Applies To:
Show Versions
Summary:
BIG-IP Edge Client establishes secure communications to applications and networks. It provides users with full access to IP-based applications, resources, and intranet files as if they were physically working on the office network.
The Edge Client version 7.2.1 is now available on downloads.f5.com.
Applies To: 13.1.0, 13.1.1, 13.1.3, 13.1.4, 13.1.5, 14.0.0, 14.0.1, 14.1.0, 14.1.2, 14.1.3, 14.1.4, 14.1.5, 15.0.0, 15.0.1, 15.1.0, 15.1.1, 15.1.2, 15.1.3, 15.1.4, 15.1.5, 15.1.6, 16.0.0, 16.0.1, 16.1.0, 16.1.1, 16.1.2, 16.1.3, 17.0.0
Contents:
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following pages:
Features and enhancements in 7.2.1
- DTLS 1.2 Support
Edge Client now supports Datagram Transport Layer Security (DTLS) protocol version 1.2. The protocol allows client/server applications to communicate in a way that prevents eavesdropping, tampering, or message forgery.
Beginning BIG-IP version 16.0.0, the clientssl SSL profile has a new No DTLSv1.2 setting that needs to be explicitly disabled to enable DTLS v1.2 on the virtual server. Edge Client continues to be backward compatible with older versions BIG-IP versions (pre 16.0) that do not support DTLS v1.2.
- Name-based split tunneling support for Round-robin DNS
Edge Client for Windows enhances name-based split tunneling by preserving the IPv4 addresses from DNS resolution of the hostname that matches the exclude domain scope. This improvement will allow traffic to pass for long-lived connections (such as those used by streaming services) even when a subsequent name resolution results in a different IP address and maintain connectivity to servers.
- Supports Yubikey and other U2F/FIDO based authentication systems
Edge Client for macOS and Windows can now behave as an OpenID Connect (OIDC) client, obtain a bearer token and present it to APM for authentication. This OIDC support provides consistent authentication experience by enabling two-factor verification and Single Sign-On across Browser and Edge Client.
Beginning BIG-IP version 16.0.0, the connectivity profile has OAuth Settings that allow administrators to specify the OIDC server discovery endpoint, Client ID, Scopes, and the Complete Redirection URI. With this release, Edge Client provides the following abilities:
- Use security keys such as Yubikey, U2F, and FIDO authentication systems as an additional factor of authentication
- Support password-less authentication through public key registration and authentication
- Single Sign-On for Edge Client and other enterprise apps that share a common IDP
Fixes in 7.2.1
The following issues have been fixed in this release.
| ID Number | Description |
|---|---|
| 706054 | Previously, on Windows, in a captive portal environment, sometimes, an existing VPN connection was terminated even if you already authenticated to the captive portal. This resulted in connection resets for some applications. With this release, the VPN stays active, and this issue has been fixed. |
| 738446 | Fixed the issue, where one of the endpoint checks failed randomly in certain scenarios on Windows displaying an Access Denied page. Now, the endpoint checks pass, and the VPN connection is successful. |
| 842717 | Fixed the security risk where when the Windows Logon Integration feature is configured for the Edge Client, unauthorized users having physical access to an authorized user's machine could get shell access to internal resources or compromise the availability of the resources. |
| 848353 | Previously, on Windows, the endpoint check failed to start on a browser when some specific system events were missing, and the browser page indicated that it is waiting for the endpoint status. This issue is now fixed, and now endpoint check runs successfully. |
| 881293, 881317 | Fixed the issue, where the temporary directory created by the Edge Client Windows Installer for extracting various archives and cab files, had weak file and folder permissions. This vulnerability allowed the execution of signed .exe and MSI files and could be exploited by an unprivileged user to gain privileged escalation on the client system. |
| 881445 | Previously, the Edge Client Windows Stonewall driver did not sanitize the pointer received from the userland. A local user on the Windows client system could send crafted DeviceIoControl requests to a \\.\urvpndrv device, causing the Windows kernel to crash. Now, the Stonewall driver sanitizes the pointer before dereferencing it, and this issue is fixed. |
| 882185, 882189 | Fixed a use-after-free memory vulnerability that existed in the Edge Client Windows ActiveX component. This vulnerability allowed an attacker to trigger memory corruption to the browser or execute code from the browser when the attacker crafted a malicious webpage and loaded it into the Internet Explorer browser. |
| 883549 | Previously, in Lock mode or Auto Connect mode, the Edge Client did not close the logon page when the user roamed to an enterprise network. This issue has been fixed, and now the logon window closes after successful authentication. |
| 899781 | Previously, attempting to establish a VPN connection using a WinLogon Integration/Custom dialup failed and reported the following error: ...finished with code, -1073740512 This issue has been fixed, and now WinLogon Integration/Custom dialup establishes VPN successfully. |
| 904617 | Fixed the issue where split tunneling failed to exclude certain traffic, to flow inside the tunnel. Now, the DNS-based exclusion works correctly. |
| 904977 | Previously, Edge Client did not recognize the onkeypress event when used with a <input> tag, and users could not submit the login form by pressing the Enter key. This issue has been fixed, and now the Edge Client detects the Enter key, and the event attached to the onkeypress event is executed. |
| 910825 | Previously, the EdgeClient for macOS disconnected and reconnected the established tunnel, even when there was no issue with the internet. This issue has been fixed, and now the VPN does not get disconnected. |
| 913841 | Fixed the issue where after upgrading the APM client and switching to another VPN server, the clients were unable to connect. |
| 924941 | Previously, on a client running Linux or macOS, when the hostname present in /etc/hosts partially matched the hostname configured in the static host entry in Network Access, the local host (/etc/hosts) entry got deleted. With this release, the local host entry is not deleted, and this issue has been fixed. |
| 926689 | Previously, after upgrading from 12.1.2.2.0.276 to 12.1.2.5, users could not connect to RDP via AppTunnel, which loads the ActiveX control. With this release, the issue has been fixed. |
| 928173 | Previously, the Edge Client for macOS did not properly support the Duo Trusted Endpoints feature when using Client Certificate Authentication. This prevented the client from connecting. It instead displayed the Your Session has Ended error. This issue has been fixed. |
| 932781 | Fixed the issue, where the Edge Client failed to connect on a system running Windows 10 and with Secure Boot enabled. As a workaround, disable Secure Boot on Windows systems. Note: Some systems running Windows 10 have Secure Boot enabled by default to ensure that the client computers boot using only software trusted by the computer.
|
Known issues in 7.2.1
The following are known issues in this release.
Contacting F5
| North America | 1-888-882-7535 or (206) 272-6500 |
| Outside North America, Universal Toll-Free | +800 11 ASK 4 F5 or (800 11275 435) |
| Additional phone numbers | Regional Offices |
| Web | http://www.f5.com |
| support@f5.com |
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
| F5 Support | Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology. |
| AskF5 Knowledge Base | The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source. |
| BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer | BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration. |
| F5 DevCentral | Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more. |
| Communications Preference Center | Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products. |
