Release Notes : F5 Access for Android 3.0.4

Applies To:

Show Versions Show Versions
Release Notes
Updated Date: 08/19/2019


F5 Access version 3.0.4 for Android devices is now available. The download is available from the app store for your device.

Applies To: BIG-IP APM 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 12.1.5, 12.1.4, 12.1.3, 11.6.4, 11.6.3, 11.5.5


User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following page:

Features and enhancements in 3.0.4

New Features in 3.0.4:

Support for F5 Access on Chromebooks
F5 Access for Android can now be installed on Chrome OS devices that contain ARC support.

See for a list of supported devices.

Runtime permissions on Android

With this version of F5 Access, permissions are now requested at runtime as they are needed as opposed to install-time permissions on devices running Android 6.0 (Marshmallow) or higher. You can accept or deny any permission and resolve permissions issues in Android Settings > Apps > F5 Access > Permissions.

Option to bypass VPN connection
F5 Access for Android now has an option to allow/disallow apps to bypass VPN connection. By default, all traffic from applications is forwarded through the VPN interface, and it was not possible for apps to side-step the VPN. Now, when the allowBypass option is selected, the applications are allowed to bypass the VPN. This feature is supported on Android 5.0 and higher. (ID 703787)

Fixes in 3.0.4

Fixes in 3.0.4

ID Number Description
703795 When the per-app VPN configuration list values such as allowedApps or disallowedApps change while a VPN connection is active, F5 Access restarts the VPN tunnel and retains the session.
706416 Previously, the Always-On VPN mode could not be enabled on Android 8.1.0 in the Android for Work managed profile. This has been fixed.
712283 Application's security has been improved.

Fixes in 3.0.3

ID Number Description
705997 Previously, F5 Access did not respond when using an MDM-managed configuration in an Android for Work profile. This has been fixed.
706349 Previously, F5 Access on Android 7.0 or 7.1 might crash during connection on some Samsung devices. This issue has been fixed.

Known issues in 3.0.4

Known Issues in F5 Access

ID Number Description
451826 When F5 Access uses split tunneling for traffic, after establishing a VPN connection, all DNS queries are sent to the VPN-configured enterprise DNS server.
504685 F5 Access does not change to the Reconnecting state if the GTM server is down. Load balancing with GTM doesn't work.
624395 The web logon screen might disappear when you send F5 Access to the background after entering an RSA SecurID software token PIN.
647947 Client certificate authentication fails in the Android for Work profile on some Samsung devices if a certificate is selected from Device Credentials Storage. As a workaround, the certificate should be installed in F5 Access internal credentials storage using the option Install from SD card or the Download menu. To do this, in the F5 Access App, select Menu > Certificates , and click the + button. Select either Install from SD card or Download.

Workaround 2: Push client certificate through MDM provider's App configuration to F5 Access internal credentials. For example, Microsoft Intune can push client certificates to F5 Access through MDM. The following steps guide you through the process of pushing client certificates using Microsoft Intune.

  1. In the Microsoft Azure Console, click All Services and then click Intune from the displayed list.
  2. Navigate to Mobile Apps > App configuration policies > Add new policy/Edit existing policy .
  3. Select Manage > Properties > Configuration Settings, and choose Enter JSON data from the Configuration settings format drop-down.
  4. Enter JSON configuration for key-value clientCertData where the valueString should be a base64 encoded client certificate string.

Known Issues in Third Party Software

ID Number Description
574604 VPN connections repeatedly fail with the Thursby smart-card reader if you do not enter the smart card unlock PIN before the 30-second timeout has expired. This is caused by a known issue in Thursby SubRosa app. As a workaround, force stop the SubRosa app, or reboot the device.
597826 F5 Access fails to read smart cards using Thursby smart card reader when running within Android for Work profile.
617631 When Always-On VPN Mode is enabled, a VPN connection is established, and a Network Access resource is configured to use split tunneling, resources from the split tunneling space can be successfully accessed using the managed application, but the managed application cannot access all resources outside of the split tunneling space.
620294 In Android 7.0 RC4, ciphers and SSLv3 are disabled for security reasons. AES ciphers must be enabled in the RSA Authentication Manager configuration for Dynamic Seed Provisioning (CT-KIP) to work on Android 7.0. For more details, see As a workaround, follow the steps in the linked article to enable non-RC4 cipher suites.
634069 In most cases, when an Always-On VPN is disabled by the DPM (Device Policy Manager), the F5 Access VPN revokes if it is currently connected. In some corner cases, if F5 Access is not connected when, for example, the DPM enables Always-On VPN, but the connection doesn't start because of a misconfiguration, and the DPM then disables Always-On VPN, F5 Access won't be notified, and may continue to attempt to reconnect until the device is rebooted.
616957 If Always-On VPN mode is enabled for F5 Access by an MDM, and a force stop is done, F5 Access goes into the Disconnected state, and the user loses internet access through managed apps. F5 Access does not reestablish the VPN connection automatically. As a workaround, the user can restart the device to reestablish Always-On VPN mode. Another workaround is to disallow force stops in the MDM configuration, using DISALLOW_APPS_CONTROL.
617362 On some devices with Android 4.x, F5 Access Home screen icons might not get updated, and continue to show the older Edge Client icon. This is caused by Android issue 42921:
619106 On certain Android devices, F5 Access displays two icons in the notification area when connected to VPN. This behavior is by design.
629242 The RSA SecurID software token PIN setup might timeout if you do not provide a new PIN within the RSA SecurID token interval.
744854 Samsung devices provide a way to disconnect Always-On VPN through notification. As a result, when you terminate always-on VPN, the system revokes VPN permission for F5 Access. This prevents F5 Access from establishing a VPN connection. As a workaround, uninstall and reinstall the F5 Access.
748960 There is no API to get the Chrome OS version when F5 Access for Android is running on Chrome OS. This being a Chrome issue is currently reported to Google and tracked through 881005.
748962 Always-On VPN can be turned off from the Chrome OS network settings. This action should not be allowed as it defeats the purpose of Always-On VPN. As a workaround, do not turn off Always-On VPN in the Chrome OS network settings. This issue is currently reported to Google and tracked through 881107.
748963 When adding a new VPN configuration through the Chrome OS settings, the F5 Access home screen is launched instead of the Add Configuration screen. As a workaround, navigate to the Add Configuration screen and add a new configuration. This issue is currently reported to Google and tracked through 881123.
748964 For F5 Access for Android on Chrome OS, the per-app VPN's feature to allow/disallow apps to bypass VPN connection is reserved. As a result, the disallowed apps pass through the VPN tunnel and allowed apps are blocked through the VPN tunnel. This issue is currently reported to Google and tracked through 883529.

Contacting F5 Networks

Phone - North America: 1-888-882-7535 or (206) 272-6500
Phone - Outside North America, Universal Toll-Free: +800 11 ASK 4 F5 or (800 11275 435)
Fax: See Regional Support for your area.

For additional information, please visit

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.


AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 Publication Preference Center

To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.

  • TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
  • TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
  • Security Alerts: Timely security updates and ASM attack signature updates from F5.

Legal notices