Applies To:
Show Versions
Summary:
F5 Access version 3.0.5 for Android devices is now available. The download is available from the app store for your device.
Applies To: BIG-IP APM 16.0.0, 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 12.1.5, 12.1.4, 12.1.3, 11.6.4, 11.6.3, 11.6.2, 11.5.5, 11.5.4, 11.5.3
Contents:
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following page:
Features and enhancements in 3.0.5
New Features in 3.0.5
There are no features or enhancements in 3.0.5.
New Features in 3.0.4
- Support for F5 Access on Chromebooks
- F5 Access for Android can now be installed on Chrome OS devices that contain ARC support.
See https://www.chromium.org/chromium-os/chrome-os-systems-supporting-android-apps for a list of supported devices.
With this version of F5 Access, permissions are now requested at runtime as they are needed as opposed to install-time permissions on devices running Android 6.0 (Marshmallow) or higher. You can accept or deny any permission and resolve permissions issues in .
Fixes in 3.0.5
Fixes in 3.0.5
| ID Number | Description |
|---|---|
| 750214 | Previously, F5 Access crashed on Android Oreo devices because of the framework changes within the Android system. With this release, safety checks have been introduced in the application to mitigate the crashes. A persistent notification would now be seen in the notification area even when the VPN is not connected. The notification message informs you that your EMM provider is communicating to F5 Access to provision policies and configurations. |
Fixes in 3.0.4
| ID Number | Description |
|---|---|
| 703795 | When the per-app VPN configuration list values such as allowedApps or disallowedApps change while a VPN connection is active, F5 Access restarts the VPN tunnel and retains the session. |
| 706416 | Previously, the Always-On VPN mode could not be enabled on Android 8.1.0 in the Android for Work managed profile. This has been fixed. |
| 712283 | Application's security has been improved. |
Known issues in 3.0.5
Known Issues in F5 Access
| ID Number | Description |
|---|---|
| 451826 | When F5 Access uses split tunneling for traffic, after establishing a VPN connection, all DNS queries are sent to the VPN-configured enterprise DNS server. |
| 504685 | F5 Access does not change to the Reconnecting state if the GTM server is down. Load balancing with GTM doesn't work. |
| 624395 | The web logon screen might disappear when you send F5 Access to the background after entering an RSA SecurID software token PIN. |
| 647947 | Client certificate authentication fails in the Android for Work profile on some Samsung devices if a certificate is selected from Device Credentials Storage. As a workaround, the certificate should be installed in F5 Access internal credentials storage using the option Install from SD card or the Download menu. To do this, in the F5 Access App, select , and click the + button. Select either Install from SD card or Download. Workaround 2: Push client certificate through MDM provider's App configuration to F5 Access internal credentials. For example, Microsoft Intune can push client certificates to F5 Access through MDM. The following steps guide you through the process of pushing client certificates using Microsoft Intune.
|
Known Issues in Third Party Software
| ID Number | Description |
|---|---|
| 574604 | VPN connections repeatedly fail with the Thursby smart-card reader if you do not enter the smart card unlock PIN before the 30-second timeout has expired. This is caused by a known issue in Thursby SubRosa app. As a workaround, force stop the SubRosa app, or reboot the device. |
| 597826 | F5 Access fails to read smart cards using Thursby smart card reader when running within Android for Work profile. |
| 617631 | When Always-On VPN Mode is enabled, a VPN connection is established, and a Network Access resource is configured to use split tunneling, resources from the split tunneling space can be successfully accessed using the managed application, but the managed application cannot access all resources outside of the split tunneling space. |
| 620294 | In Android 7.0 RC4, ciphers and SSLv3 are disabled for security reasons. AES ciphers must be enabled in the RSA Authentication Manager configuration for Dynamic Seed Provisioning (CT-KIP) to work on Android 7.0. For more details, see https://community.rsa.com/docs/DOC-45530. As a workaround, follow the steps in the linked article to enable non-RC4 cipher suites. |
| 634069 | In most cases, when an Always-On VPN is disabled by the DPM (Device Policy Manager), the F5 Access VPN revokes if it is currently connected. In some corner cases, if F5 Access is not connected when, for example, the DPM enables Always-On VPN, but the connection doesn't start because of a misconfiguration, and the DPM then disables Always-On VPN, F5 Access won't be notified, and may continue to attempt to reconnect until the device is rebooted. |
| 616957 | If Always-On VPN mode is enabled for F5 Access by an MDM, and a force stop is done, F5 Access goes into the Disconnected state, and the user loses internet access through managed apps. F5 Access does not reestablish the VPN connection automatically. As a workaround, the user can restart the device to reestablish Always-On VPN mode. Another workaround is to disallow force stops in the MDM configuration, using DISALLOW_APPS_CONTROL. |
| 617362 | On some devices with Android 4.x, F5 Access Home screen icons might not get updated, and continue to show the older Edge Client icon. This is caused by Android issue 42921: https://code.google.com/p/android/issues/detail?id=42921 |
| 619106 | On certain Android devices, F5 Access displays two icons in the notification area when connected to VPN. This behavior is by design. |
| 629242 | The RSA SecurID software token PIN setup might timeout if you do not provide a new PIN within the RSA SecurID token interval. |
| 744854 | Samsung devices provide a way to disconnect Always-On VPN through notification. As a result, when you terminate always-on VPN, the system revokes VPN permission for F5 Access. This prevents F5 Access from establishing a VPN connection. As a workaround, uninstall and reinstall the F5 Access. |
| 748960 | There is no API to get the Chrome OS version when F5 Access for Android is running on Chrome OS. This being a Chrome issue is currently reported to Google and tracked through 881005. |
| 748962 | Always-On VPN can be turned off from the Chrome OS network settings. This action should not be allowed as it defeats the purpose of Always-On VPN. As a workaround, do not turn off Always-On VPN in the Chrome OS network settings. This issue is currently reported to Google and tracked through 881107. |
| 748963 | When adding a new VPN configuration through the Chrome OS settings, the F5 Access home screen is launched instead of the Add Configuration screen. As a workaround, navigate to the Add Configuration screen and add a new configuration. This issue is currently reported to Google and tracked through 881123. |
| 748964 | For F5 Access for Android on Chrome OS, the per-app VPN's feature to allow/disallow apps to bypass VPN connection is reserved. As a result, the disallowed apps pass through the VPN tunnel and allowed apps are blocked through the VPN tunnel. This issue is currently reported to Google and tracked through 883529. |
Contacting F5 Networks
| Phone - North America: | 1-888-882-7535 or (206) 272-6500 |
| Phone - Outside North America, Universal Toll-Free: | +800 11 ASK 4 F5 or (800 11275 435) |
| Fax: | See Regional Support for your area. |
| Web: | https://support.f5.com/csp/home |
| Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: https://f5.com/support
- The AskF5 web site: https://support.f5.com/csp/home
- The F5 DevCentral web site: https://devcentral.f5.com/
- AskF5 Publication Preference Center: https://interact.f5.com/AskF5-SubscriptionCenter.html
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5
AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 Publication Preference Center
To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.
- TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
- TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
- Security Alerts: Timely security updates and ASM attack signature updates from F5.
