Applies To:Show Versions
The Edge Client version 7.1.9 is now available on downloads.f5.com.
Applies To: BIG-IP APM 16.0.1, 16.0.0, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.4, 13.1.3, 13.1.1, 13.1.0
- User documentation for this release
- Contacting F5
- Legal notices
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following pages:
Features and enhancements in 7.1.9
- User interface simplified
Edge Client for macOS has a new and improved UI with quick accessible connections options on the Edge Client menu in the menu bar. With Auto-Connect and Always-Connected mode enabled, the end-user is automatically logged when the VPN is established.
For additional information on the newly designed UI, refer to the What's New in 7.1.9 link in the Edge Client for macOS Quick Access guide intended for VPN client end-users.
- Temporarily disconnect from the VPN without logging out
Edge Client now allows the users to temporarily disconnect from the VPN without logging out. The login session remains active, and when the user chooses to Turn VPN On, the VPN establishes without the need for re-authentication. The logon session remains active until the user quits, or the session times out.
- Touch ID support for macOS Edge Client
For Touch ID enabled macOS devices, Edge Client now allows a returning user to provide fingerprint as device authentication, thereby protecting data from unauthorized access.
- Auto-Connect in Network Location Awareness
Edge Client's Auto-Connect lets you start a secure access connection as needed. When Auto-Connect is enabled, and the user is on an enterprise network, the client disconnects and remains active in the status menu. When the user moves outside the enterprise network, the login session remains active, and the VPN connection establishes automatically without the need for re-authentication. Auto-Connect option is available in the Preferences popup screen when the Network Location Awareness feature is enabled.
- Delete log files
New command to simplify deleting log files has been added to the Client Troubleshooting Utility.
- F5 CTU Report improvements
The CTU Report shows the adapter name and device ID and includes more information in the logs. Also, the CTU System Summary report results now match those in the system registry.
- Load client certificates from the Local Machine Store
Previously, for on-demand certificate authentication, machine tunnels service could select only the client certificate presented in the service store. With this release, you can now configure to select a client certificate from the Local Machine store.
To configure using the Windows Registry:
Note: When no registry setting is specified, then the machine tunnels service will pick the client certificate from the service store.
- Start the registry editor ( ).
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\F5MachineTunnelService\Parameters.
- Set string ClientCertStoreLocation to system or service.
- Set string ClientCertStoreName to the store name. The default store name is MY and can be changed to a custom store.
To configure using the F5MachineTunnelInfo utility:
From the command prompt that is run as an administrator:
- type F5MachineTunnelInfo.exe --set_client_certstore system <store name> to set the client certificate store location as the Local Machine store.
- type F5MachineTunnelInfo.exe --set_client_certstore service <store name> to set the client certificate store location as the F5MachineTunnelService store.
- type F5MachineTunnelInfo.exe --remove_client_certstore to remove the client certificate store location and name configuration.
- System Tray notifications replace Growl Notifications
Edge Client for macOS now uses system notifications replacing the Growl notifications, which were interruptive and displayed even when the main window was in focus. The new system tray notifications are non-intrusive and disappear once the VPN is connected. These notifications appear in the top-right corner of the screen and the Notifications pane. The user can disable notifications in the Preferences.
Fixes in 7.1.9
The following issues have been fixed in this release.
|488172||Changed the wording of a confusing DHCP Server could not be reached message to say that the system is waiting for interface initialization to be complete.|
|582348-1||Previously, the Edge Client for macOS displayed the You need to enable cookies in order to remember this device error message when the virtual server was configured with DUO two-factor authentication and the option Remember me for 30 days was selected on the DUO logon page. With this release, the Edge Client accepts 3rd party cookies without any error.|
|745969||Previously, in always connected mode, the VPN had trouble connecting after Edge Client version 7.1.5 or earlier auto-updated to version 7.1.6 or later due to certificate problems. The VPN now connects properly after auto-updates.|
|759343||Previously, the BIG-IP Edge Client for macOS could allow unprivileged users to access files owned by the root account. Now, all existing installation log files are removed, and this issue is fixed.|
|759640||Previously, when Session Expired/Timeout window popup was produced on the Logon Page via the Edge Client for macOS, then clicking on the Start new session link resulted in the BIG-IP APM server categorizing uimode as Full Browser (0) for the new session. If your Access Policy logic had a uimode check where Full Browser mode resulted in no Network Access resource, logon failure could occur. This issue has been fixed, and now on macOS, Edge Client is no longer detected as Full Browser (uimode 0) by APM.|
|765045||Previously, the Edge Client installation failed on Windows 10 with Korean Locale and Escort PC security installed. Now, this issue is fixed, and the Edge Client installation is successful.|
|767609||Previously, on some Ubuntu Linux v18.04 systems, when you logged out from VPN after connecting using Firefox, the WiFi connectivity was lost, and the f5vpn process did not terminate. Now, after logging out from the VPN, the WiFi connection is not lost, and the issue is fixed.|
|773621, 773633, 773637, 773641, 773649, 773653||Fixed issues where the Edge Client log could expose sensitive information to local users. The sensitive data is now masked to resolve the vulnerability.|
|775513||Previously, the Edge Client system tray icon disappeared, when you changed the display resolution while Edge Client was connected. Now, this issue is fixed, and the F5 icon stays in place after changing the display settings.|
|776141||In the past, Edge Client notifications did not display if the text was scaled above 100%. Now state change notifications are shown when text is scaled.|
Previously, when redirecting from one virtual server to another virtual server that is reachable only by a client-side proxy having a different hostname, the request for detecting APM failed. This happened because the Client Type variable for the session created was IE instead of standalone and resulted in denying access to the user when the policy had a Client Type agent. In another scenario, when redirecting from a virtual server to an external 3rd party server, there was a delay in completing logon when the redirected hostname had multiple IP addresses.
With this release, the created Client Type session variable is standalone, and the issue is resolved.
|803921||In the past, some access policies with 3rd party redirection for authentication incorrectly redirected some URLs to APM. Now, redirection to APM is only triggered when navigating to a document, not for every resource downloaded for the document.|
|805929||DNS resolution does not work in split tunnel configurations that specify DNS exclude address space but no DNS address space.
As a workaround, specify some patterns in the DNS address space. If the intention is to provide DNS excluding address space, then specify * in the DNS address space.
Previously, the DNS relay proxy service was unable to handle a larger number of DNS requests and gave errors causing the servers to become unresponsive. Now, this issue is fixed, and the service handles bulk requests without any error.
|812433||In past releases, in some configurations, DNS relay proxy service forwarded DNS requests to IPv6 site-local addresses and automatically added those addresses as DNS servers resulting in slower DNS resolution. Now, the DNS relay proxy no longer forwards DNS requests to those IPV6 site-local addresses.|
|815129||Previously, the EdgeClient UI could become unresponsive while changing states when Machine Tunnel was installed but not configured. Now, the Edge Client changes state without delay, and this issue is resolved.|
|818621||When using F5 Helper Apps (f5-epi and f5-vpn) with IE/Edge Browser on Windows, security warnings used to occur. The warnings no longer appear.|
|825049||New code signing was not possible as the code signing certificate expired on December 11, 2019. The Edge Client now includes a newer signing certificate.|
|825813||Previously Edge Client could not be installed on macOS 10.15 Catalina because macOS Catalina requires the application installation package to be notarized by default. Now, this issue is fixed, and the Edge Client installation package is notarized to meet the new security requirements of macOS Catalina. macOS 10.14.5 and 10.15 are fully supported with APM Clients 22.214.171.124 and BIG-IP 13.1.x.
To support macOS 10.14.5 and above on BIG-IP 11.6.x and BIG-IP 12.1.x, use the following workarounds:
Workaround 1: Temporarily override your Mac security settings
Edge Client is now saved as an exception to your security settings, and you can open it in the future by double-clicking it.
Workaround 2: Open Edge Client in the Applications folder
Workaround 3: Use Terminal to allow all apps
Note: This workaround may risk your security. To hide the allow apps from anywhere option, open terminal and type the command sudo spctl –master-enable.
|831953||Previously, the EdgeClient for macOS built with an Apple WebView WebKit could not display certain captive portal login pages. Now, this issue is fixed, and the captive portal login page is displayed correctly.|
|832337||Previously, the remove_client_certstore command for Machine Tunnel service did not display any output message. Now, the output messages are displayed informing users about the success and failure of the client certificate configuration removal.|
|833021||Configuring the Machine Tunnel Service to use the service store requires the store name to be prepended with F5MachineTunnelService\ such as F5MachineTunnelService\MY when using the Windows registry or the command line utility. The system now does this automatically.|
|838909||Previously, a malicious captive portal could prompt the user to provide his enterprise credentials and get access to the password hash. Now, with this release, Edge client does not respond to such credential requests from captive portals.|
|857689||Previously, when using DTLS connection, the CPU usage could increase to 100%, impacting performance and throughput. Now, the issue is fixed, and the throughput speed is not impacted.|
|862641||Previously, in the Edge Client for Windows, the Stonewall service failed to disconnect traffic after the VPN is disconnected, and the user could access resources over the internet. Now, this issue is fixed, and traffic is blocked when the VPN is disconnected.|
|862709||On Windows Enterprise LTSC 2019, the Edge Client crashes after being connected for a period of time. Now, the issue is fixed, and the Edge Client no longer crashes.|
|863957||If the OPSWAT Endpoint Security (EPSEC) package is signed using a newer version of the certificate than the APM client, then each time the user logs in and an endpoint check is performed, OPSWAT components are downloaded and installed in a new folder. APM 126.96.36.199 release fixed this issue and is compatible with the latest version of EPSEC. Refer EPSEC Release Notes and follow the guidelines to ensure APM client compatibility with EPSEC.|
|867413||Previously, in the Edge Client for macOS, sometimes the captive portal resolution feature did not work after reboot due to an issue in detecting the captive portal state. Now, the captive portal state is successfully detected, and this issue is fixed.|
|881213||Previously, the Edge Client's status bar icon displayed the maximum session timeout Session expires in hh:mm:ss tooltip, and did not show an actual or a session timeout information. Now, this tooltip has been removed to avoid confusion, and the issue is fixed.|
Known issues in 7.1.9
The following are known issues in this release.
|753793||The customized logo on the Edge Client logon page for macOS is not displayed. The customized elements are hidden by default and require additional updates to the apm_edge.css for making the logo appear on the logon page. Complete the following two tasks to customizing the logo for EdgeClient for macOS:
Task 1: Customize the Header left image using the customization tool and the Front Image using the visual policy editor as desired.
Task 2: Update apm_edge.css file for making the logo appear on the logon page.
|871989||When you configure an access policy with end-point checks, the Edge Client for macOS displays a detached window with the Checking for antivirus software... message. If you click on the status bar icon before the logon page is displayed, it pauses the access policy execution.|
If you skip an auto-update during an initial connection and connect to the VPN, the edge client tries to re-initiate the auto-update and prompt for a root password when you resume a paused VPN by clicking Turn VPN On. If you cancel this prompt for the root password, then the VPN does not resume, the Turn VPN Off option is disabled, and the Edge Client icon on the status menu displays an error icon (red triangle with an exclamation).
Workaround 1: Quit and restart the Edge Client application.
Workaround 2: Change the VPN server to switch the VPN connection.
|879497||EdgeClient on macOS fails to start after installation because the installation files have the com.apple.quarantine extended attribute associated with it. This attribute is automatically added by macOS to ask the user for confirmation the first time the downloaded program is run.
Workaround: Strip out the extended file attribute
|880033||The Save password option does not work on Edge Client for macOS when the two-factor authentication is configured on the logon page, causing the user to re-enter the password on every login.|
|881217||If the VPN is connected, then disabling Auto-Connect in the Preferences popup screen, disconnects the VPN.
Workaround: Click Turn VPN On to manually connect to the VPN.
|883549||Edge Client does not close the logon page when the user enters the enterprise network.
Workaround: The logon page disappears after successful authentication. Enter your credentials and click logon.
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
|AskF5 Knowledge Base||
The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
|BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer||
BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration.
Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more.
|Communications Preference Center||
Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products.