Applies To:
Show VersionsBIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 11.6.4
Summary:
F5 Access version 3.0.6 for Android devices is now available. The download is available from the app store for your device.
Contents:
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following page:
Features and enhancements in 3.0.6
New Features in 3.0.6
There are no features or enhancements in 3.0.6.
Fixes in 3.0.6
Fixes in 3.0.6
ID Number | Description |
---|---|
794125 | Previously, in the Android version 7.0 and higher, when the server certificate’s trust could not be established via the Android system CA root store, then F5 Access for Android gave an untrusted certificate warning message. This happened because in the Android version 7.0 (API level 24) and later, applications trusted the pre-installed system CAs but did not trust the user-added CA store by default. With this release, F5 Access for Android trusts the system CAs, as well as the user's root CA store, and the issue is fixed. |
Fixes in 3.0.5
ID Number | Description |
---|---|
750214 | Previously, F5 Access crashed on Android Oreo devices because of the framework changes within the Android system. Now, the safety checks have been introduced in the application to mitigate the crashes. A persistent notification would now be seen in the notification area even when the VPN is not connected. The notification message informs you that your EMM provider is communicating to F5 Access to provision policies and configurations. |
Known issues in 3.0.6
Known Issues in F5 Access
ID Number | Description |
---|---|
451826 | When F5 Access uses split tunneling for traffic, after establishing a VPN connection, all DNS queries are sent to the VPN-configured enterprise DNS server. |
504685 | F5 Access does not change to the Reconnecting state if the GTM server is down. Load balancing with GTM doesn't work. |
624395 | The web logon screen might disappear when you send F5 Access to the background after entering an RSA SecurID software token PIN. |
647947 | Client certificate authentication fails in the Android for Work profile on some Samsung devices if a certificate is selected from Device Credentials Storage. As a workaround, the certificate should be installed in F5 Access internal credentials storage using the option Install from SD card or the Download menu. To do this, in the F5 Access App, select , and click the + button. Select either Install from SD card or Download. Workaround 2: Push client certificate through MDM provider's App configuration to F5 Access internal credentials. For example, Microsoft Intune can push client certificates to F5 Access through MDM. The following steps guide you through the process of pushing client certificates using Microsoft Intune.
|
794405 | The F5 Access for Android displays the You need to enable cookies in order to remember this device error message when the virtual server is configured with DUO two-factor authentication, and the option Remember me for <period of time> is selected on the DUO logon page. |
Known Issues in Third-Party Software
ID Number | Description |
---|---|
574604 | VPN connections repeatedly fail with the Thursby smart-card reader if you do not enter the smart card unlock PIN before the 30-second timeout has expired. This is caused by a known issue in Thursby SubRosa app. As a workaround, force stop the SubRosa app, or reboot the device. |
597826 | F5 Access fails to read smart cards using Thursby smart card reader when running within Android for Work profile. |
617631 | When Always-On VPN Mode is enabled, a VPN connection is established, and a Network Access resource is configured to use split tunneling, resources from the split tunneling space can be successfully accessed using the managed application, but the managed application cannot access all resources outside of the split tunneling space. |
620294 | In Android 7.0 RC4, ciphers and SSLv3 are disabled for security reasons. AES ciphers must be enabled in the RSA Authentication Manager configuration for Dynamic Seed Provisioning (CT-KIP) to work on Android 7.0. For more details, see https://community.rsa.com/docs/DOC-45530. As a workaround, follow the steps in the linked article to enable non-RC4 cipher suites. |
634069 | In most cases, when an Always-On VPN is disabled by the DPM (Device Policy Manager), the F5 Access VPN revokes if it is currently connected. In some corner cases, if F5 Access is not connected when, for example, the DPM enables Always-On VPN, but the connection doesn't start because of a misconfiguration, and the DPM then disables Always-On VPN, F5 Access won't be notified, and may continue to attempt to reconnect until the device is rebooted. |
616957 | If Always-On VPN mode is enabled for F5 Access by an MDM, and a force stop is done, F5 Access goes into the Disconnected state, and the user loses internet access through managed apps. F5 Access does not reestablish the VPN connection automatically. As a workaround, the user can restart the device to reestablish Always-On VPN mode. Another workaround is to disallow force stops in the MDM configuration, using DISALLOW_APPS_CONTROL. |
617362 | On some devices with Android 4.x, F5 Access Home screen icons might not get updated, and continue to show the older Edge Client icon. This is caused by Android issue 42921: https://code.google.com/p/android/issues/detail?id=42921 |
619106 | On certain Android devices, F5 Access displays two icons in the notification area when connected to VPN. This behavior is by design. |
629242 | The RSA SecurID software token PIN setup might timeout if you do not provide a new PIN within the RSA SecurID token interval. |
744854 | Samsung devices provide a way to disconnect Always-On VPN through notification. As a result, when you terminate always-on VPN, the system revokes VPN permission for F5 Access. This prevents F5 Access from establishing a VPN connection. As a workaround, uninstall and reinstall the F5 Access. |
748960 | There is no API to get the Chrome OS version when F5 Access for Android is running on Chrome OS. This being a Chrome issue is currently reported to Google and tracked through 881005. |
748962 | Always-On VPN can be turned off from the Chrome OS network settings. This action should not be allowed as it defeats the purpose of Always-On VPN. As a workaround, do not turn off Always-On VPN in the Chrome OS network settings. This issue is currently reported to Google and tracked through 881107. |
748963 | When adding a new VPN configuration through the Chrome OS settings, the F5 Access home screen is launched instead of the Add Configuration screen. As a workaround, navigate to the Add Configuration screen and add a new configuration. This issue is currently reported to Google and tracked through 881123. |
748964 | For F5 Access for Android on Chrome OS, the per-app VPN's feature to allow/disallow apps to bypass VPN connection is reserved. As a result, the disallowed apps pass through the VPN tunnel and allowed apps are blocked through the VPN tunnel. This issue is currently reported to Google and tracked through 883529. |
Contacting F5
North America | 1-888-882-7535 or (206) 272-6500 |
Outside North America, Universal Toll-Free | +800 11 ASK 4 F5 or (800 11275 435) |
Additional phone numbers | Regional Offices |
Web | http://www.f5.com |
support@f5.com |
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
F5 Support | Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology. |
AskF5 Knowledge Base | The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source. |
BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer | BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration. |
F5 DevCentral | Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more. |
Communications Preference Center | Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products. |