Applies To:
Show Versions
BIG-IP APM
- 21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Updated Date: 11/04/2025
Summary:
The Edge Client version 7.2.6 is now available on MyF5.com (under the APM Clients container). For download instructions, refer to the K000090258: Download F5 products from MyF5 article.
The following table contains APM client 7.2.6 versions for different operating systems:
| APM Clients Version | BIG-IP Edge Client Windows Version | Linux/Mac Client version |
|---|---|---|
7.2.6 apmclients-7260.2025.805.1823-6950.0.iso |
7260.2025.805.1823 | Mac : 7260.2025.0818.1 Linux : 7260.2025.0811.1 |
Important: Going forward, F5 Access for macOS will be released along with APM Clients releases and introduce changes to deployment workflow and versioning. For more information on this change, please refer to K000152992.
Contents:
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following pages:
Features and Enhancements
Following are the new features for this release.
Always Connected Mode Exclusion List Enhancement for Windows Edge Client
The Windows Edge Client in Always Connected Mode now supports DNS wildcards and CIDR-based subnet entries in the exclusion list. The exclusion list can now support up to 100 entries with support for CIDR notation and wildcard DNS names. This allows pre-VPN access to applications like Office 365 and cloud services that require multiple domains or IP subnets. DNS wildcards follow the same pattern as DNS Address Space configuration (e.g., *.example.com, *site.example.com), but * alone is not allowed.
Admins can now define more flexible and scalable exclusion rules in Always Connected Mode to meet enterprise access requirements. This enhancement aligns the exclusion list behavior with existing DNS include/exclude configurations. While CM-side config updates are needed for broader integration, those will be addressed in a future phase. Refer to the documentation notes and BIG-IP TechDocs for configuration guidance.
Native Support for Apple Silicon in macOS APM Clients
Starting with version 7.2.6, BIG-IP Edge Client and Web clients for macOS offer native support for Apple Silicon devices, eliminating the need for the Rosetta emulator. macOS clients now operate natively on both Intel and Apple Silicon processors.
F5 Access 7.2.6 for Mac
This release introduces F5 Access 7.2.6 for Mac, a modern VPN client built on Apple’s Network Extension framework. It extends the capabilities of the Mac App Store version of F5 Access with desktop‑class features and an interface optimized for macOS. For information on installing F5 Access 7.2.6 for Mac refer to K000153125.
A few key features include,
- Endpoint Inspection: F5 Access 7.2.6 for Mac introduces support for Endpoint Inspection (EPI), offering enhanced security and compliance for connecting devices in enterprise environments.
Note: BIG-IP 17.5.1 is required for Endpoint Inspection to function in F5 Access MacOS. - DNS‑based split tunnelling: DNS‑based split tunnelling allows specified application and domain traffic (for example, Zoom and Microsoft 365) to bypass the VPN. Based on DNS exclusion settings configured in the Network Access profile, traffic is intelligently routed either through the tunnel or directly to the internet, reducing unnecessary load on corporate networks.
- Auto‑update: When users connect to BIG‑IP, F5 Access 726 for Mac automatically updates to the newer client version hosted on the BIG‑IP (if available). This keeps deployments consistent and secure without user intervention.
- OIDC Authentication: F5 Access 726 for Mac supports OpenID Connect (OIDC) authentication using the system’s default browser. Browser‑based OIDC enables modern MFA, including FIDO2 security keys, improving both security and user experience.
Administrators configure the OIDC provider, client credentials, and OAuth scopes in the BIG‑IP connectivity profile. These settings are pushed to the client, which initiates authentication in the default browser; users complete sign‑in with the identity provider and return to establish the VPN connection.
Note: OIDC authentication in F5 Access requires BIG-IP 17.5 and PKCE to be enabled. Also, to use OIDC authentication, you must enable Web Logon. You can do this in one of the following ways:Enable Enforce Logon Mode and set the Logon Method to Web.
If the Enforce Logon Mode is disabled in BIG-IP, you can enable Web Logon in F5 Access configuration settings.
Use MDM to push a configuration that enables Web Logon.
- Modern Cryptography: F5 Access 726 for Mac supports TLS 1.3 and DTLS 1.2 for VPN connectivity.
Notes:- F5 Access 7.2.6 for Mac now supports System Keychain exclusively for client certificate authentication. This means that client certificates required for authentication must be stored in the macOS System Keychain. Certificates in the User Keychain, or other storage locations, are not supported in this version.
- Endpoint Inspection (EPI) is supported for initial compliance checks performed at the time of connection. However, recurrent (continuous) EPI checks during an active session are not supported.
Note: Effective with this release, Network Access compression is deprecated across all VPN clients. Updated clients will ignore the compression setting during VPN sessions.
Fixes
The following issues have been fixed in this release.
Known issues
The following are known issues in this release.
| ID Number | Description |
|---|---|
| 1079621 | When the application is moved to the trash, the respective application F5 EPI or F5 VPN directory is getting deleted from the following path: /Applications/F5 Endpoint Inspector.app/Contents/Resources/ Whereas, the respective application specific (F5 EPI or F5 VPN) folder is not getting deleted from the following path: /Users/<username>/Library/Applications Support/F5 EPI The plist file of the respective application is not deleted from the following path: /Users/<username>/Library/Launchagents/ Workaround:
If you are running MacOS Version 12.2 or later
|
| 1082821 | When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on all versions of macOS. Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol. |
| 1082825 | When trying to establish a VPN connection using a browser, it does not work with TLS 1.3 on Linux. Workaround: Enable other versions of TLS to allow the browser to fallback to any other versions of TLS protocol. |
| 1084369 | Optimized tunnels are not supported on ARM64-based Windows 10 and Windows 11 systems. When Optimized tunnels are used, the tunnel connection fails without user notification. Workaround: In some cases, use a static app tunnel to establish a tunnel connection. |
| 1194381 | An intermittent issue is observed when Edge Client on Windows fails to reconnect if the LAN cable is unplugged when the system is asleep. Workaround 1: Add the Virtual Server FQDN to the stonewall exclusion list on BIG-IP. Workaround 2: The LAN cable should be unplugged from the Windows system prior to hibernation if the user does not want to continue with LAN connectivity after coming out of hibernation. Workaround 3: If step 1 is missed or skipped, and faces the Edge Client reconnect issue after coming out of hibernation then the Ethernet cable must be plugged into the Ethernet port on the Windows system. If there is no Ethernet cable, restart the Edge Client application. |
| 1239253 | Web F5 VPN will not be launched if certain versions of Ubuntu on ARM64 do not have the /lib/aarch64-linux-gnu/libpcre16.so.3 library installed. Workaround: Users who want to use web F5 VPN on certain versions of Ubuntu running on ARM64 which do not have /lib/aarch64-linux-gnu/libpcre16.so.3 should install libpcre16-3 using one of the following commands. sudo apt install libpcre16-3 or sudo apt-get install libpcre16-3 |
| 1295133 | Edge Client users are prompted to install the Endpoint Inspection (EPI) helper applications on macOS 13.3. Workaround: Preinstalling the latest EPI helper application would resolve the issue. For more information on the deployment process, refer to the Install the latest Edge Client on MacOS end devices section of the K000133476 article. For more details on the user experience changes, refer to the K000133622 article. |
| 1324053-1 | Users experience a one-time issue on Windows and MacOS as Edge Client configuration settings which were defined in the client.f5c are overwritten with the settings defined in the config.f5c when the auto-upgrade is enabled. This issue would not be seen when users upgrade from APM Clients 7.2.4.3 version to the future versions.
Workaround: Administrators can define the desired configuration, especially the APM virtual server list in the config.f5c before the upgrade so that the Edge Client Installer copies the settings to the client.f5c file. Generally, the config.f5c file is available in the following directory path: Windows: C:\ProgramData\F5 Networks\Secure Access Client or C:\Program Files (x86)\F5 VPN MacOS: /Library/Application Support/F5Networks |
| 1581041 | The Show IP configuration and Show routing table buttons do not work for the F5 VPN window on the Mac Platform after the QT upgrade of APM clients. You can use the following command line tools to view the network configurations: /sbin/ifconfig /usr/sbin/netstat -rn /usr/sbin/scutil –dns |
| 1615801 | If the VPN connection is made from Windows 11 machines with WebVPN or Edge Client with Default Browser Authentication enabled, BIG-IP shows the wrong session.client.platform value. |
| 1628533-1 | Windows Logon Credentials feature does not work in Windows 11 24H2. Users cannot connect to Edge Client automatically as the prompt is displayed to specify the credentials. |
| 1678473 | Auto-upgrades of Windows Clients (Web EPI, Web VPN, and Edge Client) without Component Installer service fails. Workaround: 1) Re-install the Windows Clients (or) 2) Upgrade to 7248 GA build (apmclients-7248.2024.910.609-6452.0.iso) before upgrading to 725x or later. |
| 1697301 | On a Windows 10 machine, unable to establish VPN Connection with EdgeClient, WebVPN, Machine Tunnel, and Custom Dialer using TLS1.3. Workaround:
|
| 2047741 | Starting with Windows Edge Client 7.2.6, the network port icon previously shown in multiple Edge Client windows and as the application icon in the Windows Start menu has been replaced with the default F5 icon. This default icon cannot be changed, as customization is not currently supported for the icon. |
Contacting F5
| North America | 1-888-882-7535 or (206) 272-6500 |
| Outside North America, Universal Toll-Free | +800 11 ASK 4 F5 or (800 11275 435) |
| Additional phone numbers | Regional Offices |
| Web | http://www.f5.com |
| support@f5.com |
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
| F5 Support | Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology. |
| MyF5 | The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, MyF5 is your source. |
| BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer | BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration. |
| F5 DevCentral | Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more. |
| Communications Preference Center | Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products. |
