Release Notes : APM Client 7.2.4

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Release Notes
Software Release Date: 01/17/2023
Updated Date: 01/17/2023

Summary:

Summary

BIG-IP Edge Client establishes secure communications to applications and networks. It provides users with full access to IP-based applications, resources, and intranet files as if they were physically working on the office network. This release note contains information about the changes made for the current version only. Refer to the prior release note versions for additional information.

The Edge Client version 7.2.4 is now available on downloads.my.f5.com (under the APM Clients container). For download instructions, refer to the K000090258: Download F5 products from MyF5 article.

The following table contains APM client 7.2.4 versions for different operating systems:

APM Clients Version BIG-IP Edge Client Windows Version Linux/Mac Client version
7.2.4

apmclients-7240.2023.104.610-6163.0.iso

7240.2023.104.610

Linux: 7240.2023.0102.1

MAC: 7240.2023.0103.1

Contents:

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following pages:

Features and enhancements

Support for the Command Line Clients running on Linux AArch64 with UOS and Ubuntu Operating Systems

With this release, Edge Client supports Linux Command Line Clients (f5fpc) on AArch64 with UOS and Ubuntu Operating Systems. However, support for Edge Client installation package creation for AArch64 BIG-IP would be available in the upcoming BIG-IP version 17.1.0 or higher releases, meanwhile, you can follow the below steps to produce a Linux installer package and distribute to users using any internal file distribution portals or email.

Perform the following steps to install the linux_f5cli.aarch64.deb package from the BIG-IP:

  1. Upload and install the APM 7240 GA build on the BIG-IP server.
  2. Secure Shell (SSH) to BIG-IP server through root credentials.
  3. Copy the file from the /var/apm/mount/apmclients-7240.2023.104.610-6163.0.iso/sam/www/webtop/public/download/linux_f5cli.aarch64.deb location to a server where users can download it.
  4. Use the command sudo dpkg -i linux_f5cli.aarch64.deb and install the package on the ubuntu machine.
  5. For the installation instructions, refer to the K47922841 article.

Fixes

The following issues have been fixed in this release.

ID Number Description
1060661 Fixed the issue where proxy or PAC settings configured in Network Access are not applied after VPN connection on Windows client when Internet Explorer (IE) 11 is disabled.
1066993 When the VPN connection was established, Edge Client displayed the connection duration instead of the session expiration time. This issue is fixed, and now the Edge Client displays the expected session expiration time for the user to determine how long the session remains active.
1070705 Previously, the Edge client failed to display the maximum session timeout message when the VPN session expired. This issue is fixed, and now the Edge Client displays the "Your session is about to reach maximum session timeout. You will be logged out in about one minute." notification when the VPN connection reaches the maximum session timeout value.
1075817 Fixed the issue where the Edge Client did not follow the best practices for Windows support.
1075849 Improved Edge Client to follow the best practices while establishing a VPN connection.
1086289

1086293

Fixed the issue where Windows Installer did not follow the best practices.
1107385

1174009

Fixed the issue where Edge Client fails to render the external logon pages in some cases.
1113377 A regression issue is seen after upgrading to a build with a 1059025 bug fix. Now, this issue is fixed by properly cleaning up the intermediary files after the upgrade.
1114897 After the Edge Client upgraded to the 7.2.2 version, the VPN failed to establish the connection when the machine tunnel service was running. This issue is fixed and now the Edge Client is able to establish the connection after an upgrade while machine tunnel service is enabled.
1116933 Fixed the issue where EdgeClient failed to establish the connection at Initialising state for more than 10 minutes for the first time after an upgrade on Windows10 20H2. Pause the Machine tunnel while trying to upgrade the VPN driver.
1124177 Fixed the issue where Network Access drive mapping SSO feature is broken even when APM and Network Drive System credentials are the same.
1124497 After the Edge Client upgraded to version 7.2.2, the VPN failed to establish the connection when the system woke up from sleep mode. During the sleep mode, the VPN Dialler device became invalid and was unable to establish the VPN connection but it makes several attempts to connect before starting a new connection. This issue is fixed, and now the Edge Client cleans the VPN Dialler device while the system goes into sleep mode and could able to establish the connection when the system wakes up from the sleep mode.
1133249 Fixed the issue where Edge Client used crash when cookie count exceeds 32 for SAML Authentication. Now changed the limit to 180 as per recommended best practices.
1155497 Fixed the issue and now the size limit for Network Access (NA) split tunneling configuration of Exclude Address space has increased to 20KB. It can now hold up to 640 IPs.
1156441 Fixed the issue where Stonewall Service blocked external traffic as Edge Client was taking 5 to 10 minutes to establish the VPN connection after the system restored from hibernation. Now, Edge Client establishes the VPN connection immediately and Stonewall service allows external traffic as per configuration.
1184869 On the Edge Client, when the user entered the credentials on the Ping window and pressed the Enter key to log in, it resulted in a page expired error. This issue is fixed, and now the Enter key allows to log in without page expiration error.
1210045 Fixed the issue where Edge Client on macOS randomly disconnects from VPN.
1212109-2 Fixed the issue where the Linux CLI client would not get connected to VPN if server certificate validation is needed.

Known issues

The following are known issues in this release.

ID Number Description
1072901 The Windows logon integration does not work with TLS 1.3 on windows 10 and Windows 11.

Workaround: Enable other versions of TLS to allow Windows Logon client to fallback to an older version of TLS protocol.

1079621 When the application is moved to the trash, the respective application F5 EPI or F5 VPN directory is getting deleted from the following path:

/Applications/F5 Endpoint Inspector.app/Contents/Resources/

Whereas, the respective application specific (F5 EPI or F5 VPN) folder is not getting deleted from the following path:

/Users/<username>/Library/Applications Support/F5 EPI

The plist file of the respective application is not deleted from the following path:

/Users/<username>/Library/Launchagents/

Workaround:
  1. Upgrade to the latest build and verify the time stamps available in the following paths:

    Application directory: /Users/<username>/Library/Applications Support/F5 EPI

    Plist file path : /Users/<username>/Library/Launchagents/

  2. Check the EPI and VPN functionality in all the cases.
  3. Restart and install EPI and VPN
  4. Uninstall and re-install the EPI and VPN
  5. Check whether the F5 EPI and F5 VPN applications are removed from the /Applications/ path.
1082821 When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on all versions of macOS.

Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol.

1082825 When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on Linux.

Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol.

1082909 When trying to establish a VPN connection, it does not work with TLS 1.3 on Windows 11.

Workaround: Enable other versions of TLS to allow APM client to fallback to any other versions of TLS protocol.

1083397 Installation of the Edge Client versions prior to 7.2.2 may be successful on the ARM64-based Windows 10 and Windows 11 but fails to establish the VPN connection.

Workaround: Uninstall the prior versions of Edge Client 7.2.2 and install the ARM64-supported Edge Client version using the MSI installer package.

1084369 Optimized tunnels are not supported on ARM64-based Windows 10 and Windows 11 systems. When Optimized tunnels are used, the tunnel connection fails without user notification.

Workaround: In some cases, use a static app tunnel to establish a tunnel connection.

1194381 An intermittent issue is observed when Edge Client on Windows fails to reconnect if the LAN cable is unplugged when the system is asleep.

Workaround 1:

Add the Virtual Server FQDN to the stonewall exclusion list on BIG-IP.

Workaround 2:

The LAN cable should be unplugged from the Windows system prior to hibernation if the user does not want to continue with LAN connectivity after coming out of hibernation.

Workaround 3:

If step 1 is missed or skipped, and faces the Edge Client reconnect issue after coming out of hibernation then the Ethernet cable must be plugged into the Ethernet port on the Windows system. If there is no Ethernet cable, restart the Edge Client application.

1195929

An intermittent issue is observed when Edge Client on Windows crashes while changing the VPN Servers from the user interface.

Workaround:

Restart the Edge Client to fix the issue.

Contacting F5

North America 1-888-882-7535 or (206) 272-6500
Outside North America, Universal Toll-Free +800 11 ASK 4 F5 or (800 11275 435)
Additional phone numbers Regional Offices
Web http://www.f5.com
Email support@f5.com

How to Contact F5 Support or the Anti-Fraud SOC

You can contact a Network Support Center as follows:

You can manage service requests and other web-based support online at F5 My Support (registration required). To register email CSP@F5.com with your F5 hardware serial numbers and contact information.

You can contact the Anti-Fraud SOC as follows:

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Support

https://f5.com/support :: Self-solve Options

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5 Knowledge Base

https://support.f5.com/csp/home

The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer

https://f5.com/support/tools/ihealth

BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration.

F5 DevCentral

https://devcentral.f5.com/

Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more.

Communications Preference Center

https://interact.f5.com/F5-Preference-Center.html

Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products.