Applies To:
Show Versions
BIG-IP APM
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Summary:
BIG-IP Edge Client establishes secure communications to applications and networks. It provides users with full access to IP-based applications, resources, and intranet files as if they were physically working on the office network.
The Edge Client version 7.2.1.4 is now available on downloads.f5.com.
Contents:
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following pages:
Features and enhancements
- Generate endpoint check report using CTU tool
-
Earlier, the BIG-IP Edge Client for Windows logged endpoint inspection checks information in its log data. Now, you can generate an OPSWAT Endpoint Inspection report using the latest client troubleshooting utility (CTU) tool, making it more secure and manageable for troubleshooting and debugging purposes. The third-party inspection libraries from OPSWAT are used as the basis for F5 endpoint posture checks and includes reports on firewall, antivirus, peer-to-peer software, patch management, hard disk encryption, anti-spyware, and windows health agent.
- Network Location Awareness (NLA) on machine tunnel support
-
The Network Location Awareness (NLA) on machine tunnel determines when a service should establish a Network Access connection with configured APM server.
During a network switch, based on the configured DNS Suffixes, NLA detects whether a network connection is in corporate or non-corporate. If the NLA detects current network connection as corporate network, it enables Machine tunnel service to automatically terminate a Network Access connection and establishes connection back on a non-corporate network.
Refer to the Location detection mechanism section in the https://support.f5.com/csp/article/K34467612 article for details on detecting a corporate network.
You can enable NLA for machine tunnels using registry editor or push the registry key using group policy:
- Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\F5MachineTunnelService\Parameters folder.
- On the Edit menu, click .
- For String Value, type name as DNSSuffixes.
- The type of the registry key is REG_SZ.
- Edit the string value and enter the DNS Suffixes that you want to be detected as corporate network. Multiple DNS Suffixes are allowed and they must be separated by a comma. For example, testdomain.com,test.com.
Fixes
The following issues have been fixed in this release.
| ID Number | Description |
|---|---|
| 971293-1 | Previously, when Always Connected Mode was enabled, windows clients could configure the network servers by using the Manage VPN Servers option. This issue is fixed, and now, the server's list is non-editable when the client is configured in Always Connected mode. |
| 1000965-2 | Fixed an issue in Edge Client for macOS, where when both an expired and a valid certificate exists with the same name, the machine certificate check failed. Workaround: Follow the steps to delete the expired certificate:
|
| 1008213-1 | Previously, during access policy evaluation for the On-Demand Cert Auth, the Edge Client for Windows showed an additional certificate selection prompt instead of selecting the certificate automatically. This happened even when there was only a single valid certificate installed on the client, whereas the dialog is expected to be shown when there are several user certificates installed. This issue is now resolved. |
| 1020609-2 | Fixed an issue where the SSL VPN did not follow best practices when responding to an invalid host request. |
| 1021141-1 | Previously, after upgrading to epsec-1.0.0-969.0.iso, Edge Client for macOS 7.2.1.1 and 7.1.9.9 failed to perform the endpoint inspection check, and the VPN connection failed. A fix for the problem was included in the following apmclient.iso releases 7.2.1.3 and 7.1.9.9 update 1. This release also includes the fix. Refer to the https://support.f5.com/csp/article/K26349235 article for details. |
| 1023621-1 | Fixed the issue where on Windows 10 20H1 devices, older versions of DNS relay proxy service corrupted the DNS Suffix Search List value to REG_BINARY instead of REG_SZ. This resulted in a failure to resolve DNS names. Workaround: Modify the Windows Registry with the Registry Editor, Command Prompt, or Logon Scripts. To modify using the Windows Registry Editor:
|
| 1031977-1 | Previously, if the machine tunnel was running and you tried to establish a VPN connection using Edge Client, two concurrent connected users (CCU's) were consumed per user. This issue is fixed, and now, only one CCU is consumed per user. |
| 1032633-1 | Previously, when DataSafe was enabled on the virtual server, endpoint inspection failed. This issue is fixed, and now, the endpoint inspections are performed successfully. |
| 1045117-2 | Previously, after upgrading to APM Client 7.2.1.3, the client could not connect to the VPN on Windows 10 32-bit edition and kept displaying the Waiting to connect to server message. This issue is fixed, and now, VPN connects successfully. Workaround: Modify the Windows Registry:
|
Contacting F5
| North America | 1-888-882-7535 or (206) 272-6500 |
| Outside North America, Universal Toll-Free | +800 11 ASK 4 F5 or (800 11275 435) |
| Additional phone numbers | Regional Offices |
| Web | http://www.f5.com |
| support@f5.com |
How to Contact F5 Support or the Anti-Fraud SOC
- By phone in the U.S. (accessible 24x7): 888-88askf5 (888-882-7535).
- International contact numbers: http://www.f5.com/training-support/customer-support/contact/.
- The Support Coordinator can contact the SOC as needed.
You can manage service requests and other web-based support online at F5 My Support (registration required). To register email CSP@F5.com with your F5 hardware serial numbers and contact information.
You can contact the Anti-Fraud SOC as follows:
- By phone in the U.S. (accessible 24x7): 866-329-4253 (Option #3 for Anti-Fraud)
- International contact numbers: https://f5.com/products/platforms/silverline/f5-silverline-ddos-protection
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
| F5 Support | Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology. |
| AskF5 Knowledge Base | The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source. |
| BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer | BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration. |
| F5 DevCentral | Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more. |
| Communications Preference Center | Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products. |
