not have permissions needed to run the daemon, the connection fails.

After installation, the Macintosh client must restart the browser before starting network access.

Overview: Configuring APM for BIG-IP Edge Client for Mac

To use the BIG-IP® Edge Client® for Mac, you must configure settings for the Mac Edge Client in a connectivity profile on Access Policy Manager®. The connectivity profile for a Mac includes Win/Mac Edge Client settings:

  • The list of servers to display on the BIG-IP Edge Client.
  • DNS settings for location-awareness for mobile clients, such as laptops that roam.
A Mac client package is attached to the connectivity profile. You can customize it. You can also download and distribute it.

Task summary

Customizing a connectivity profile for Mac Edge Clients

You must create a connectivity profile before you start this task.
A connectivity profile automatically contains settings for BIG-IP® Edge Client® for Macintosh. You update the settings to specify how to handle password caching and component updates, to specify the servers to display on the clients, and to supply DNS names to support location awareness.
  1. On the Main tab, click Access Policy > Secure Connectivity. A list of connectivity profiles displays.
  2. Select the connectivity profile that you want to update and click Edit Profile. The Edit Connectivity Profile popup screen opens and displays General Settings.
  3. From the left pane, select Win/Mac Edge Client. Edge Client action and password caching settings display in the right pane.
  4. Set Edge Client action settings:
    1. Optional: Retain the default (selected) or clear the Save Servers Upon Exit check box. The setting specifies whether the BIG-IP Edge Client maintains a list of recently used Access Policy Manager servers. The BIG-IP Edge Client always lists the servers defined in the connectivity profile, and sorts the list of servers by most recent access, whether this option is selected or not. However, the BIG-IP Edge Client lists user-entered servers only if this option is selected.
  5. Set password caching settings for enhanced security:
    1. Optional: Select the Allow Password Caching check box. This check box is cleared by default. The remaining settings on the screen become available.
    2. Optional: Select disk or memory from the Save Password Method list. If you select disk, an encrypted password is saved on disk and cached when the system reboots or when the BIG-IP Edge Client is restarted. If you select memory,  the BIG-IP Edge Client caches the user's password within the BIG-IP Edge Client application for automatic reconnection purposes. If you select memory, the Password Cache Expiration (minutes) field displays with a default value of 240.
    3. If the Password Cache Expiration (minutes) field displays, retain the default value or type the number of minutes to save the password in memory.
    4. From the Component Update list, select yes (default) or no. If you select yes, APM updates the BIG-IP Edge Client software automatically on the Mac client when newer versions are available.
  6. From the left pane, select Server List. A table displays in the right pane.
  7. Specify the servers that you want defined in the client downloads. The servers you add here appear as connection options in the BIG-IP Edge Client.
    1. Click Add. A table row becomes available for update.
    2. You must type a host name in the Host Name column. Typing an alias in the Alias column is optional.
    3. Click Update. The new row is added at the top of the table.
    4. Continue to add servers and when you are done, click OK.
  8. From the left pane, select Location DNS List. A table is displayed in the right pane.
  9. Specify DNS suffixes that are considered to be in the local network. DNS suffixes specified here conform to the rules specified for the local network. When the BIG-IP Edge Client is configured to use the option Auto-Connect , the client connects when the systems DNS suffix is not one defined on this list. When the client DNS suffix does appear on this list, the client automatically disconnects. If you do not specify any DNS suffixes, the option  Auto-Connect  does not appear in the downloaded client.
    1. Click Add. An update row becomes available.
    2. Type a name and click Update. The new row displays at the top of the table.
    3. Continue to add DNS names and, when you are done, click OK.
  10. Click OK. The popup screen closes, and the Connectivity Profile List displays.
The connectivity profile appears in the list.
To provide functionality with a connectivity profile, you must add the connectivity profile and an access profile to a virtual server.

Customizing the Mac client package for BIG-IP Edge Client

You must create a connectivity profile before you start this task.
You customize a Mac client package for a connectivity profile to specify BIG-IP® Edge Client® settings for the Mac.
  1. On the Main tab, click Access Policy > Secure Connectivity. A list of connectivity profiles displays.
  2. Select a connectivity profile.
  3. Click the arrow on the Customize Package button and select Mac. The Customize Mac Client Package screen displays.
  4. Retain the selection or clear the Auto launch BIG-IP Edge Client after User Log In check box.
  5. Click OK. The popup screen closes, and the Connectivity Profile List displays.
The customized package, BIGIPMacEdgeClient.zip, is downloaded to your client. It is available for you to distribute, if needed. The customized package is downloaded to clients automatically only when the Windows/Mac Edge Client settings in related connectivity profile allow password caching and component updates.
If you plan to distribute Mac client packages to your users and you customize Mac client packages with different settings for different connectivity profiles, you need to rename or otherwise organize the packages. Otherwise, your download location contains packages named BIGIPMacEdgeClient.zip, BIGIPMacEdgeClient.zip(1), and so on.

Downloading the Mac client package for the BIG-IP Edge Client

You can download a Mac Client package and distribute it to clients whose configuration does not allow an automatic download.
Note: If you already customized a Mac Client package for a connectivity profile, a customized package file, BIGIPMacEdgeClient.exe, was downloaded to your system. If you cannot find the package, use this procedure.
  1. On the Main tab, click Access Policy > Secure Connectivity. A list of connectivity profiles displays.
  2. Select a connectivity profile.
  3. Click the arrow on the Customize Package button and select Mac. The Customize Mac Client Package screen displays.
  4. Click Download. The screen closes and the package, BIGIPMacEdgeClient.zip, downloads.
The customized package, BIGIPMacEdgeClient.zip, is downloaded to your client. It is available for you to distribute, if needed. The customized package is downloaded to clients automatically only when the Windows/Mac Edge Client settings in the related connectivity profile allow password caching and component updates.

Overview: Installing and using BIG-IP Edge Client for Mac

The first time a remote user starts network access, the BIG-IP® Access Policy Manager ® (APM) downloads a client component. This client component is designed to be self-installing and self-configuring, but the user's browser must have Java enabled on Macintosh systems. If the browser does not support this requirement, the BIG-IP® APM® prompts the user to download the controller client component from the controller and install it manually.
Note: The remote user must have superuser authority, or must be able to supply an administrative password in order to successfully install the network access client.

The Mac system must also include PPP support (this is most often the case). When the user runs the network access client and makes a connection for the first time, the client detects the presence of PPPD (Point-to-Point Protocol Daemon), and determines whether the user has the necessary permissions to run it. If PPPD is not present, or if the user does not have permissions needed to run the daemon, the connection fails.

After installation, the Macintosh client must restart the browser before starting network access.

Task summary

About establishing client connections from a Mac system

You can initiate connections through network access from Macintosh OS X, by connecting to the virtual server address using a supported browser, or by starting the BIG-IP® Edge Client®.

Configuring applications to start on a Mac OS client

The launch application feature specifies a client application that starts when the client begins a network access session. You can use this feature when you have remote clients who routinely use network access to connect to an application server, such as a mail server.
  1. On the Main tab, click Access Policy > Network Access > Network Access List. The Network Access List screen opens.
  2. In the Name column, click the name of the network access resource you want to edit.
  3. To configure applications to start for clients that establish a network access connection with this resource, click Launch Applications on the menu bar.
  4. Click Add to add an application list.
  5. In the Application Path field, type open .
  6. In the Parameters field, type a parameter. For example, type -a/Applications/ie.app http://www.f5.com.
  7. From the Operating System list, select Mac.
  8. Click Finished to add the configuration.
Now when remote users with assigned resources make a network access connection, the application you configured starts automatically.

Editing the log level in the configuration file for Mac OS

You can edit log settings in the configuration file on Mac OS systems.
  1. In the ~/Library/F5Networks. directory, open the f5networks.conf file.
  2. Edit the settings to change the log level. For debugging purposes, set the values to 5.

Supported network access features for Mac and Linux clients

BIG-IP Access Policy Manager supports all of the primary network access features on Macintosh and Linux clients, except for Drive Mappings and some client checks.

Feature Notes
Secure remote access to an internal network Includes support for IP-based applications.
Split tunneling Only network traffic that you specify goes through the network access connection.
IP address filtering with connection-based ACL Allows you to restrict groups of users to specific addresses, ranges of addresses, and ports.
DNS Servers  
DNS Suffixes  
Allow local subnets Includes forcing all traffic through the tunnel.
Application launching You must configure the starting of remote client applications based on the operating system on the remote computers. You can configure all other features independent of the remote client operating systems.

VPN component installation and log locations on Mac OS

On Macintosh operating systems, you install the VPN components and write VPN logs to the locations listed in the table.

VPN component Location
Network Access plugin /Library/Internet Plugins/
Endpoint Security (client checks) ~/Library/Internet Plugins/
VPN logs are written to the following directory: ~/Library/F5Networks.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information