Applies To:
Show VersionsBIG-IP APM
- 11.5.3, 11.5.2, 11.5.1
Summary:
Version 1.1 of the Edge Client for Windows Phone is now available. The download is available from the app store for your device.
Contents:
- Features and enhancements in 8.1 version 1.1
- Known issues in 8.1 version 1.1.
- Fixes in 8.1 version 1.1.
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following pages:
- BIG-IP Edge Apps
- BIG-IP Access Policy Manager Documentation
- BIG-IP Access Policy Manager and BIG-IP Edge Client for Windows Phone 8.1 version 1.1
Features and enhancements in 8.1 version 1.1
ID Number | Description |
---|---|
473090 |
Edge Client now supports client certificate authentication. |
484740 |
Edge Client now supports certificate based only authentication. User name and password authentication credentials are no longer prompted on the client device in this mode. |
Known issues in 8.1 version 1.1.
ID Number | Description |
---|---|
426654-2 |
Edge Client cannot establish a VPN connection if a valid certificate is installed in Edge Client and the BIG-IP system requires a certificate. To work around this issue, set the client certificate to the "Request" option and add the Client Certificate Inspection agent to the access policy. |
469972 |
Some applications, such as Microsoft RDP preview client, can send traffic directly to the mobile device's gateway, even after the user configures VPN split tunneling. |
472242 |
Windows Phone Edge Client 8.1 v1.1 cannot connect to a virtual server configured with an IPv6 address. |
468308 | Windows Phone 8.1 does not distinguish between "DNS Address Space" and "DNS Default Domain Suffix," and treats all "*.domain" configuration in DNS Address Space as DNS Default Domain Suffix. Domain Suffix search does not work for Network Access connection on Windows Phone 8.1. Domain Suffix search also does not work for Network Access connection on Windows Phone 8.1. |
428324 |
After establishing a VPN connection, the client might not resolve the FQDN of the VPN server. As a result, the client fails to reconnect to VPN after network routing changes occur, such as the following: DHCP IP renewal, network media disconnection, and APM session timeout. Internet connections can be disrupted when in roaming mode with an active VPN connection. Network connections can be disrupted when reconnecting to the network with an active VPN connection. |
468365 |
Internet Explorer, the Mail app, as well as other applications, fails to connect to IPv4 destinations that are a part of the network addresses specified in the "IPv4 Exclude address space" option in the network access resource. Not all applications exhibit this behavior. |
468368 |
Internet Explorer fails to reach local subnet destinations even if the "Allow Local Subnet" option is configured. |
468477 |
The network access connection client proxy settings do not work with Windows Phone 8.1 devices. |
468485 |
Users might see an error code 602 when switching between VPN connections. Users cannot use VPN connections on Windows Phone when the error code continues to display. To work around this issue, reboot the device. |
468766 |
When users automatically switch to a different Wi-Fi connection, the VPN does not automatically establish a connection, and disconnects. To work around this issue, manually establish a new VPN connection. |
469567 |
Some applications send a DNS request through the tunnel even after the DNS name matches the pattern in the DNS Exclude Address Space option. This occurs when the pattern contains a wildcard character. |
469581 |
If the VPN IP address issued by the VPN server matches the local IP addresses of the physical NIC, the VPN connection fails. To work around this issue, reboot the system. |
469567 |
Some applications send a DNS request through the tunnel even after the DNS name matches the pattern in the DNS Exclude Address Space option. This occurs when the pattern contains a wildcard character. |
470384 |
Existing static routes are not deleted when a VPN connection is established, regardless of the configured network access resource split tunneling option. |
471046 |
When users exclude the IPv4 destination host, it is still reachable in Internet Explorer if the host FQDN is in the "DNS include" address space. |
497429 |
If users configure a network access resource to use split tunneling, do not configure a DNS address space and DNS suffix, and attempt to access resources using the FQDN, the traffic fails to go through the VPN tunnel. This can occur even if the resource FQDN is resolved to the IP address in the split tunneling range. To work around this issue, perform the following:
|
498860 |
After the VPN profile option "Connect automatically" is disabled and the option "IP ranges" is configured with a range of values, users can not access a server using the server IP address if the address is within the range configured in "IP ranges." |
509955 |
The DNS server from the network access resource must be within the network access IP tunneling range. Otherwise, the DNS server fails to resolve servers that are within the DNS split tunneling range. |
509966 |
FQDN resources in the network accessing DNS split tunneling range, with an IP address outside of the IP split tunneling range, cannot be accessed even if the device has direct access to the resources. To work around this issue, perform the following:
|
514801 |
If a session is expired or terminated, and users try to connect to a resource available through tunneling, a new session is created and a new tunnel is established. However, the application trying to connect fails. To work around this issue, repeat the connection attempt. |
Fixes in 8.1 version 1.1.
ID Number | Description |
---|---|
426654-2 |
|
423897-6 |
Previously, Edge Client failed to handle ending redirects, resulting in the following error messages: Your session could not be established or The certificate of this server is invalid. This issue is now fixed. After a simple redirect, Edge Client redirects to the landing URI with no error messages. |
504700 |
Previously, Edge Client failed to work with 302 redirect, which applies to the APM with GTM scenario. This issue is now fixed. |
Supported Features in 8.1 version 1.1
The following Edge Client features are supported in Windows Phone 8.1
Authentication
Feature |
---|
Username/Password |
Client certificate authentication |
Tunnel
Feature |
---|
TLS 1.x |
Autoconnect |
Roaming between networks |
Ipv4 transport |
VPN Autoconnect |
Split Tunneling Scope
Feature | Notes |
---|---|
Include Subnet | List of subnets to be routed through the virtual VPN adapter. |
Exclude Subnet | List of subnets to exclude from routing through the virtual VPN adapter. |
DNSSplit | List of DNS patterns to define intranet DNS name space. For example: intranet.contoso.com, *.intra.contoso.com. |
AllowLocal SubnetAccess | Excludes local subnet and host or subnet in routes that have been explicitly specified in the client routing table from routing through VPN adapter. |
DNSSuffix | DNS suffix for intranet. |
DNS | DNS server for VPN connection. |
Contacting F5 Networks
Phone: | (206) 272-6888 |
Fax: | (206) 272-6802 |
Web: | http://support.f5.com |
Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: http://www.f5.com/support/
- The AskF5 web site: http://support.f5.com/kb/en-us.html
- The F5 DevCentral web site: http://devcentral.f5.com/
- AskF5 TechNews
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 TechNews
Legal notices
Copyright © 2015, F5 Networks, Inc. All rights reserved.
For a current list of F5 trademarks and service marks, click here. All other product and company names herein may be trademarks of their respective owners.