Release Notes :
APM Client 7.1.7.1
Applies To:
Show Versions
Updated Date: 03/09/2020
Summary:
Version 7.1.7.1 of the Edge Client is now available on downloads.f5.com.
Applies To: BIG-IP APM 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0
Contents:
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following pages:
Features and enhancements in 7.1.7.1
There are no features or enhancements in 7.1.7.1.
Features and Enhancements in 7.1.7
The Machine Tunnel Service is a new Desktop Client feature for Windows only. When installed on client machines as a Windows service, a machine tunnel starts during the machine boot sequence, and establishes a VPN connection to the specified APM servers in background. No user interaction or interactive Windows session is required. This can be used for several different scenarios.
- Off-premise or remote initial provisioning
- Machine tunnels can provide connectivity to the corporate datacenter when the user logs in to a corporate laptop for the very first time.
- Remote computer maintenance
- IT staff can manage the machine and update software when the user is not logged in, but the device is on and idle.
- Remote troubleshooting
- Support Staff are able to log into a user machine via a secure tunnel.
- Remote self-service
- When users forget their passwords, IT staff can use machine tunnels to reset the user passwords.
Fixes in 7.1.7.1
Fixes in 7.1.7.1
| ID Number | Description |
|---|---|
| 714628-2 | Previously, the split tunneling scope was too small to allow a large number of entries. The split tunneling scope size has been increased. |
| 737443-1, 737443-2, 739090-1,739094-1 | These fix CVE-2018-5546 (https://support.f5.com/csp/article/K54431371). The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. |
| 738704-1,737362-1 | These fix CVE-2018-5547 (https://support.f5.com/csp/article/K10015187). The logon integration component of APM window client prior to version 7.1.7.1 runs under the system account. This module throws a certificate UI dialog which contains the link to certificate policy. By clicking on this link, an unprivileged user can open an additional dialog and get access to Windows Explorer, which can be used to get Administrator privileges. |
Fixes in 7.1.7
| ID Number | Description |
|---|---|
| 610436 | Previously, when two network adapters used the same DNS Server address on Microsoft Windows version 10, there could be DNS resolution errors. Now, DNS addresses are resolved correctly with two network adapters. |
| 666497 | Korean translation strings have been corrected. |
| 673025 | Previously, when the copyright was customized, the customized copyright was not displayed in the Edge Client for macOS. This has been fixed. |
| 686718-4 | Tunnel adapter is now closed on VPN termination even when Application launch is configured. |
| 699330 | Previously, On a Fedora 27 client, f5vpn and f5epi crashed upon start. This has been fixed. |
| 700780 | Now F5 DNS Relay Proxy service clears TC flag in all proxied packets, preventing client DNS resolvers from using TCP. An appropriate log entry is printed into the service's log. |
| 700960 | Previously on Ubuntu 17.10, after disconnecting from the VPN, the default route was not restored. This has been fixed. |
| 702490 | Previously, in some situations, Windows Credential Reuse did not work, requiring the EdgeClient end user to log in separately. This issue has been fixed. |
| 702873 | Previously, the Windows Logon Integration feature sometimes caused the Windows Logon screen to freeze. Now, this issue has been fixed. As a side effect of the fix, the Logon screen now shows duplicates of the pre-logon VPN Entries, which might be confusing for users. One duplicate comes from the Microsoft Credentials Provider. To disable the default Microsoft Credentials Provider see https://social.technet.microsoft.com/Forums/windows/en-US/9c23976a-3e2b-4b71-9f19-83ee3df0848b/how-to-disable-additional-credential-providers?forum=w8itprosecurity. |
| 703984 | In the previous release, the macOS machine cert agent checked only the beginning of the client hostname and certificate common name. The machine cert agent now checks the entire strings. |
| 704535 | F5 VPN and F5 EPI now properly consume data processed by Chrome 64+. Because earlier versions of F5 VPN or F5 EPI do not work properly with the Chrome 64+ browser, on those releases applications must be launched out-of-band (by standalone installer), or by launching F5 VPN/F5 EPI from another browser (such as Firefox or Edge). |
| 705208 | In the previous release, Edge Client on Windows was unable to establish a VPN connection after SAML authentication. Now, Edge Client can now successfully establish a VPN connection after SAML authentication. |
| 707448 | Strings are now properly translated into German. |
| 707738 | Due to an issue introduced in Windows RS4, a VPN connection could not be established. This has been fixed. |
| 710188 | Previously, Google reCAPTCHA was not displayed on the logon page, when implmented. Now Google reCAPTCHA is displayed. |
| 710407 | Previously, the F5 VPN and F5 EPI apps would quit on Linux distributions with Qt version 5.10.1 or higher. This has been fixed. |
| 712728 | On Linux, F5 helper apps (f5vpn and f5epi) are not automatically upgraded to version 7.1.7. As a workaround, manually uninstall f5epi and f5vpn. Connect to Access Policy Manager using a web browser. Follow the instructions when prompted to install f5epi or f5vpn. |
| 714542 | Now, when a user right-clicks the Edge Client tray icon in Always Connected mode, the Always Connected Mode text is displayed on the tray icon pop-up menu. |
Known issues in 7.1.7.1
Known issues in 7.1.7.1
The following are known issues in 7.1.7.1.
| ID Number | Description |
|---|---|
| 681023 | F5 endpoint inspection and F5 VPN applications are not upgraded automatically on OpenSuse 42.3 and Suse Enterprise Desktop 12 SP2. "As a workaround, with the F5 EPI or F5 VPN downloads linux_f5epi.tgz or linux_f5vpn.tgz in the platform's download folder.
|
| 681281 | On Fedora 26, after disconnecting from the VPN, the default route is not restored. As a workaround, disable and re-enable the network adapter. |
| 681956 | If a user disconnects from the VPN while there is no connectivity on a statically-configured network adapter, and network connectivity is then restored to that adapter after the disconnection, the default route is not restored. As a workaround, you can either manually add a default route to the network adapter gateway, or enable DHCP on the network adapter. |
| 683819 | When Edge Client is installed using the CLI or msiexec, the following config parameters are not installed.
|
| 700770 | With Always Connected mode, when hosts and IP addresses are added to the exclusion list in the registry manually after the client is installed, they are deleted after the client is uninstalled. As a workaround, after the client is reinstalled, add the exclusions again. |
| 703874 | If the VPN is connected and disconnected repeatedly, a user may fail to logon. Logon will be retried automatically, and eventually succeed. |
| 708922 | Client side proxy configuration will be ignored after VPN is established, if proxy configuration is deployed using DHCP option 252. As a workaround, configure client side proxy information in IE configuration |
| 714043 | NPAPI inspection host plugin on macOS does not work with the latest Endpoint Security (EPSEC) update image because policyserver not being part of OESIS package since it's bundled with individual applications. There is no workaround at this time. |
Contacting F5 Networks
| Phone - North America: | 1-888-882-7535 or (206) 272-6500 |
| Phone - Outside North America, Universal Toll-Free: | +800 11 ASK 4 F5 or (800 11275 435) |
| Additional phone numbers: | See Product Support Regional Contact Information for your area. |
| Web: | https://f5.com/ |
| Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- F5 Networks Technical Support: https://f5.com/support :: Self-Solve Options
- AskF5 Knowledge Base: https://support.f5.com/csp/home
- BIG-IP iHealth Diagnostic Tool: https://f5.com/support/tools/ihealth
- F5 DevCentral: https://devcentral.f5.com/
- F5 Publication Subscription Center: https://interact.f5.com/AskF5-SubscriptionCenter.html
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 Knowledge Base
AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
F5 Publication Subscription Center AskF5 Publication Preference Center
To subscribe, click F5 Publication Subscription Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the F5 Publication Subscription Center screen.
- TechNews Weekly eNewsletters: Timely information about known issues, product releases, hotfix releases, point releases, updated and new articles, and new feature notices.
- TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
- Security Alerts: Application Classification Signature and Service Provider Notifications .
