Release Notes : APM Client 7.2.2.2

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Release Notes
Updated Date: 07/27/2022

Summary:

BIG-IP Edge Client establishes secure communications to applications and networks. It provides users with full access to IP-based applications, resources, and intranet files as if they were physically working on the office network. This release note contains information about the changes made for the current version only. Refer to the prior release note versions for additional information.

The Edge Client version 7.2.2.2 is now available on downloads.f5.com (under the APM Clients container).

Contents:

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following pages:

Features and Enhancements

There are no features and enhancements in this release.

Fixes

The following issues have been fixed in this release.

ID Number Description
756468-1 When the Edge client package was upgraded to 7.2.2, the VPN driver covpn64.sys crashed which lead the windows 10 system to crash and restart eventually. This issue is fixed, and now the Edge client package is upgraded to 7.2.2 without any VPN driver crash.
940737-1 Fixed the issue where the security certificate warning alert was reported when Edge Client downloaded the PAC file from the specified location.
1047501-1 Fixed the issue where the JavaScript error occurs when clients connect to the login page or external IdP and click the YES button to establish the VPN connection. These JavaScript errors are seen usually when the embedded browser is redirected to the SAML IdP site.
1059025-1 The Locked mode of all Edge Client versions failed to work on macOS version 12.3 due to the deprecated Python 2.x version, and no other Python version was shipped with the operating system. This issue is fixed, and now the pyinstaller executable is introduced along with the package to support the firewall controller service. Compatibility is maintained for older macOS versions as well with the newly introduced mechanism. Refer to the K37264030 article for more information.
1073653-1 Fixed the issue where the Client Type agent variable 'session.client.app_id' returns the value 'api' regardless of access method after an upgrade to Edge Client 7.2.1.3 version.
1102345-1 Fixed the issue where the Firewall Controller service failed to work when the Edge Client was upgraded on the macOS. Uninstall the plist file for agents and install after the auto-upgrade.
1103565-1 Fixed the issue where the Firewall Controller failed to load or unload the firewall rules based on the VPN connection status.
1103593-1 Previously, the FSMonitor fwctl service failed to detect the changes to the exception list. This issue is fixed, and now the Python 3.x compatible code changes are made to monitor the configuration file update during a runtime update.
1103597-1 Previously, the code signing verification failed with py-installer changes on the BIG-IP Edge Client. This issue is fixed, a now the FSMonitor fwctl is able to detect the changes to the exception list after updating the Entitlement plist file with the proper pyinstaller string.
1103601-1 For Edge Client installed on macOS, the multithreading library failed to work properly in Always Connected mode. This issue is fixed, and now the multithreading works with proper compatible python 3.x APIs successfully.
1103605-1 Fixed the Edge Client uninstallation scripts in Always connected mode changed to Bash script. The Edge Client uninstall script for macOS has been rewritten in bash.
1113377-1 A regression issue is seen after upgrading to a build with a 1059025 bug fix. Now, this issue is fixed by properly cleaning up the intermediary files after the upgrade.
1114897-3 After the Edge Client upgraded to the 7.2.2 version, the VPN failed to establish the connection when the machine tunnel service was running. This issue is fixed and now the Edge Client is able to establish the connection after an upgrade while machine tunnel service is enabled.
1116933-1 Fixed the issue where EdgeClient failed to establish the connection at Initialising state for more than 10 minutes for the first time after an upgrade on Windows10 20H2. Pause the Machine tunnel while trying to upgrade the VPN driver.
1124497-2 After the Edge Client upgraded to version 7.2.2, the VPN failed to establish the connection when the system woke up from sleep mode. During the sleep mode, the VPN Dialler device became invalid and was unable to establish the VPN connection but it makes several attempts to connect before starting a new connection. This issue is fixed, and now the Edge Client cleans the VPN Dialler device while the system goes into sleep mode and could able to establish the connection when the system wakes up from the sleep mode.

Known issues

The following are known issues in this release.

ID Number Description
1072901 The Windows logon integration does not work with TLS 1.3 on windows 10 and Windows 11.

Workaround: Enable other versions of TLS to allow Windows Logon client to fallback to an older version of TLS protocol.

1077749 EPSEC version 1156 is not certified on Windows 10 and Windows 11 on the ARM processors.
1079621-1 When the application is moved to the trash, the respective application F5 EPI or F5 VPN directory is getting deleted from the following path:

/Applications/F5 Endpoint Inspector.app/Contents/Resources/

Whereas, the respective application specific (F5 EPI or F5 VPN) folder is not getting deleted from the following path:

/Users/<username>/Library/Applications Support/F5 EPI

The plist file of the respective application is not deleted from the following path:

/Users/<username>/Library/Launchagents/

Workaround:
  1. Upgrade to the latest build and verify the time stamps available in the following paths:

    Application directory: /Users/<username>/Library/Applications Support/F5 EPI

    Plist file path : /Users/<username>/Library/Launchagents/

  2. Check the EPI and VPN functionality in all the cases.
  3. Restart and install the EPI and VPN.
  4. Uninstall and re-install the EPI and VPN.
  5. Check whether the F5 EPI and F5 VPN applications are removed from the /Applications/ path.
1082821 When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on all versions of macOS.

Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol.

1082825 When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on Linux.

Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol.

1082909 When trying to establish a VPN connection, it does not work with TLS 1.3 on Windows 11.

Workaround: Enable other versions of TLS to allow APM client to fallback to any other versions of TLS protocol.

1083397 Installation of the Edge Client versions prior to 7.2.2 may be successful on the ARM64-based Windows 10 and Windows 11 but fails to establish the VPN connection.

Workaround: Uninstall the prior versions of Edge Client 7.2.2 and install the ARM64-supported Edge Client version using the MSI installer package.

1084369 Optimized tunnels are not supported on ARM64-based Windows 10 and Windows 11 systems. When Optimized tunnels are used, the tunnel connection fails without user notification.

Workaround: In some cases, use a static app tunnel to establish a tunnel connection.

1107385 When the Windows Edge Client is redirected to an External Logon page, it fails to render the External Logon page in the small pop-up window using the default rendering engine. The default rendering engine leads to multiple javascript errors and the page remains stuck.
Workaround 1:
  1. Launch a command prompt with the administrator privilege and run regedit.
  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION location.
  3. On the right side panel, right click on the empty area and navigate to the New > DWORD (32-bit) Value . Set the value name as rundll32.exe.
  4. Double click the rundll32.exe value and enter the value data as 2af8 (if the Hexadecimal option is selected) or 11000 (if the Decimal option is selected). Click OK.
  5. Exit the Edge Client application and relaunch it.

Workaround 2:

On the External Logon site, when external logon page responds with HTML codes, add the following meta tag at a specific location:

<meta http-equiv="X-UA-Compatible" content="IE=edge">

For example:

<html>

<head>

<meta http-equiv="X-UA-Compatible" content="IE=edge">

<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">

<meta http-equiv="Cache-Control" content="no-cache">

Contacting F5

North America 1-888-882-7535 or (206) 272-6500
Outside North America, Universal Toll-Free +800 11 ASK 4 F5 or (800 11275 435)
Additional phone numbers Regional Offices
Web http://www.f5.com
Email support@f5.com

How to Contact F5 Support or the Anti-Fraud SOC

You can contact a Network Support Center as follows:

You can manage service requests and other web-based support online at F5 My Support (registration required). To register email CSP@F5.com with your F5 hardware serial numbers and contact information.

You can contact the Anti-Fraud SOC as follows:

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Support

https://f5.com/support :: Self-solve Options

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5 Knowledge Base

https://support.f5.com/csp/home

The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer

https://f5.com/support/tools/ihealth

BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration.

F5 DevCentral

https://devcentral.f5.com/

Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more.

Communications Preference Center

https://interact.f5.com/F5-Preference-Center.html

Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products.