Release Notes :
APM Client 7.1.7
Applies To:
Show Versions
Updated Date: 06/02/2021
Summary:
Version 7.1.7 of the Edge Client is now available on downloads.f5.com.
Applies To: BIG-IP APM 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0
Contents:
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following pages:
Behavior changes in 7.1.7
Machine Tunnel Service
The Machine Tunnel Service is a new Desktop Client feature for Windows only. When installed on client machines as a Windows service, a machine tunnel starts during the machine boot sequence, and establishes a VPN connection to the specified APM servers in background. No user interaction or interactive Windows session is required. This can be used for several different scenarios.
- Off-premise or remote initial provisioning
- Machine tunnels can provide connectivity to the corporate datacenter when the user logs in to a corporate laptop for the very first time.
- Remote computer maintenance
- IT staff can manage the machine and update software when the user is not logged in, but the device is on and idle.
- Remote troubleshooting
- Support Staff are able to log into a user machine via a secure tunnel.
- Remote self-service
- When users forget their passwords, IT staff can use machine tunnels to reset the user passwords.
Linux helper application changes
Beginning in 7.1.7, F5 makes two changes to the Linux Helper Applications:
- The Linux version of the VPN and Endpoint Inspection helper apps have the required QT 5.5 libraries included, and are installed into /opt/f5/vpn/lib as part of the RPM or DEB installation process. This library path is automatically selected as the highest priority one from the f5vpn and f5epi program's RPATH attribute.
- Because of increased size, low usage, and industry trends, F5 has discontinued support of the desktop Linux 32-bit VPN and Endpoint Inspection apps. The 32-bit CLI VPN client remains available.
These changes are tracked with ID 700893. See K35025159: Changes to Linux helper applications for APM Clients 7.1.7 for more information.
Features and enhancements in 7.1.7
Features and Enhancements in 7.1.7
The Machine Tunnel Service is a new Desktop Client feature for Windows only. When installed on client machines as a Windows service, a machine tunnel starts during the machine boot sequence, and establishes a VPN connection to the specified APM servers in background. No user interaction or interactive Windows session is required. This can be used for several different scenarios.
- Off-premise or remote initial provisioning
- Machine tunnels can provide connectivity to the corporate datacenter when the user logs in to a corporate laptop for the very first time.
- Remote computer maintenance
- IT staff can manage the machine and update software when the user is not logged in, but the device is on and idle.
- Remote troubleshooting
- Support Staff are able to log into a user machine via a secure tunnel.
- Remote self-service
- When users forget their passwords, IT staff can use machine tunnels to reset the user passwords.
Fixes in 7.1.7
Fixes in 7.1.7
| ID Number | Description |
|---|---|
| 610436 | Previously, when two network adapters used the same DNS Server address on Microsoft Windows version 10, there could be DNS resolution errors. Now, DNS addresses are resolved correctly with two network adapters. |
| 666497 | Korean translation strings have been corrected. |
| 673025 | Previously, when the copyright was customized, the customized copyright was not displayed in the Edge Client for macOS. This has been fixed. |
| 686718-4 | Tunnel adapter is now closed on VPN termination even when Application launch is configured. |
| 699330 | Previously, On a Fedora 27 client, f5vpn and f5epi crashed upon start. This has been fixed. |
| 700780 | Now F5 DNS Relay Proxy service clears TC flag in all proxied packets, preventing client DNS resolvers from using TCP. An appropriate log entry is printed into the service's log. |
| 700960 | Previously on Ubuntu 17.10, after disconnecting from the VPN, the default route was not restored. This has been fixed. |
| 702490 | Previously, in some situations, Windows Credential Reuse did not work, requiring the EdgeClient end user to log in separately. This issue has been fixed. |
| 702873 | Previously, the Windows Logon Integration feature sometimes caused the Windows Logon screen to freeze. Now, this issue has been fixed. As a side effect of the fix, the Logon screen now shows duplicates of the pre-logon VPN Entries, which might be confusing for users. One duplicate comes from the Microsoft Credentials Provider. To disable the default Microsoft Credentials Provider see https://social.technet.microsoft.com/Forums/windows/en-US/9c23976a-3e2b-4b71-9f19-83ee3df0848b/how-to-disable-additional-credential-providers?forum=w8itprosecurity. |
| 703984 | In the previous release, the macOS machine cert agent checked only the beginning of the client hostname and certificate common name. The machine cert agent now checks the entire strings. |
| 704535 | F5 VPN and F5 EPI now properly consume data processed by Chrome 64+. Because earlier versions of F5 VPN or F5 EPI do not work properly with the Chrome 64+ browser, on those releases applications must be launched out-of-band (by standalone installer), or by launching F5 VPN/F5 EPI from another browser (such as Firefox or Edge). |
| 705208 | In the previous release, Edge Client on Windows was unable to establish a VPN connection after SAML authentication. Now, Edge Client can now successfully establish a VPN connection after SAML authentication. |
| 707448 | Strings are now properly translated into German. |
| 707738 | Due to an issue introduced in Windows RS4, a VPN connection could not be established. This has been fixed. |
| 710188 | Previously, Google reCAPTCHA was not displayed on the logon page, when implmented. Now Google reCAPTCHA is displayed. |
| 710407 | Previously, the F5 VPN and F5 EPI apps would quit on Linux distributions with Qt version 5.10.1 or higher. This has been fixed. |
| 712728 | On Linux, F5 helper apps (f5vpn and f5epi) are not automatically upgraded to version 7.1.7. As a workaround, manually uninstall f5epi and f5vpn. Connect to Access Policy Manager using a web browser. Follow the instructions when prompted to install f5epi or f5vpn. |
| 714542 | Now, when a user right-clicks the Edge Client tray icon in Always Connected mode, the Always Connected Mode text is displayed on the tray icon pop-up menu. |
Known issues in 7.1.7
The following are known issues in this release.
| ID Number | Description |
|---|---|
| 681023 | F5 endpoint inspection and F5 VPN applications are not upgraded automatically on OpenSuse 42.3 and Suse Enterprise Desktop 12 SP2. "As a workaround, with the F5 EPI or F5 VPN downloads linux_f5epi.tgz or linux_f5vpn.tgz in the platform's download folder.
|
| 681281 | On Fedora 26, after disconnecting from the VPN, the default route is not restored. As a workaround, disable and re-enable the network adapter. |
| 681956 | If a user disconnects from the VPN while there is no connectivity on a statically-configured network adapter, and network connectivity is then restored to that adapter after the disconnection, the default route is not restored. As a workaround, you can either manually add a default route to the network adapter gateway, or enable DHCP on the network adapter. |
| 683819 | When Edge Client is installed using the CLI or msiexec, the following config parameters are not installed.
|
| 700770 | With Always Connected mode, when hosts and IP addresses are added to the exclusion list in the registry manually after the client is installed, they are deleted after the client is uninstalled. As a workaround, after the client is reinstalled, add the exclusions again. |
| 703874 | If the VPN is connected and disconnected repeatedly, a user may fail to logon. Logon will be retried automatically, and eventually succeed. |
| 708922 | Client side proxy configuration will be ignored after VPN is established, if proxy configuration is deployed using DHCP option 252. As a workaround, configure client side proxy information in IE configuration |
| 714043 | NPAPI inspection host plugin on macOS does not work with the latest Endpoint Security (EPSEC) update image because policyserver not being part of OESIS package since it's bundled with individual applications. There is no workaround at this time. |
Contacting F5 Networks
| Phone - North America: | 1-888-882-7535 or (206) 272-6500 |
| Phone - Outside North America, Universal Toll-Free: | +800 11 ASK 4 F5 or (800 11275 435) |
| Fax: | See Regional Support for your area. |
| Web: | https://support.f5.com/csp/home |
| Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: https://f5.com/support
- The AskF5 web site: https://support.f5.com/csp/home
- The F5 DevCentral web site: https://devcentral.f5.com/
- AskF5 Publication Preference Center: https://interact.f5.com/AskF5-SubscriptionCenter.html
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5
AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 Publication Preference Center
To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.
- TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
- TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
- Security Alerts: Timely security updates and ASM attack signature updates from F5.
