Release Notes : APM Client 7.2.4.7

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Release Notes
Software Release Date: 05/08/2024
Updated Date: 10/18/2024

Summary:

Summary

BIG-IP Edge Client establishes secure communications to applications and networks. It provides users with full access to IP-based applications, resources, and intranet files as if they were physically working on the office network. This release note contains information about the changes made for the current version only. Refer to the prior release note versions for additional information.

The Edge Client version 7.2.4.7 is now available on my.f5.com (under the APM Clients product Line of the BIG-IP group). For download instructions, refer to the K000090258: Download F5 products from MyF5 article.

The following table contains APM client 7.2.4.7 versions for different operating systems:

APM Clients Version BIG-IP Edge Client Windows Version Linux/Mac Client version

7.2.4.7

apmclients-7247.2024.506.1332-6417.0.iso

7247.2024.506.1332

Linux: 7247.2024.0425.1

MAC: 7247.2024.0425.1

Contents:

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following pages:

Features and Enhancements

Allow sound notification for VPN connection on Windows Edge Client

This feature assists blind persons as the sound indicates the current VPN connection status. A sound notification is enabled while connecting or disconnecting the VPN using the Windows Edge Client. This enhancement improves the user experience. Different sounds are produced to indicate the successful and unsuccessful connection. Users can enable this feature using a flag (SOUND_NOTIFICATION_ON_CONNECTION_STATE_CHANGE) in the config.f5c file to avoid the schema changes in the BIG-IP. By default, this feature is disabled. You can enable this feature when the Edge Client is reinstalled with the required changes in the config.f5c file.

Device ID Support with Microsoft Entra ID on the Mac Edge Client

This enhancement prevents authentication failures in the Mac Edge Client when device authentication is enabled in conditional access and the authentication protocol is SAML. For successful user authentication, Microsoft Entra ID (formerly Azure Active Directory) must identify the Device ID when device authentication is enabled in conditional access.

Now, the Edge Client authenticates the user with the help of the default system browser to interact with the SAML IDP which has device authentication enabled in its conditional access policy. This feature also supports Multi-Factor Authentication (MFA) using FIDO2 keys. Changes in the BIG-IP are required for this feature and will be included in the upcoming releases. For more information, contact F5 support.

Note: When this feature is enabled, the Edge Client uses the system’s default external browser for user authentication instead of the embedded browser.

Fixes

The following issues have been fixed in this release.

ID Number Description
939565-1 Fixed the issue where the Windows Edge Client opened multiple browser tabs during the VPN connection when an invalid OAuth token was received and restricted to 2 tabs.
939925-1 Made changes to improve OAuth token validation in the MacOS Edge Client.
1083045-1 Updated the third-party libraries to meet the latest Apple software notarization requirements.
1497393-1 Edge Client failed to establish the VPN connection during the Windows pre-logon stage for Edge Client versions 7.2.4.5 and 7.2.4.6. Now, this issue is fixed in the Edge Client version 7.2.4.7.
1566441-1 Fixed the issue where the MacOS Edge Client failed to establish the VPN connection due to reachability errors during local proxy PAC file download. IGNORE_LOCAL_PAC flag is introduced to ignore the local PAC file download errors and establish the VPN connection. To enable this flag, add the <IGNORE_LOCAL_PAC>YES</IGNORE_LOCAL_PAC> in the config.f5c file and reinstall the MacOS Edge Client.

Known issues

The following are known issues in this release.

ID Number Description
1072901 The Windows logon integration does not work with TLS 1.3 on windows 10 and Windows 11.

Workaround: Enable other versions of TLS to allow Windows Logon client to fallback to an older version of TLS protocol.

1079621 When the application is moved to the trash, the respective application F5 EPI or F5 VPN directory is getting deleted from the following path:

/Applications/F5 Endpoint Inspector.app/Contents/Resources/

Whereas, the respective application specific (F5 EPI or F5 VPN) folder is not getting deleted from the following path:

/Users/<username>/Library/Applications Support/F5 EPI

The plist file of the respective application is not deleted from the following path:

/Users/<username>/Library/Launchagents/

Workaround:
 
If you are running MacOS Version 12.2 or later
  1. Upgrade to the latest build and verify the applications are recent:

    /Applications/F5\ VPN.app

    /Applications/F5\ Endpoint\ Inspector.app

  2. Delete the following LaunchAgents:

    ~/Library/LaunchAgents/com.f5.f5epihelper.plist

    ~/Library/LaunchAgents/com.f5.f5epihelper.plist

  3. Delete the following python scripts:

    ~/Library/Application\ Support/F5\ VPN/uninstall.py

    ~/Library/Application\ Support/F5\ EPI/uninstall.py

  4. Reboot the device to remove the Launch agents in memory.
1082821 When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on all versions of macOS.

Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol.

1082825 When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on Linux.

Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol.

1082909 When trying to establish a VPN connection, it does not work with TLS 1.3 on Windows 11.

Workaround: Enable other versions of TLS to allow APM client to fallback to any other versions of TLS protocol.

1083397 Installation of the Edge Client versions prior to 7.2.2 may be successful on the ARM64-based Windows 10 and Windows 11 but fails to establish the VPN connection.

Workaround: Uninstall the prior versions of Edge Client 7.2.2 and install the ARM64-supported Edge Client version using the MSI installer package.

1084369 Optimized tunnels are not supported on ARM64-based Windows 10 and Windows 11 systems. When Optimized tunnels are used, the tunnel connection fails without user notification.

Workaround: In some cases, use a static app tunnel to establish a tunnel connection.

1194381 An intermittent issue is observed when Edge Client on Windows fails to reconnect if the LAN cable is unplugged when the system is asleep.

Workaround 1:

Add the Virtual Server FQDN to the stonewall exclusion list on BIG-IP.

Workaround 2:

The LAN cable should be unplugged from the Windows system prior to hibernation if the user does not want to continue with LAN connectivity after coming out of hibernation.

Workaround 3:

If step 1 is missed or skipped, and faces the Edge Client reconnect issue after coming out of hibernation then the Ethernet cable must be plugged into the Ethernet port on the Windows system. If there is no Ethernet cable, restart the Edge Client application.

1239253 Web F5 VPN will not be launched if certain versions of Ubuntu on ARM64 do not have the /lib/aarch64-linux-gnu/libpcre16.so.3 library installed.

Workaround:

Users who want to use web F5 VPN on certain versions of Ubuntu running on ARM64 which do not have /lib/aarch64-linux-gnu/libpcre16.so.3 should install libpcre16-3 using one of the following commands.

sudo apt install libpcre16-3

or

sudo apt-get install libpcre16-3

1295133 Edge Client users are prompted to install the Endpoint Inspection (EPI) helper applications on macOS 13.3.

Workaround:

Preinstalling the latest EPI helper application would resolve the issue.

For more information on the deployment process, refer to the Install the latest Edge Client on MacOS end devices section of the K000133476 article.

For more details on the user experience changes, refer to the K000133622 article.

1324053-1 Users experience a one-time issue on Windows and MacOS as Edge Client configuration settings which were defined in the client.f5c are overwritten with the settings defined in the config.f5c when the auto-upgrade is enabled. This issue would not be seen when users upgrade from APM Clients 7.2.4.3 version to the future versions.

 

Workaround:

Administrators can define the desired configuration, especially the APM virtual server list in the config.f5c before the upgrade so that the Edge Client Installer copies the settings to the client.f5c file.

Generally, the config.f5c file is available in the following directory path:

Windows: C:\ProgramData\F5 Networks\Secure Access Client or C:\Program Files (x86)\F5 VPN

MacOS: /Library/Application Support/F5Networks

1581041 The Show IP configuration and Show routing table buttons do not work for the F5 VPN window on the Mac Platform after the QT upgrade of APM clients. You can use the following command line tools to view the network configurations:
/sbin/ifconfig
/usr/sbin/netstat -rn
/usr/sbin/scutil –dns

Contacting F5

North America 1-888-882-7535 or (206) 272-6500
Outside North America, Universal Toll-Free +800 11 ASK 4 F5 or (800 11275 435)
Additional phone numbers Regional Offices
Web http://www.f5.com
Email support@f5.com

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Support

https://f5.com/support :: Self-solve Options

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

MyF5

https://my.f5.com/manage/s/

The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, MyF5 is your source.

BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer

https://f5.com/support/tools/ihealth

BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration.

F5 DevCentral

https://community.f5.com/

Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more.

Communications Preference Center

https://interact.f5.com/F5-Preference-Center.html

Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products.