Release Notes : APM Client 7.2.4.6

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Release Notes
Software Release Date: 02/08/2024
Updated Date: 12/06/2024

Summary:

BIG-IP Edge Client establishes secure communications to applications and networks. It provides users with full access to IP-based applications, resources, and intranet files as if they were physically working on the office network. This release note contains information about the changes made for the current version only. Refer to the prior release note versions for additional information.

The Edge Client version 7.2.4.6 is now available on MyF5.com (under the APM Clients container). For download instructions, refer to the K000090258: Download F5 products from MyF5 article.

The following table contains APM client 7.2.4.6 versions for different operating systems:

APM Clients Version BIG-IP Edge Client Windows Version Linux/Mac Client version

7.2.4.6

apmclients-7246.2024.129.2022-6384.0.iso

7246.2024.129.2022

Linux: 7246.2024.0201.1
MAC: 7246.2024.0201.1

Contents:

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following pages:


Features and Enhancements

Implemented IP filtering engine on macOS

Previously, Mac users were able to access both internal resources and unsecured local LAN resources at the same time, leading to potential DLP issues. IP Filtering Engine is implemented for macOS which ensures that the traffic destined to the VPN does not leak to the user's LAN and it prevents access from the user's LAN to the VPN (when user's device acts as a router). 

Fixes

The following issues have been fixed in this release.

ID Number Description
1235413-1 Fixed the issue where Edge Client was becoming unresponsive in initializing when 'HTTP' was used in OS proxy setting.
1398321-1 Fixed the issue where Split Tunnel Route table was not restoring properly while switching VPN.
1394877-1 Fixed the issue where DTLS connection was dropped frequently in Windows Edge Client.
1380085-1 Fixed the issue where the configuration data corrupted pop-up was showing for the first time after macOS upgrade.
1352397-4

Fixed the issue where the data exchanged during LocalNet attack bypasses the VPN tunnel. 

Refer to BIG-IP APM Clients TunnelCrack vulnerability CVE-2023-43124 (f5.com) for more details.

1352429-5

Fixed the issue of bypassing tunnels in ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address.

Refer to BIG-IP APM Clients TunnelCrack vulnerability CVE-2023-43125 (f5.com) for more details.

1410877-1 Fixed the issue where DNS resolution was failing for few minutes upon reboot.
1410893-1 Fixed the issue where Windows Edge Client was not connecting to VPN when getting out of long hibernation. 
1429105-1 Fixed the issue where macOS Edge Client failed to establish VPN connection when local proxy was configured. 
1475137-1 Fixed the issue where Windows Edge Client would become unresponsive when you disconnect after session timeout when using Microsoft Azure as SAML Idp
1497617-1 Fixed the issue where the Edge Client was displaying a pop-up as client.f5c file was getting corrupted after macOS upgrade. 

Known issues

The following are known issues in this release.

ID Number Description
1072901 The Windows logon integration does not work with TLS 1.3 on windows 10 and Windows 11.

Workaround: Enable other versions of TLS to allow Windows Logon client to fallback to an older version of TLS protocol.

1079621 When the application is moved to the trash, the respective application F5 EPI or F5 VPN directory is getting deleted from the following path:

/Applications/F5 Endpoint Inspector.app/Contents/Resources/

Whereas, the respective application specific (F5 EPI or F5 VPN) folder is not getting deleted from the following path:

/Users/<username>/Library/Applications Support/F5 EPI

The plist file of the respective application is not deleted from the following path:

/Users/<username>/Library/Launchagents/

Workaround:
 
If you are running MacOS Version 12.2 or later
  1. Upgrade to the latest build and verify the applications are recent:

    /Applications/F5\ VPN.app

    /Applications/F5\ Endpoint\ Inspector.app

  2. Delete the following LaunchAgents:

    ~/Library/LaunchAgents/com.f5.f5epihelper.plist

    ~/Library/LaunchAgents/com.f5.f5epihelper.plist

  3. Delete the following python scripts:

    ~/Library/Application\ Support/F5\ VPN/uninstall.py

    ~/Library/Application\ Support/F5\ EPI/uninstall.py

  4. Reboot the device to remove the Launch agents in memory.
1082821 When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on all versions of macOS.

Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol.

1082825 When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on Linux.

Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol.

1082909 When trying to establish a VPN connection, it does not work with TLS 1.3 on Windows 11.

Workaround: Enable other versions of TLS to allow APM client to fallback to any other versions of TLS protocol.

1083397 Installation of the Edge Client versions prior to 7.2.2 may be successful on the ARM64-based Windows 10 and Windows 11 but fails to establish the VPN connection.

Workaround: Uninstall the prior versions of Edge Client 7.2.2 and install the ARM64-supported Edge Client version using the MSI installer package.

1084369 Optimized tunnels are not supported on ARM64-based Windows 10 and Windows 11 systems. When Optimized tunnels are used, the tunnel connection fails without user notification.

Workaround: In some cases, use a static app tunnel to establish a tunnel connection.

1194381 An intermittent issue is observed when Edge Client on Windows fails to reconnect if the LAN cable is unplugged when the system is asleep.

Workaround 1:

Add the Virtual Server FQDN to the stonewall exclusion list on BIG-IP.

Workaround 2:

The LAN cable should be unplugged from the Windows system prior to hibernation if the user does not want to continue with LAN connectivity after coming out of hibernation.

Workaround 3:

If step 1 is missed or skipped, and faces the Edge Client reconnect issue after coming out of hibernation then the Ethernet cable must be plugged into the Ethernet port on the Windows system. If there is no Ethernet cable, restart the Edge Client application.

1239253 Web F5 VPN will not be launched if certain versions of Ubuntu on ARM64 do not have the /lib/aarch64-linux-gnu/libpcre16.so.3 library installed.

Workaround:

Users who want to use web F5 VPN on certain versions of Ubuntu running on ARM64 which do not have /lib/aarch64-linux-gnu/libpcre16.so.3 should install libpcre16-3 using one of the following commands.

sudo apt install libpcre16-3

or

sudo apt-get install libpcre16-3

1295133 Edge Client users are prompted to install the Endpoint Inspection (EPI) helper applications on macOS 13.3.

Workaround:

Preinstalling the latest EPI helper application would resolve the issue.

For more information on the deployment process, refer to the Install the latest Edge Client on MacOS end devices section of the K000133476 article.

For more details on the user experience changes, refer to the K000133622 article.

1324053-1 Users experience a one-time issue on Windows and MacOS as Edge Client configuration settings which were defined in the client.f5c are overwritten with the settings defined in the config.f5c when the auto-upgrade is enabled. This issue would not be seen when users upgrade from APM Clients 7.2.4.3 version to the future versions.

 

Workaround:

Administrators can define the desired configuration, especially the APM virtual server list in the config.f5c before the upgrade so that the Edge Client Installer copies the settings to the client.f5c file.

Generally, the config.f5c file is available in the following directory path:

Windows: C:\ProgramData\F5 Networks\Secure Access Client or C:\Program Files (x86)\F5 VPN

MacOS: /Library/Application Support/F5Networks

1505789 Edge Client fails to build the VPN connection with an error message as "Network is vulnerable".

Contacting F5

North America 1-888-882-7535 or (206) 272-6500
Outside North America, Universal Toll-Free +800 11 ASK 4 F5 or (800 11275 435)
Additional phone numbers Regional Offices
Web http://www.f5.com
Email support@f5.com

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Support

https://f5.com/support :: Self-solve Options

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

MyF5

https://my.f5.com/manage/s/

The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, MyF5 is your source.

BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer

https://f5.com/support/tools/ihealth

BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration.

F5 DevCentral

https://devcentral.f5.com/

Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more.

Communications Preference Center

https://interact.f5.com/F5-Preference-Center.html

Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products.