Applies To:Show Versions
- 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
BIG-IP Edge Client establishes secure communications to applications and networks. It provides users with full access to IP-based applications, resources, and intranet files as if they were physically working on the office network. This release note contains information about the changes made for the current version only. Refer to the prior release note versions for additional information.
The Edge Client version 7.2.3 is now available on downloads.f5.com (under the APM Clients container).
- User documentation for this release
- Contacting F5
- Legal notices
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following pages:
Features and enhancements
- Discard non-VPN adapter registration on Network Access DNS server
Microsoft registers the system adapter’s IP and hostname on the DNS Servers (Dynamic address registration) when the Register this connection's addresses in DNS option is enabled for the adapter on Windows. However, users noticed that Microsoft registers the local connection address and PPP adapter (VPN) address on tunnel DNS servers when the Register this connection's addresses in DNS option is enabled on the network adapter and full tunneling is used.
BIG-IP Edge client can intercept DNS traffic and decide whether DNS traffic should be routed to a tunnel DNS server or a local DNS server. To achieve this function, Edge Client uses two components such as service and driver. The driver is TDI-based (Intel platform) and captures DNS events and redirects them to a service that has listeners configured.
The DNS Relay proxy service has been enhanced to drop the registration of local adapters (non-PPP) on DNS Servers configured on Network Access settings.
Administrators can use the APM Variable Assign agent to enable or disable DNS Dynamic Update as per their preference. Following are the possible configuration options:To disable DNS Dynamic Update, add the following entries to the Variable Assign agent in your policy:
For a deployment that uses a non-secure DNS Dynamic update and would like to filter registration calls, add the following entries to the Variable Assign agent in your policy:
- Custom variable:
- Custom expression:
Note: By default, the configuration option value is set to 0 and the feature to intercept/filter DNS Dynamic Update packet is disabled.
For a deployment that uses secured DNS Dynamic update and would like to filter registration calls, add the following entries to the Variable Assign agent in your policy:
- Custom variable:
- Custom expression:
Note: System generated DNS Update packets are modified and sent to Network Access DNS server.
- Custom variable:
- Custom expression:
Note: System generated DNS Update packets are dropped and a new secured record is created by proxy code and sent to the DNS server.
For any value other than 0, 1, 2, the DNS relay proxy sets to 0.
- Custom variable:
- IPv6 stonewall service support
With this release, added support to block the IPv6 traffic on Windows and this service performs AAAA queries for the administrator added hostname exclusions, and adds appropriate allow or deny rules for IPv6 traffic into the driver. Stonewall service supports the blocking of IPv6 traffic except for the essential protocols like DNS, DHCP, and ICMPv6 for neighbor discovery and it supports IPv6-based (IP and DNS) exclusions. Stonewall service reads the exclusions from the registry key in the HLKM\Software location that can be hostnames or IPV4 or IPV6 addresses.
The following issues have been fixed in this release.
|756468||When the Edge client package was upgraded to 7.2.2, the VPN driver covpn64.sys crashed which lead the windows 10 system to crash and restart eventually. This issue is fixed, and now the Edge client package is upgraded to 7.2.2 without any VPN driver crash.|
|940737||Fixed the issue where the security certificate warning alert was reported when Edge Client downloaded the PAC file from the specified location.|
|1059025||The Locked mode of all Edge Client versions failed to work on macOS version 12.3 due to the deprecated Python 2.x version, and no other Python version was shipped with the operating system. This issue is fixed, and now the pyinstaller executable is introduced along with the package to support the firewall controller service. Compatibility is maintained for older macOS versions as well with the newly introduced mechanism. Refer to the K37264030 article for more information.|
|1073653||Fixed the issue where the Client Type agent variable 'session.client.app_id' returns the value 'api' regardless of access method after an upgrade to Edge Client 18.104.22.168 version.|
|1102345||Fixed the issue where the Firewall Controller service failed to work when the Edge Client was upgraded on the macOS. Uninstall the plist file for agents and install after the auto-upgrade.|
|1103565||Fixed the issue where the Firewall Controller failed to load or unload the firewall rules based on the VPN connection status.|
|1103593||Previously, the FSMonitor fwctl service failed to detect the changes to the exception list. This issue is fixed, and now the Python 3.x compatible code changes are made to monitor the configuration file update during a runtime update.|
|1103597||Previously, the code signing verification failed with py-installer changes on the BIG-IP Edge Client. This issue is fixed, a now the FSMonitor fwctl is able to detect the changes to the exception list after updating the Entitlement plist file with the proper pyinstaller string.|
|1103601||For Edge Client installed on macOS, the multithreading library failed to work properly in Always Connected mode. This issue is fixed, and now the multithreading works with proper compatible python 3.x APIs successfully.|
|1103605||Fixed the Edge Client uninstallation scripts in Always connected mode changed to Bash script. The Edge Client uninstall script for macOS has been rewritten in bash.|
|1113377-2||A regression issue is seen after upgrading to a build with a 1059025 bug fix. Now, this issue is fixed by properly cleaning up the intermediary files after the upgrade.|
|1114897-1||After the Edge Client upgraded to the 7.2.2 version, the VPN failed to establish the connection when the machine tunnel service was running. This issue is fixed and now the Edge Client is able to establish the connection after an upgrade while machine tunnel service is enabled.|
|1116933-2||Fixed the issue where EdgeClient failed to establish the connection at Initialising state for more than 10 minutes for the first time after an upgrade on Windows10 20H2. Pause the Machine tunnel while trying to upgrade the VPN driver.|
|1124497-1||After the Edge Client upgraded to version 7.2.2, the VPN failed to establish the connection when the system woke up from sleep mode. During the sleep mode, the VPN Dialler device became invalid and was unable to establish the VPN connection but it makes several attempts to connect before starting a new connection. This issue is fixed, and now the Edge Client cleans the VPN Dialler device while the system goes into sleep mode and could able to establish the connection when the system wakes up from the sleep mode.|
The following are known issues in this release.
How to Contact F5 Support or the Anti-Fraud SOC
- By phone in the U.S. (accessible 24x7): 888-88askf5 (888-882-7535).
- International contact numbers: http://www.f5.com/training-support/customer-support/contact/.
- The Support Coordinator can contact the SOC as needed.
You can contact the Anti-Fraud SOC as follows:
- By phone in the U.S. (accessible 24x7): 866-329-4253 (Option #3 for Anti-Fraud)
- International contact numbers: https://f5.com/products/platforms/silverline/f5-silverline-ddos-protection
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
|AskF5 Knowledge Base||
The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
|BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer||
BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration.
Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more.
|Communications Preference Center||
Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products.