Release Notes : APM Client 7.1.8.1

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0, 14.1.0, 14.0.0, 13.1.1, 13.1.0
Release Notes

Summary:

The Edge Client version 7.1.8.1 is now available on downloads.f5.com.

Contents:

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following pages:

Features and enhancements in 7.1.8.1

System Tray notifications replace Growl Notifications
Edge Client for macOS now uses system notifications to indicate the VPN connection status replacing the Growl notifications, which were interruptive and displayed even when the main window was in focus. The new system tray notifications are non-intrusive and disappear once the VPN is connected.

Fixes in 7.1.8.1

The following issues have been fixed in this release.

ID Number Description
582348-2 Previously, the Edge Client for macOS displayed cookies not allowed error message when the virtual server is configured with DUO two-factor authentication and the option Remember me for 30 days is selected on the DUO logon page. With this release, the Edge Client accepts 3rd part cookies without any error.
765045-1

Previously, the Edge Client installation failed on Windows 10 with Korean Locale and Escort PC security installed. Now, this issue is fixed, and the Edge Client installation is successful.

767609-1 Previously, on some Ubuntu Linux v18.04 systems, when you logged out from VPN after connecting using Firefox, the WiFi connectivity was lost, and the f5vpn process did not terminate. Now, after logging out from the VPN, the WiFi connection is not lost, and the issue is fixed.
773621-1, 773633-1, 773637-1, 773641-1,  773649-1, 773653-1 Fixed issues where the Edge Client log could expose sensitive information to local users. The sensitive data is now masked to resolve the vulnerability.
775513-1

Previously, the Edge Client system tray icon disappeared, when you changed the display resolution while Edge Client was connected. Now, this issue is fixed, and the F5 icon stays in place after changing the display settings.

782117-1

Previously, when redirecting from a virtual server to another virtual server which is reachable only by a client-side proxy and has a different hostname, the request for detecting APM failed. This happened because the Client Type variable for the session created was IE instead of standalone and resulted in denying access to the user when the policy had a Client Type agent. In another scenario, when redirecting from a virtual server to an external 3rd party server, there is a delay in completing logon when the redirected hostname had multiple IP addresses.

With this release, the created Client Type session variable is standalone, and the issue is resolved.

Known issues in 7.1.8.1

The following are known issues in this release.

ID Number Description
681023 F5 endpoint inspection and F5 VPN applications are not upgraded automatically on OpenSUSE42.3 and SUSE Enterprise Desktop 12 SP2. As a workaround, with the F5 EPI or F5 VPN, download the linux_f5epi.tgz or linux_f5vpn.tgz in the platform's download folder.
  1. Untar the file. tar -xvf linux_f5epi.tgz
  2. Select the appropriate file. For example, for a 64-bit CPU select linux_f5epi.x86_64.rpm.
  3. Install the package: rpm --force -ivh linux_f5epi.x86_64.rpm, or uninstall the older component first: rpm -e f5epi or rpm -ivh linux_f5epi.x86_64.rpm
681281 On Fedora 26, after disconnecting from the VPN, the default route is not restored. As a workaround, disable and re-enable the network adapter.
683819 When the Edge Client is installed using the command-line interface (CLI) or Msiexec these configuration parameters are not installed properly:
  • Exclusion List for the locked client
  • Auto Launch option
As a workaround, use the F5 Edge Client installer to install the client. From the CLI, this can be done with the command BIGIPEdgeClient.exe /q.
700770 With the Always Connected mode, when hosts and IP addresses are added to the exclusion list in the registry manually after the client is installed, they are deleted after the client is uninstalled. As a workaround, on reinstalling the client, add the exclusions again.
703874 If the VPN is connected and disconnected repeatedly, a user may fail to log on. Logon is retried automatically and eventually succeeds.
708922 Client-side proxy configuration is ignored after the VPN is established if the proxy configuration is deployed using DHCP option 252. As a workaround, configure client-side proxy information in IE configuration.
714043 NPAPI inspection host plug-in on macOS does not work with the latest Endpoint Security (EPSEC) update image because the policy server is not a part of the OESIS package as it is bundled with individual applications. There is no workaround at this time.
745315 Edge Client for macOS does not save the username and password in always connected mode if the username for the server changes after the initial login or if the user connects to a different server. The user has to enter the username and password each time to connect using the new username or to connect to the newly selected server. This issue exists even after having the Save password to disk option enabled.
745969 In always connected mode, VPN is not established if the Edge Client version 7.1.5 or earlier auto-updates to version 7.1.6 or later. This occurs because the Stonewall service is signed with an old certificate and does not get updated with the auto-update, while the Edge Client version 7.1.6 and above are signed with a new certificate.

Workaround 1:

Uninstall the previous version of Edge Client (7.1.5 or earlier), and then install the Edge Client version 7.1.6 or later instead of an auto-update.

Workaround 2:

Import the new certificate into the F5FirepassRoot store of the local computer.

  1. Extract the new certificate by downloading and installing Edge Client version 7.1.6 or later.
  2. Browse to the folder where the client components are installed.
  3. Right-click on any of the components (for example f5instd.exe) and select Properties > Digital Signature.
  4. Select the certificate and click Details > View Certificate > Details tab > Copy to File to save the certificate.
  5. Click Start > Run . In the Open field, type mmc.
  6. Click File > Add/Remove Snap-in.
  7. In the Add or Remove Snap-ins dialog box, double click Certificates.
  8. Click Computer account > Next > Local computer > Finish.
  9. Expand Certificates (Local Computer) and right-click on F5FirePassRoot. Click Import.
  10. In the Certificate Import Wizard, browse for the certificate saved in step 4 and click Next.
  11. Select Place all certificates in the following store: F5FirePassRoot and click Next, then click Finish.
753793 The customized logo on the Edge Client logon page for macOS is not displayed.
759640 When the user clicks on the Start new session link in the Session Expired/Timeout popup, the new session is launched but client-type gets detected as Full Browser.
787493 On Windows 10, when the DNS relay proxy is running, the DNS resolution does not work if system DNS and the Network Access DNS are the same and the traffic for DNS queries goes over the non-preferred network adapter.

As a workaround:

  • Do not use the DNS relay proxy service for VPN connection as the service may not intercept network traffic. Similarly, restarting the DNS relay proxy after VPN has been established can have the same effect.
  • Ensure that the network access DNS does not match the system DNS.
  • Add the following registry key:

    HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient

    with DWORD EnableMultiHomedRouteConflicts set to 0 before establishing a VPN connection.

    This reverts the Windows DNS client behavior to pre-Windows 10 behavior, so the DNS relay proxy creates listeners on loopback for incoming requests, and the driver redirects DNS requests to the listener on the loopback.

    Important: Use extreme care when editing Windows registry keys. Incorrect modification of keys might cause unexpected behavior.

Contacting F5

North America 1-888-882-7535 or (206) 272-6500
Outside North America, Universal Toll-Free +800 11 ASK 4 F5 or (800 11275 435)
Additional phone numbers Regional Offices
Web http://www.f5.com
Email support@f5.com

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Support

https://f5.com/support :: Self-solve Options

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5 Knowledge Base

https://support.f5.com/csp/home

The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer

https://f5.com/support/tools/ihealth

BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration.

F5 DevCentral

https://devcentral.f5.com/

Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more.

Communications Preference Center

https://interact.f5.com/F5-Preference-Center.html

Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products.