Applies To:Show Versions
- 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 11.6.4
F5 Access version 3.0.8 for Android devices is now available. Users should download this new version from the app store.
- User documentation for this release
- Contacting F5
- Legal notices
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following page:
Features and enhancements
- Device passcode complexity support
Starting in August 2021, Google requires all partners to migrate to work profiles or fully managed devices. New restrictions to the device administration policies require enforcing device password complexity on Android 10 and higher devices. For more details on new Android password complexity, refer to the ‘Screen lock quality check’ section on the What's new for enterprise in Android 10 page.
End-users upgrading to F5 Access 3.0.8 or later Android app will have the device lock complexity set to ‘Medium.’ If the user’s device lock does not meet the ‘Medium’ complexity criteria, they will be redirected to Android’s device lock change screen and asked to update their device password. You also cannot enforce device lock complexity higher than medium. If your existing device lock complexity is high, users can still set passwords with medium complexity and see no change. The above limitation is applicable for devices running on Android 10 or later. There will be no deviations from the current behavior for the devices running on Android 9 or earlier. Below is the compatibility matrix of the F5 Access Client (3.0.8 or later) with existing BIG-IP releases.
F5 Access Version End User Android Device Version Existing Passcode Criteria on your BIG-IP New Passcode Criteria (Device Lock Complexity) Change in Behaviour 3.0.8 or Later 9 and below All NA Same as existing 3.0.8 or Later 10 and Above If Min Passcode Length is less than 4 Medium Users who have their device locks in less than 4 digits are asked to reset the device lock using the Android device lock change screen. 3.0.8 or Later 10 and Above
If Min Passcode Length is greater than 4
orIf Passcode should contain Alphabets
Medium Users will still be able to use less complex device locks for their Android devices and continue to use F5 Access in the same way. However, this means the device lock an end-user uses may be less secure than you wanted it to be.
Future releases of BIG-IP may help resolve this limitation where you can configure the Device Lock Complexity that better meets your requirements.
You would, however, not enforce the presence of ‘Alphabets’ in device locks. This is also a limitation from Android as none of the device complexity levels (None, Low, Medium, or High) force users to use Alphabets in device locks.
Click here for supplemental information on Device passcode complexity support in F5 Access for Android.
- Migration to AndroidX library
To target API level 29 or higher, F5 Access for Android now uses AndroidX libraries. The Android application uses the AndroidX library instead of a support library and migrates third-party dependencies to use AndroidX.
- Support for postlaunch_url parameter in create and stop URL schemes
F5 Access for Android now supports using the postlaunch_url parameter when defining a server or stopping a connection. The postlaunch_url parameter can be added to the f5access create and stop command when using the URI scheme. Previously, you could only use the parameter with the start command to launch a specified URL after starting the VPN connection. This new feature would allow F5 Access for Android to integrate with Mission-Critical Push-to-Talk (MCPTT) applications.
- Upgraded to API level 30
Starting in August 2021, Android applications built against API level 29 or higher can be uploaded to the Google Play Store. With this release, the F5 Access for Android API level has been upgraded to API 30, and the app can now be successfully uploaded to the Play store.
Fixed issues in F5 Access
|1052777||Previously, F5 Access for Android 3.0.8 crashed immediately after starting on SM-T595 Samsung Tablet in landscape (horizontal) mode with auto-rotate enabled. This issue is fixed, and now F5 Access runs without crashing on Samsung tablets in landscape mode.
Workaround: Turn off auto-rotate. Use portrait (vertical) mode.
|1055597||Fixed the issue where F5 Access for Android did not follow best practices when exposing application launch activities|
|1057485||Previously, the postlaunch_url failed to launch a few third-party applications after a VPN connection was created or established, or terminated using the URL scheme. This issue has been fixed, and now the postlaunch_url is able to launch the applications specified in the URL scheme.|
|1063617||Previously, the AirWatch managed F5 Access running on Android version 11 and later could not be used for a compliance check. This caused an error when establishing the VPN connection. This issue has been fixed, and now the AirWatch can display the MDM related identifiers and push them to F5 Access. F5 Access then sends the MDM identifiers to APM to perform a compliance check.|
Known issues in F5 Access
|451826||When F5 Access uses split tunneling for traffic, after establishing a VPN connection, all DNS queries are sent to the VPN-configured enterprise DNS server.|
|504685||F5 Access does not change to the Reconnecting state if the GTM server is down. Load balancing with GTM does not work.|
|624395||The web logon screen might disappear when you send F5 Access to the background after entering an RSA SecurID software token PIN.|
Downloading a client certificate or token from an HTTP URL on Android 9 fails. This is because of the improved security imposed by Android.
Workaround: Use the HTTPS URL with a trusted CA to download the client certificate or token.
VPN connection fails to establish with FIPS mode enabled on certain devices.
Workaround: Disable the FIPS mode before establishing a VPN connection.
|893345||F5 Access running on Android 10 does not send the device's IMEI number to the APM. If MDM is configured to have a dependency on the IMEI number, it would fail.
Workaround: Use MDM assigned unique device ID for identifying devices.
|893349||F5 Access running on Android 10 sends incorrect wifi MAC address to the APM. Therefore, if MDM uses this address to query device compliance status from Intune, the query fails.
Workaround: Use MDM assigned unique device ID for identifying devices.
Known Issues in Third-Party Software
|574604||VPN connections repeatedly fail with the Thursby smart-card reader if you do not enter the smart card unlock PIN before the 30-second timeout has expired. This is caused by a known issue in Thursby SubRosa app.
Workaround: Force stop the SubRosa app, or reboot the device.
|597826||F5 Access fails to read smart cards using Thursby smart card reader when running within Android for Work profile.|
|617631||When Always-On VPN Mode is enabled, a VPN connection is established, and a Network Access resource is configured to use split tunneling, resources from the split tunneling space can be successfully accessed using the managed application, but the managed application cannot access all resources outside of the split tunneling space.|
|620294||In Android 7.0 RC4, ciphers and SSLv3 are disabled for security reasons. AES ciphers must be enabled in the RSA Authentication Manager configuration for Dynamic Seed Provisioning (CT-KIP) to work on Android 7.0. For more details, see https://community.rsa.com/docs/DOC-45530.
Workaround: Follow the steps in the linked article to enable non-RC4 cipher suites.
|634069||In most cases, when an Always-On VPN is disabled by the DPM (Device Policy Manager), the F5 Access VPN revokes if it is currently connected. In some corner cases, if F5 Access is not connected when, for example, the DPM enables Always-On VPN, but the connection doesn't start because of a misconfiguration, and the DPM then disables Always-On VPN, F5 Access won't be notified, and may continue to attempt to reconnect until the device is rebooted.|
|616957||If Always-On VPN mode is enabled for F5 Access by an MDM, and a force stop is done, F5 Access goes into the Disconnected state, and the user loses internet access through managed apps. F5 Access does not reestablish the VPN connection automatically.
Workaround: Restart the device to reestablish Always-On VPN mode. Another workaround is to disallow force stops in the MDM configuration, using DISALLOW_APPS_CONTROL.
|617362||On some devices with Android 4.x, F5 Access Home screen icons might not get updated, and continue to show the older Edge Client icon. This is caused by Android issue 42921: https://code.google.com/p/android/issues/detail?id=42921|
|619106||On certain Android devices, F5 Access displays two icons in the notification area when connected to VPN. This behavior is by design.|
|629242||The RSA SecurID software token PIN setup might timeout if you do not provide a new PIN within the RSA SecurID token interval.|
|744854||Samsung devices provide a way to disconnect Always-On VPN through notification. As a result, when you terminate always-on VPN, the system revokes VPN permission for F5 Access. This prevents F5 Access from establishing a VPN connection.
Workaround: Uninstall and reinstall the F5 Access.
|748960||There is no API to get the Chrome OS version when F5 Access for Android is running on Chrome OS. This being a Chrome issue is currently reported to Google and tracked through 881005.|
|748962||Always-On VPN can be turned off from the Chrome OS network settings. This action should not be allowed as it defeats the purpose of Always-On VPN. This issue is currently reported to Google and tracked through 881107.
Workaround: Do not turn off Always-On VPN in the Chrome OS network settings.
|748963||When adding a new VPN configuration through the Chrome OS settings, the F5 Access home screen is launched instead of the Add Configuration screen.
Workaround: Navigate to the Add Configuration screen and add a new configuration. This issue is currently reported to Google and tracked through 881123.
|748964||For F5 Access for Android on Chrome OS, the per-app VPN's feature to allow/disallow apps to bypass VPN connection is reserved. As a result, the disallowed apps pass through the VPN tunnel and allowed apps are blocked through the VPN tunnel. This issue is currently reported to Google and tracked through 883529.|
How to Contact F5 Support or the Anti-Fraud SOC
- By phone in the U.S. (accessible 24x7): 888-88askf5 (888-882-7535).
- International contact numbers: http://www.f5.com/training-support/customer-support/contact/.
- The Support Coordinator can contact the SOC as needed.
You can contact the Anti-Fraud SOC as follows:
- By phone in the U.S. (accessible 24x7): 866-329-4253 (Option #3 for Anti-Fraud)
- International contact numbers: https://f5.com/products/platforms/silverline/f5-silverline-ddos-protection
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
|AskF5 Knowledge Base||
The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
|BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer||
BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration.
Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more.
|Communications Preference Center||
Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products.