Release Notes : APM Client 7.2.2

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Release Notes
Updated Date: 09/14/2022

Summary:

BIG-IP Edge Client establishes secure communications to applications and networks. It provides users with full access to IP-based applications, resources, and intranet files as if they were physically working on the office network.

The Edge Client version 7.2.2 is now available on downloads.f5.com (Under the APM Clients container).

Contents:

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following pages:

Features and enhancements in 7.2.2

Edge Client support for the Windows 10 and Windows 11 running on ARM
With this release, the Edge client supports Windows 10 and Windows 11 on ARM64 devices. You do not need to update the server to use Edge Client on Windows ARM. However, support for Edge Client installation package creation for ARM64 on BIG-IP would be available in the upcoming BIG-IP version 17.0.0 or higher releases. If you plan to migrate to ARM64 with Edge Client 7.2.2 version, you would need to patch your current BIG-IP version. To produce an installer for ARM64 on older versions of BIG-IP, contact F5 support for assistance.
TLS 1.3 Support
With this release, Edge Client supports Transport Layer Security (TLS) protocol version 1.3 on Windows, macOS, and Linux operating systems. TLS 1.3 is auto-enabled on macOS and Linux.

To enable TLS 1.3 on Windows 10 1903 Version 10.0.18362.116 or later, perform the following steps:

  1. Open Internet Options, click the Advanced tab and select the Use TLS 1.3 (experimental) check box. Click OK.
    Note: For Windows 11, the TLS 1.3 option is auto-enabled in the Internet Options. Perform step 2.
  2. Using registry editor, navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client folder and edit the following REG_DWORD values:
    • set the "DisabledByDefault" value to 0
    • set the "Enabled" value to 1

Fixes

The following issues have been fixed in this release.

ID Number Description
682015 Previously, the EdgeClient APM session was not closed when the Windows system shut down. This issue is fixed, and now the BIG-IP closes the session when the Windows system is turned off or the user logs off.
873349

1021589

1021597

Previously, the BIG-IP Mac or Linux Web client failed to establish the VPN connection when DNAT changed the destination port of the BIG-IP virtual server. This issue is fixed, and now you can use the Web client to establish the VPN connection in an environment where DNAT is configured.
974837

Fixed an issue where the browser-based VPN components failed to launch for the first time connection after an upgrade. You could observe the following error message in a pop-up dialog of the browser when the network access failed to launch:

Error:

"F5 VPN - Your session could not be established"

"Your session could not be established. The session reference number: nnnnnnnn

Application will be closed"

978945 Previously, EdgeClient for macOS failed to wake up from sleep because the svpn process stopped responding. This issue is fixed, and now, the Edge client on macOS can maintain a VPN connection when the system is in sleep mode.
993837 In some cases, when the locked-mode enabled Edge Client tried to connect to the virtual server, it was unresponsive for 20 seconds but would start working eventually. This issue is fixed, and now the connection to the virtual server works without any delay.
1005241 Even when the Edge Client failed to resolve the DNS name of the APM virtual server, it kept connecting to the server and trying to download the file /pre/config.php, which failed and caused the following error message:

'Error: Can't receive settings from server'

This issue is fixed, and now the Edge Client does not attempt to establish a VPN connection until the DNS name is resolved.

1019161

1067993

Fixed the issue where Edge Client installation did not follow best practices.
1044545 Fixed the issue where APM clients did not follow best practices when establishing a VPN connection.
1041137 Upgraded the MSXML library to MSXML version 6.0. Refer to the link for changes related to the MSXML 6.0.
1066361 Fixed the issue where EPSEC binaries prior to version 1156 are signed with an expired certificate without a signature timestamp. The minimum EPSEC version supported for Edge Client 7.2.2 is the EPSEC 1156 which is signed with a new certificate and timestamped properly.
1071989 Previously, on macOS Monterey, the Edge Client UI continued to show the 'Connecting' status, even when the VPN connection was established. This issue is fixed, and now the Edge Client user interface displays the correct VPN status.

Known issues

The following are known issues in this release.

ID Number Description
1059025 The Locked mode of all Edge Client versions fails to work on macOS version 12.3 due to the deprecated Python 2.x version, and no other Python version is shipped with the operating system. Refer to the K37264030 article for more information.
1072901 The Windows logon integration does not work with TLS 1.3 on windows 10 and Windows 11.

Workaround: Enable other versions of TLS to allow Windows Logon client to fallback to an older version of TLS protocol.

1077749 EPSEC version 1156 is not certified on Windows 10 and Windows 11 on the ARM processors.
1082821 When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on all versions of macOS.

Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol.

1082825 When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on Linux.

Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol.

1082909 When trying to establish a VPN connection, it does not work with TLS 1.3 on Windows 11.

Workaround: Enable other versions of TLS to allow APM client to fallback to any other versions of TLS protocol.

1083397 Installation of the Edge Client versions prior to 7.2.2 may be successful on the ARM64-based Windows 10 and Windows 11 but fails to establish the VPN connection.

Workaround: Uninstall the prior versions of Edge Client 7.2.2 and install the ARM64-supported Edge Client version using the MSI installer package.

1084369 Optimized tunnels are not supported on ARM64-based Windows 10 and Windows 11 systems. When Optimized tunnels are used, the tunnel connection fails without user notification.

Workaround: In some cases, use a static app tunnel to establish a tunnel connection.

Contacting F5

North America 1-888-882-7535 or (206) 272-6500
Outside North America, Universal Toll-Free +800 11 ASK 4 F5 or (800 11275 435)
Additional phone numbers Regional Offices
Web http://www.f5.com
Email support@f5.com

How to Contact F5 Support or the Anti-Fraud SOC

You can contact a Network Support Center as follows:

You can manage service requests and other web-based support online at F5 My Support (registration required). To register email CSP@F5.com with your F5 hardware serial numbers and contact information.

You can contact the Anti-Fraud SOC as follows:

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Support

https://f5.com/support :: Self-solve Options

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5 Knowledge Base

https://support.f5.com/csp/home

The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer

https://f5.com/support/tools/ihealth

BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration.

F5 DevCentral

https://devcentral.f5.com/

Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more.

Communications Preference Center

https://interact.f5.com/F5-Preference-Center.html

Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products.