Manual Chapter : Client changes for F5 Access

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.1, 15.0.0, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.3, 11.6.5, 11.6.4, 11.6.3, 11.5.10, 11.5.7
Manual Chapter

Client changes for F5 Access

About client changes for F5 Access

VPN Configurations do not migrate

VPN configurations created in F5 Access 2.1.x do not migrate to F5 Access 3.x. This applies to both manually created VPN configurations and configurations deployed with an MDM or with .mobileconfig files.
  • For manually created VPN configurations, users must recreate the VPN configurations manually in F5 Access 3.x.
  • For VPN configurations deployed with an MDM or .mobileconfig files, device-wide and Per-App VPN configurations deployed for F5 Access 2.1.x will not work on F5 Access 3.x. These configurations need to be re-deployed using updated VPN MDM profiles. See guidance on how to create VPN MDM profiles for F5 Access 3.x in the Managing Devices chapter, and in the Guide BIG-IP APM and F5 Access for iOS.

Changes with client certificates

All certificates that are installed in F5 Access 2.1.x are not used with F5 Access 3.x. This applies to certificates installed manually or with MDM or .mobileconfig files.

Note: To access the user guide outside of the device, refer to the F5 Access User Guide.
  • If a client certificate was manually installed by the user, the certificate must be imported again into F5 Access 3.x, using the new procedure, as described in the F5 Access User Guide on the device. Certificates in the system certificate storage are no longer used.
  • If client certificates were installed with an MDM or using a .mobileconfig file, such certificates must be reinstalled with the new VPN MDM profile. See information on how to create these VPN MDM profiles for F5 Access 3.x in the Managing Devices chapter, and in the Guide BIG-IP APM and F5 Access for iOS.

Notifications

F5 Access 3.x prompts users to allow notifications. It is important that the user Allow these notifications if your deployment presents any prompts to user, including native prompts for username and password, Web Logon prompts, and device-authentication prompts. If notifications are not allowed, these scenarios cannot complete.

Device identity information

Because of changes with iOS, in F5 Access 3.x there is no method to obtain the UDID from the device. The session variable session.client.mdm_device_unique_id is submitted during authentication, if the value for this session variable is provided in an MDM profile.

Restriction: The variable session.client.mdm_device_unique_id is submitted only on BIG-IP version 13.1.0 and later. This variable is not submitted on 11.5.1, 11.5.7, 11.6.3, or 12.1.3.

For the purpose of backwards compatibility, the same value will be submitted as session.client.unique_id too, but again, only if this value is defined by the MDM profile.

Note: This variable is submitted on all versions (11.5.1 through 14.1.0).

If the device is not enrolled with an MDM, then no value for this variable is submitted. See information on how to create VPN MDM profiles for F5 Access 3.x in the Managing Devices chapter, and in the Guide BIG-IP APM and F5 Access for iOS.