Applies To:
Show Versions
BIG-IP APM
- 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0, 12.1.5, 12.1.4, 12.1.3, 11.6.4, 11.6.3, 11.6.2, 11.5.7
Summary:
In April 2019, Apple posted the release of F5 Access for iOS 3.0.5. Users should download this new version from the app store.
Contents:
- User documentation for this release
- Features and enhancements in 3.0.5
- Fixes in 3.0.5
- Known issues affecting F5 Access 3.0.5
- Contacting F5
- Legal notices
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP Access Policy Manager Documentation.
Fixes in 3.0.5
The following issues have been fixed in this release.
| ID number | Description |
|---|---|
| 747350 | Previously, F5 Access may not go to reasserting state for 30 - 60 seconds when a mobile network connection is lost over TLS established tunnel. Now, when the connection is restored, F5 Access goes to the reasserting state without any issues. |
| 753347 | F5 Access only supports HTTPS links for importing client certificates. However, F5 Access 3.0.4 incorrectly displayed the placeholder text as http:// instead of https:// in the pop-up screen for entering client certificate URL. This issue has been fixed, and now the placeholder text displays https:// on the pop-up screen. |
| 757704 | Previously, F5 Access failed to resolve the iOS DNS requests for root servers, causing a delay in establishing the VPN tunnel (60+ seconds). This issue has been fixed, and now the F5 Access VPN tunnel establishment process connects and reconnects immediately. |
| 758835 | For the MDM managed F5 Access profile, when disabling VPN on airplane connected mode and then enabling the F5 Access VPN to restore connectivity with airplane mode disabled, the user is being prompted for username and password. This issue may be seen with F5 Access with iOS 12.1.3 or older versions. Upgrading to iOS 12.1.4 resolves this issue, with cached credentials being used for the VPN connection without any prompts to the user. |
| 763421 | Fixed this issue where F5 Access for iOS web logon failed in some cases when used with external logon page, giving the following error message: The operation couldn't be completed (NSURLErrorDomain error -999). |
Known issues affecting F5 Access 3.0.5
The following are known issues in this release.
| ID number | Description |
|---|---|
| 504919 | F5 Access does not resolve the BIG-IP APM hostname each time it reconnects after the connection is broken. This limits the use of load balancing with BIG-IP DNS as it keeps using the same IP address for the connection. |
| 557905 | On iOS 9, if a managed app is being updated while per-app VPN is active, the updated app might not make use of the active session until the active session is expired and a new one is created. As a workaround, wait until the current session expires, and restart the updated app. |
| 587775 | iOS may frequently sleep/wakeup VPN plugin in the sleep mode of the device and send DNS queries. This causes the APM session to keep alive for a long time. The DNS queries are sent from every 10 seconds to a few minutes. The issue was reported to Apple to confirm and tracked through 48529129. |
| 695712 | Due to an iOS issue (Apple Radar 36006149), it is currently not possible to switch between configurations widget added to the Today view. |
| 696882 | F5 Access does not support user interaction prompts for per-app VPN scenario. Server configuration should not require any user interaction to establish a VPN. |
| 699062 | Per-app VPN that requires user interaction works only with a single per-app VPN configuration, and only with clients running iOS 12. We currently do not support user interaction in a per-app VPN scenario with any other per-app VPN configurations. Administrators should configure the BIG-IP so as not to require user interaction to establish VPN for configurations that require more than a single per-app VPN. |
| 700849 | When you use an MDM to push a device-wide VPN that includes the SavePasswordEnabled feature, the setting enforceWebLogon does not work after the device is restored from backup. |
| 701247 | With the use of Apple Transport Security (ATS) in version 3.x, insecure HTTP does not work for most connections. However, in some cases an HTTP (not HTTPS) IP address still works. This may or may not be removed in the future by Apple. |
| 701636 | The Session expired or closed by server message will not appear when the session is killed by an administrator or by timeout. The tunnel will be silently closed instead. Similarly, the message will not be shown if no lease pool is specified for the NA resource or the NA's lease pool is exhausted. |
| 704309 | Before iOS 12, F5 access did not send the client certificate to BIG-IP if the weblogon mode was enabled in configuration, due to framework limitations. In iOS 12, Apple partially fixed this issue, but the client certificate is attached twice. We are still waiting for Apple to update us. |
| 704554 | In a scenario where F5 Access requires user input to authenticate, the error message Authentication failed is displayed if notifications are not enabled for F5 Access. As a workaround, you should enable notifications in . |
| 706718 | If the per-app VPN configuration does not have SafariDomains specified, it is displayed as Enterprise VPN in F5 Access. |
| 707434 | The confirmation message F5 Access would like to Add VPN Configurations that appears when you attempt to save a first VPN configuration is not localized in iOS 11. Regardless of the selected system language, the message appears in English. |
| 708016 | After you perform Network Settings Reset on the iPhone, the following items of an MDM VPN configuration may get corrupted:
As a workaround, contact the MDM administrator and re-deploy the MDM configuration. |
| 734519 | On the iPad, in the Credentials prompt, the Save Password box is not aligned correctly. |
| 734750 | Certificates imported to F5 Access are not deleted when F5 Access is uninstalled. |
| 743249 | When F5 Access Legacy (2.1.x) and F5 Access 3.0.x are running on the same device, if there are configurations created in each VPN client with the same name (for example, MyVPN), after the iOS device restarts, a "2" is appended to the name of whatever configuration was created last (for example, MyVPN and MyVPN2). |
| 743801 | On a redirect, the Server URL name in connection details of F5 Access is displayed incorrectly. However, there is no functional impact on the server connection and establishes the connection accurately. |
| 743918 | The VPN connection cannot be established if the PAC file cannot be downloaded without the established VPN. As a workaround, set the Ignore Client Proxy Autoconfig Script Download Failure setting to enabled, so the client does not attempt to download the PAC file before establishing the connection. The tunnel will be created with PAC specification as provided in NA resource. As a workaround for BIG-IP versions 11.6.3 and 11.5.7, where the Ignore Client Proxy Autoconfig Script Download Failure setting is not available in the user interface, add Variable Assign agent with the following entries to your Access Policy:
|
| 745999 | The session is not deleted from the BIG-IP system v11.6.3 when F5 Access disconnects with the Weblogon mode enabled. |
| 747798 | When using F5 Access 3.0.2 and upgrading to iOS 12.0 or higher, users are not able to connect to VPN if Wifi HTTP Proxy is set to Automatic. This issue is currently reported to Apple and tracked through 47359424. |
| 748153 | Per-App-VPN with internal use of TLD .local domain does not work. This issue is currently reported to Apple and tracked through 45641400. |
| 758831 | On iOS 12, F5 Access connects to incorrect port when port forwarding is used with NAT, as F5 Access reads port from the session variables. This results in connectivity issues. As a workaround, add a variable assign object to the policy: session.server.network.port=9443 |
| 758833 | F5 Access has some limitations on cookie storage, which may prevent the logon page from saving state. For example, the "Remember me for 30 days" option, cannot be used with F5 Access where the user is required to enable cookies to remember the device. |
Contacting F5
| North America | 1-888-882-7535 or (206) 272-6500 |
| Outside North America, Universal Toll-Free | +800 11 ASK 4 F5 or (800 11275 435) |
| Additional phone numbers | Regional Offices |
| Web | http://www.f5.com |
| support@f5.com |
How to Contact F5 Support or the Anti-Fraud SOC
- By phone in the U.S. (accessible 24x7): 888-88askf5 (888-882-7535).
- International contact numbers: http://www.f5.com/training-support/customer-support/contact/.
- The Support Coordinator can contact the SOC as needed.
You can manage service requests and other web-based support online at F5 My Support (registration required). To register email CSP@F5.com with your F5 hardware serial numbers and contact information.
You can contact the Anti-Fraud SOC as follows:
- By phone in the U.S. (accessible 24x7): 866-329-4253 (Option #3 for Anti-Fraud)
- International contact numbers: https://f5.com/products/platforms/silverline/f5-silverline-ddos-protection
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
| F5 Support | Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology. |
| AskF5 Knowledge Base | The storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source. |
| BIG-IP iHealth Diagnostics and BIG-IP iHealth Viewer | BIG-IP iHealth Diagnostics identifies issues, including common configuration problems and known software issues. It also provides solutions and links to more information. With BIG-IP iHealth Viewer, you can see the status of your system at-a-glance, drill down for details, and view your network configuration. |
| F5 DevCentral | Collaborate and share innovations including code samples, new techniques, and other tips, with more than 300,000 F5 users worldwide. DevCentral is the place to ask questions, find solutions, learn to harness the power of F5’s powerful scripting language, iRules, and much more. |
| Communications Preference Center | Here, you can subscribe to a number of communications from F5. For information about the types of notifications F5 provides, see K9970: Subscribing to email notifications regarding F5 products. |
