Applies To:
Show VersionsBIG-IP APM
- 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Updated Date: 10/23/2024
Summary:
Summary
BIG-IP Edge Client establishes secure communications to applications and networks. It provides users with full access to IP-based applications, resources, and intranet files as if they were physically working on the office network. This release note contains information about the changes made for the current version only. Refer to the prior release note versions for additional information.
The Edge Client version 7.2.5 is now available on my.f5.com (under the APM Clients product Line of the BIG-IP group). For download instructions, refer to the K000090258: Download F5 products from MyF5 article.
The following table contains APM client 7.2.5 versions for different operating systems:
Contents:
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following pages:
Features and Enhancements
Windows Edge Client supports SAML Authentication using the default browser of the system
This feature uses the default browser of the system when authenticating users with SAML IDP. This feature will solve the current limitations of Edge Client, which uses IE technology-based Trident embedded browser for authentication. The Trident engine only supports ECMAScript version 5 and earlier. Users who use IDPs that include JavaScript versions later than ES5 were facing issues with earlier versions of Edge Client. This version of Edge Client resolves all such issues.
To enable this feature customers should load iRules and iFiles and map it to the Virtual servers for which Access profiles are configured. Once 7.2.5 Edge Client is installed on windows, need to set Windows registry key "UseExternalBrowserForAuth" with DWORD value 1 at location Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\F5 Networks\RemoteAccess. For more informaton, refer to K000141526: BIG-IP Edge Client Windows uses default browser for SAML authentication
Fixes
The following issues have been fixed in this release.
ID Number | Description |
---|---|
1060689-2 | Fixed the issue where incorrect Windows version is displayed in the session.client. platform variable in BIG-IP when connection is estalished from Windows Edge Client, Machine Tunnel or Winlogon Client. |
1072901-1 |
Enhanced the Windows logon Integration Client for Windows 10 and 11 with TLS 1.3 support. |
1073933 | Added support for AES128-GCM-SHA256 cipher in TLS1.3 for Windows VPN clients. |
1082909-1 | Fixed the issue where Windows VPN Clients failed to connect with TLS1.3 on Windows 11. |
1462333-2 1538381-2 |
Fixed CVE-2023-5678 and CVE 2024-0727. |
1586001-2 | Fixed the issue where crash was observed in Windows Edge Client when changing VPN server while login script is being executed. |
1593125-5 1593413-5 |
Fixed CVE 2023-38197 and 2023-37369. |
1644325-2 | Updated the code signing certificate for Windows Edge Client. |
Known issues
The following are known issues in this release.
ID Number | Description |
---|---|
1079621 | When the application is moved to the trash, the respective application F5 EPI or F5 VPN directory is getting deleted from the following path: /Applications/F5 Endpoint Inspector.app/Contents/Resources/ Whereas, the respective application specific (F5 EPI or F5 VPN) folder is not getting deleted from the following path: /Users/<username>/Library/Applications Support/F5 EPI The plist file of the respective application is not deleted from the following path: /Users/<username>/Library/Launchagents/ Workaround:
If you are running MacOS Version 12.2 or later
|
1082821 | When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on all versions of macOS. Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol. |
1082825 | When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on Linux. Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol. |
1084369 | Optimized tunnels are not supported on ARM64-based Windows 10 and Windows 11 systems. When Optimized tunnels are used, the tunnel connection fails without user notification. Workaround: In some cases, use a static app tunnel to establish a tunnel connection. |
1194381 | An intermittent issue is observed when Edge Client on Windows fails to reconnect if the LAN cable is unplugged when the system is asleep. Workaround 1: Add the Virtual Server FQDN to the stonewall exclusion list on BIG-IP. Workaround 2: The LAN cable should be unplugged from the Windows system prior to hibernation if the user does not want to continue with LAN connectivity after coming out of hibernation. Workaround 3: If step 1 is missed or skipped, and faces the Edge Client reconnect issue after coming out of hibernation then the Ethernet cable must be plugged into the Ethernet port on the Windows system. If there is no Ethernet cable, restart the Edge Client application. |
1239253 | Web F5 VPN will not be launched if certain versions of Ubuntu on ARM64 do not have the /lib/aarch64-linux-gnu/libpcre16.so.3 library installed. Workaround: Users who want to use web F5 VPN on certain versions of Ubuntu running on ARM64 which do not have /lib/aarch64-linux-gnu/libpcre16.so.3 should install libpcre16-3 using one of the following commands. sudo apt install libpcre16-3 or sudo apt-get install libpcre16-3 |
1295133 | Edge Client users are prompted to install the Endpoint Inspection (EPI) helper applications on macOS 13.3. Workaround: Preinstalling the latest EPI helper application would resolve the issue. For more information on the deployment process, refer to the Install the latest Edge Client on MacOS end devices section of the K000133476 article. For more details on the user experience changes, refer to the K000133622 article. |
1324053-1 | Users experience a one-time issue on Windows and MacOS as Edge Client configuration settings which were defined in the client.f5c are overwritten with the settings defined in the config.f5c when the auto-upgrade is enabled. This issue would not be seen when users upgrade from APM Clients 7.2.4.3 version to the future versions.
Workaround: Administrators can define the desired configuration, especially the APM virtual server list in the config.f5c before the upgrade so that the Edge Client Installer copies the settings to the client.f5c file. Generally, the config.f5c file is available in the following directory path: Windows: C:\ProgramData\F5 Networks\Secure Access Client or C:\Program Files (x86)\F5 VPN MacOS: /Library/Application Support/F5Networks |
1581041 | The Show IP configuration and Show routing table buttons do not work for the F5 VPN window on the Mac Platform after the QT upgrade of APM clients. You can use the following command line tools to view the network configurations: /sbin/ifconfig /usr/sbin/netstat -rn /usr/sbin/scutil –dns |
1615801 | If the VPN connection is made from Windows 11 machines with WebVPN or Edge Client with Default Browser Authentication enabled, BIG-IP shows the wrong session.client.platform value. |
1628533-1 | Windows Logon Credentials feature does not work in Windows 11 24H2. Users cannot connect to Edge Client automatically as the prompt is displayed to specify the credentials. |
1644477 | On macOS Sequoia 15.0, the Edge Client auto-upgrade fails even though the installation appears successful in the edge.log file. However, the application launches with the older Edge Client version. Note: The Web Client and Endpoint Inspection components continue to upgrade successfully, regardless of the Edge Client upgrade failure. For more information, please refer to the 1644477 bug. Workaround: Following are the recommended steps to disable the upgrade option.
|
1678473 | Auto-upgrades of Windows Clients (Web EPI, Web VPN, and Edge Client) without Component Installer service fails. Workaround: 1) Re-install the Windows Clients (or) 2) Upgrade to 7248 GA build (apmclients-7248.2024.910.609-6452.0.iso) before upgrading to 725x or later. |
1697301 | On a Windows 10 machine, unable to establish VPN Connection with EdgeClient, WebVPN, Machine Tunnel, and Custom Dialer using TLS1.3. Workaround:
|
1697321 | In Windows Edge Client, user authentication in the default browser of a system with SAML IDP does not work in standard customization mode. |
Contacting F5
North America | 1-888-882-7535 or (206) 272-6500 |
Outside North America, Universal Toll-Free | +800 11 ASK 4 F5 or (800 11275 435) |
Additional phone numbers | Regional Offices |
Web | http://www.f5.com |
support@f5.com |
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
F5 Support | Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology. |
MyF5 | The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, MyF5 is your source. |
BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer | BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration. |
F5 DevCentral | Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more. |
Communications Preference Center | Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products. |