Release Notes : BIG-IP Edge Client for Windows Phone 8.1 version 1.1

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 11.5.3, 11.5.2, 11.5.1
Release Notes
Original Publication Date: 10/31/2018 Updated Date: 04/18/2019

Summary:

Version 1.1 of the Edge Client for Windows Phone is now available. The download is available from the app store for your device.

Contents:

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following pages:

Features and enhancements in 8.1 version 1.1

ID Number Description
473090
Edge Client now supports client certificate authentication.
484740
Edge Client now supports certificate based only authentication. User name and password authentication credentials are no longer prompted on the client device in this mode.

Known issues in 8.1 version 1.1.

ID Number Description
426654-2
Edge Client cannot establish a VPN connection if a valid certificate is installed in Edge Client and the BIG-IP system requires a certificate. To work around this issue, set the client certificate to the "Request" option and add the Client Certificate Inspection agent to the access policy.
469972
Some applications, such as Microsoft RDP preview client, can send traffic directly to the mobile device's gateway, even after the user configures VPN split tunneling.
472242
Windows Phone Edge Client 8.1 v1.1 cannot connect to a virtual server configured with an IPv6 address.
468308 Windows Phone 8.1 does not distinguish between "DNS Address Space" and "DNS Default Domain Suffix," and treats all "*.domain" configuration in DNS Address Space as DNS Default Domain Suffix. Domain Suffix search does not work for Network Access connection on Windows Phone 8.1. Domain Suffix search also does not work for Network Access connection on Windows Phone 8.1.
428324
After establishing a VPN connection, the client might not resolve the FQDN of the VPN server. As a result, the client fails to reconnect to VPN after network routing changes occur, such as the following: DHCP IP renewal, network media disconnection, and APM session timeout. Internet connections can be disrupted when in roaming mode with an active VPN connection. Network connections can be disrupted when reconnecting to the network with an active VPN connection. 
468365
Internet Explorer, the Mail app, as well as other applications, fails to connect to IPv4 destinations that are a part of the network addresses specified in the "IPv4 Exclude address space" option in the network access resource. Not all applications exhibit this behavior.
468368
Internet Explorer fails to reach local subnet destinations even if the "Allow Local Subnet" option is configured.
468477
The network access connection client proxy settings do not work with Windows Phone 8.1 devices.
468485
Users might see an error code 602 when switching between VPN connections. Users cannot use VPN connections on Windows Phone when the error code continues to display. To work around this issue, reboot the device.
468766
When users automatically switch to a different Wi-Fi connection, the VPN does not automatically establish a connection, and disconnects. To work around this issue, manually establish a new VPN connection.
469567
Some applications send a DNS request through the tunnel even after the DNS name matches the pattern in the DNS Exclude Address Space option. This occurs when the pattern contains a wildcard character.
469581
If the VPN IP address issued by the VPN server matches the local IP addresses of the physical NIC, the VPN connection fails. To work around this issue, reboot the system.
469567
Some applications send a DNS request through the tunnel even after the DNS name matches the pattern in the DNS Exclude Address Space option. This occurs when the pattern contains a wildcard character.
470384
Existing static routes are not deleted when a VPN connection is established, regardless of the configured network access resource split tunneling option.
471046
When users exclude the IPv4 destination host, it is still reachable in Internet Explorer if the host FQDN is in the "DNS include" address space.
497429
If users configure a network access resource to use split tunneling, do not configure a DNS address space and DNS suffix, and attempt to access resources using the FQDN, the traffic fails to go through the VPN tunnel. This can occur even if the resource FQDN is resolved to the IP address in the split tunneling range. To work around this issue, perform the following: 
  • Configure the IP address of the network access DNS server to fall within the VPN IP address split tunneling range.
  • Configure the DNS split tunneling scope to include the FQDNs of servers the users need to access through VPN tunneling.
  • Configure the IP addresses of servers the users need to access through VPN tunneling, so that the addresses are within the IP split tunneling range.
498860
After the VPN profile option "Connect automatically" is disabled and the option "IP ranges" is configured with a range of values, users can not access a server using the server IP address if the address is within the range configured in "IP ranges."
509955
The DNS server from the network access resource must be within the network access IP tunneling range. Otherwise, the DNS server fails to resolve servers that are within the DNS split tunneling range.
509966
FQDN resources in the network accessing DNS split tunneling range, with an IP address outside of the IP split tunneling range, cannot be accessed even if the device has direct access to the resources. To work around this issue, perform the following: 
  • Configure the IP address of the network access DNS server to fall within the VPN IP address split tunneling range.
  • Configure the DNS split tunneling scope to include the FQDNs of servers the users need to access through VPN tunneling.
  • Configure the IP addresses of servers the users need to access through VPN tunneling, so that the addresses are within the IP split tunneling range.
514801
If a session is expired or terminated, and users try to connect to a resource available through tunneling, a new session is created and a new tunnel is established. However, the application trying to connect fails. To work around this issue, repeat the connection attempt.

Fixes in 8.1 version 1.1.

ID Number Description
426654-2
423897-6
Previously, Edge Client failed to handle ending redirects, resulting in the following error messages: Your session could not be established or The certificate of this server is invalid. This issue is now fixed. After a simple redirect, Edge Client redirects to the landing URI with no error messages.
504700
Previously, Edge Client failed to work with 302 redirect, which applies to the APM with GTM scenario. This issue is now fixed.

Supported Features in 8.1 version 1.1

The following Edge Client features are supported in Windows Phone 8.1

Authentication

Feature
Username/Password                   
Client certificate authentication

Tunnel

Feature
TLS 1.x                     
Autoconnect
Roaming between networks                                 
Ipv4 transport
VPN Autoconnect

Split Tunneling Scope

Feature Notes
Include Subnet List of subnets to be routed through the virtual VPN adapter.
Exclude Subnet List of subnets to exclude from routing through the virtual VPN adapter.
DNSSplit List of DNS patterns to define intranet DNS name space. For example: intranet.contoso.com, *.intra.contoso.com.
AllowLocal SubnetAccess     Excludes local subnet and host or subnet in routes that have been explicitly specified in the client routing table from routing through VPN adapter.
DNSSuffix                           DNS suffix for intranet.
DNS DNS server for VPN connection.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email totechnews-unsubscribe@lists.f5.com.

Legal notices

Copyright © 2015, F5 Networks, Inc. All rights reserved.

For a current list of F5 trademarks and service marks, click here. All other product and company names herein may be trademarks of their respective owners.