Updated Date: 04/10/2026
BIG-IP Edge Client establishes secure communications to applications and networks. It provides users with full access to IP-based applications, resources, and intranet files as if they were physically working on the office network. This release note contains information about the changes made for the current version only. Refer to the prior release note versions for additional information.
The Edge Client version 7.2.7 is now available on MyF5.com (under the APM Clients container). For download instructions, refer to the K000090258: Download F5 products from MyF5 article.
The following table contains APM client 7.2.7 versions for different operating systems:
| APM Clients version | BIG-IP Edge Client Windows version | Mac F5 Access version | Mac Edge Client version | Linux version |
|---|---|---|---|---|
| apmclients-7270.2026.331.528-7567.0.iso | 7270.2026.331.528 | 7270.0.0.1 | 7270.2026.0323.1 | 7270.0.0.1 |
Important:
- F5 announced the discontinuation of 32-bit Linux support in the APM Edge Client Compatibility matrix. In the next major APM Clients release, F5 will remove 32-bit binaries from client ISO images. For more information, please refer to K000157971: End of technical support for BIG-IP APM network access, VPN Linux 32-bit client OS.
- Going forward F5 Access for MacOS will be released along with APM Clients releases and introducing changes to deployment workflow and versioning. For more information on this change, refer to K000152992.
BIG-IP Edge Client version 7270 for Windows must be installed as a fresh installation. Upgrading directly from any older versions to version 7270 is not possible due to changes in signer certificates and Certificate Authority (CA) in 7.2.7 release. As a result, the F5 Component Installer Service included in the update will fail to upgrade during the transition from earlier versions. To ensure smooth functionality, it is strongly recommended to uninstall any older versions of BIG-IP Edge Client on Windows systems and perform a fresh installation of version 7270. This issue is specific to the Windows platform. BIG-IP Edge Client for Mac and other platforms or clients are not impacted and will continue to function as intended. For more information, refer to K000160684
For a comprehensive list of documentation that is relevant to this release, refer to the following pages:
Following are the new features in this release.
APM Client 7.2.7 introduces support for Post-Quantum Cryptography (PQC) cipher groups, ensuring secure VPN connectivity in alignment with emerging quantum-resistant encryption standards. The legacy cryptographic infrastructure (such as OpenSSL 1.1.1 and SChannel) is replaced with OpenSSL 3.5.0, to enable the support for TLS 1.3 and PQC-ready cipher suites, such as X25519+MLKEM768.
Following APM Clients support PQC:
- Windows Edge Client
- MacOS F5 Access
- Linux CLI client
- Windows Web Client
- Linux Web Client
To leverage PQC support in APM Clients:
- Upgrade Edge Client/Web Client to 7.2.7.
- Upgrade BIG-IP APM system to 17.5.1 or later.
- Configure the BIG-IP SSL Profiles to include PQC cipher groups, such as: X25519+MLKEM768.
- Ensure that your environments support PQC-ready (e.g., Dilithium) certificates and certificate chains.
- Ensure that the end-user Default Browsers can support TLS 1.3 with PQC.
Endpoint Inspection is now supported on Ubuntu with ARM64, allowing seamless management and inspection of endpoints on Linux ARM64 platforms. This feature requires the upcoming BIG-IP version 21.1 or later.
For detailed information on the additional system libraries required, refer to K000158036.
The Windows Edge Client now offers custom logging preferences, giving you enhanced control over log verbosity to improve both security and flexibility.
You can select the required log level from APM Client Log Level drop-down in General Settings while creating a connectivity profile from Access > Connectivity / VPN > Connectivity > Profiles in BIG-IP. By default, it is set to Info.
Note: If the BIG-IP Server log level is set to ERROR, WARN, or INFO, it will override the Client Log Level. The APM Client Log Level is considered only when the BIG-IP Server log level is set to DEBUG or TRACE. If they differ, the lower log level (less verbose) is applied.
Important: The changes to ServerLogLevel are applied dynamically and do not require reinstalling the Edge Client. The updated settings will automatically reflect when the client connects to the APM Virtual Server with a connectivity profile that has the Custom Logging option enabled. However, the MachineLogLevel must be manually created in the Registry Editor if detailed debug-level logging is required on the client side. For more information refer to APM Clients Documentation.
This feature requires the upcoming BIG-IP version 21.1 or later.
Windows Edge Client can now automatically upgrade the F5 Machine Tunnel Service when a newer version is available on BIG-IP, and the auto-upgrade feature is enabled. Additionally, if the Machine Tunnel service is running before the upgrade, it continues to run after the upgrade completes without affecting existing VPN configuration settings.
This feature requires BIG-IP changes tracked as part of https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/relnote-supplement-bigip-17-5-1-4.html#A2141337-1 and shipped in BIG-IP 17.5.1.4 release.
The following are the fixes in this release:
| ID Number | Component | Description |
|---|---|---|
| 1403777 | Windows Edge Client | Fixed the issue of Network Access Client power management options not working as expected. |
Following are the Known Issues.
| ID Number | Description |
|---|---|
| 2251413 | On macOS Edge Client, the UI continues to display the status as “Connecting” even after the VPN connection is successfully established. Workaround: Disconnect and reconnect from Edge Client. |
| 2224925 | When the client machine has multiple valid certificates for client certificate inspection, the Windows Edge Client will prompt the user with a dialog box to select a certificate from the list of matching certificates each time a VPN session is initiated. |
| 2162537 | Microsoft’s Trident engine (Embedded Browser) does not support PQC MLKEM ciphers. As a result, any HTTPS requests initiated by Trident will not use PQC MLKEM ciphers during the TLS handshake. This affects the following scenarios: Edge Client: When configured to use the embedded browser for user authentication, all HTTPS requests initiated from the Trident engine will not support PQC ciphers. This limitation is limited to authentication (using the embedded browser). To overcome this limitation, system’s Default Web Browser can be configured for user authentication. Web VPN: Web VPN uses Trident to render the VPN connectivity UI. UI related HTML file requests (/vdesk/resource_all_info.eui, webtop_resource_inner.eui) and subsequent requests such as CSS or JS files and timeoutagent-i.php initiated by the Trident engine will not use PQC ciphers. Windows Pre-Logon: Similar to Edge Client, when Pre-Logon uses the embedded browser for user authentication, HTTPS requests from this engine will not support PQC ciphers. Note: These limitations do not affect the Machine Tunnel client. VPN tunnel establishment of all the Windows Clients is unaffected by the Trident limitation. |
| 2230065 | Upgrading from older versions of Edge Client for Windows to version 7270 may fail. You must completely uninstall the existing version before installing version 7270. For more information, refer to https://my.f5.com/manage/s/article/K000160684 |