Applies To:Show Versions
This version of F5 Helper Applications for Chrome, Firefox, and Edge browsers was released with BIG-IP APM 13.0, on February 23, 2017.
What it does
NPAPI plugin support has largely been discontinued by browser manufacturers. Functionality that was previously installed with NPAPI plugins is now handled by helper applications, which are installed on the user's machine, and handled with protocol handlers. We install an Endpoint Check application and a Network Access application. These clients can be downloaded from the APM administration console and can be distributed for download by users, installed by group policy, or installed by device management solutions.
Supported features and required installation privileges
The following privileges are required to install the F5 Helper Applications.
|EPS Helper App||User||Standard||Root|
|VPN Helper App||Admin||Admin||Root|
This solution works with the following 64-bit browsers and versions:
- Chrome 45 or later
- Firefox 52 or later
- Safari 10 or later
- Edge browsers
Note: Internet Explorer still uses an NPAPI plugin to support endpoint checks and VPN functionality.
BIG-IP APM versions and browser support
For users that must access BIG-IP APM 13.0 and an earlier version of BIG-IP (for example, 12.1), such mixed-version connections are supported, with some caveats.
- For users on Chrome and Edge browsers accessing BIG-IP APM 13.0, the new F5 Helper Applications for endpoint check and VPN are required. There is no plugin-based alternative for these browsers.
- For users on Firefox accessing BIG-IP APM 13.0, F5 Helper Applications for endpoint inspection and VPN can be used. To access BIG-IP version 12.1 or earlier, the browser plugin is not supported on Firefox and Chrome.
Clients can be downloaded from the APM console, and pushed through group policy as in previous releases.
This release supports Linux versions that comply with the freedesktop specification. On Debian Linux, the f5epi and f5vpn packages require the user to install a new version of QT (minimum version 5.5) that doesn't exist in the stable repository.
Known issues and behavior changes in 13.0
Known Issues and Behavior Changes
The following issues and behaviors have been identified in this version of the helper applications.
- Uninstalling client components on Windows
- To uninstall client components on Windows systems, go to to Uninstall BIG-IP Edge Client Components. and click
- Uninstalling client components on Linux
Use the package manager native to your Linux distribution (for example apt, zypper, dnf, or yum) to remove f5epi (the F5 Endpoint Check application) and f5vpn (the F5 VPN application).
- Uninstalling client components on macOS
To uninstall, move the helper applications to the Trash on macOS.
- HTTP vs HTTPS virtual server, or a valid certificate
- It is suggested that you use an HTTPS virtual server with a valid certificate to prevent end users from seeing invalid certificate warnings.
- Endpoint check and Network Access screens
- Network Access and endpoint check screens do not appear in the foreground when running.
- Windows Edge browser "switch apps" warning
- When opening some endpoint checks with the Windows Edge browser, the Did you mean to switch Apps dialog appears. This occurs because a protocol handler calls an external program from Windows Edge Browser. Click Yes to dismiss the dialog.
- Windows Edge browser "new app" warning
- When using Windows Edge browser, the warning You'll need a new app to open this f5eps appears. This behavior occurs because the Edge browser is attempting to open a component for which the helper program is not yet installed. As a workaround, use Chrome, Internet Explorer, or Firefox first to install the helper applications, then use the Edge browser.
Known Issues with Bug IDs
|572103||Windows Protected Workspace does not work with Chrome, Firefox or Edge browsers. As a workaround, use Internet Explorer on Windows 7 and Windows 8.1. Protected Workspace is not supported on Windows 10.|
|572121||After a user launches network access and closes the browser window, no warning message is shown to the user. This is a change in behavior from previous versions. This behavior change is applicable to browsers where a protocol handler is used to launch network access applications (Chrome, Firefox, Spartan). The warning message is only shown in IE as IE still uses plugin-based network access. This behavior will be deprecated in IE as well in a future release. The user needs to explicitly close network access by clicking Disconnect in the network access application window.|
|574648||When a user connects to an APM device configured with Endpoint Inspection for the first time using the Edge browser, the browser prompts the user to install an application from the Windows Store. This is confusing because there is no application in the store. Have the end user dismiss this dialog box and follow the prompts in the browser to download and install the F5 client components.|
|587648||Cache cleaner fails to launch from Chrome, Firefox, and Edge browsers. Cache cleaner is not supported for this client, so the access policy takes the fallback branch.|
|589103||Windows Universal app cannot use application tunnels without establishing a VPN first.|
|590291||The new web client depends on Qt library version 5.5. On some Linux distributions, this version may not be available in standard repositories. Web client installation fails on such distributions. As a workaround, download and install the required qt library from the non-standard repository. Then build and install required Qt library on the distribution before installing the web client.|
|592410||When installing web client packages downloaded from APM, installation may fail on certain Linux distributions with the following error message: nothing provides libQt5WebKit.so.5(). As a workaround, either use a distribution of Linux that has libQt5WebKit.so.5 or later installed, or install libQt5WebKit.so.5 or later before installing web clients.|
|598401||On some Linux distributions, Google Chrome will show a prompt to launch xdg-open to launch the f5epi:// and f5vpn:// URL schemes if f5vpn and f5epi applications are not installed. This may confuse the user trying to connect.|
|600493||Endpoint checking and VPN cannot be launched from Google Chrome on certain Linux distributions. Endpoint checking and VPN launching through Google Chrome on Linux is currently supported only on the following distributions:
As a workaround, use a supported Linux distribution.
|600676||Log viewer cannot be launched from the client UI. As a workaround, open the log file from the command shell.|
|603081||Allow access to white listed URLs in locked client mode|
|604498||On Windows 10, if f5vpn or F5epi applications are not installed on the user's machine, a message box is shown to the user. This message box is on top of the message displayed on the web page that shows instructions to the user about how to proceed. This can result in user confusion. As a workaround, close the message box.|
|615816||If user logs onto APM and launches the VPN client and then closes the browser, the VPN will continue to run and the session will not stop. This is a change in behavior from previous plugin-based web clients. Close both the browser and the VPN client to stop the session.|
|629233||Once the VPN is established and F5 Access updates the proxy configuration on the client, the first request sent from the Firefox browser does not use the updated proxy configuration. Subsequent requests use the correct proxy configuration.|
|629774||If a VE deployment with APM provisioned is allocated less than 8 GB of RAM, TMM restarts periodically. To work around this, allocate a minimum of 8 GB of RAM to a VE instance on which APM is provisioned.|
Features in 13.0
The following client features are available in version 13.0:
|Windows 7, Windows 8.1 and Windows 10||Mac OS X 10.11 and macOS Sierra||Linux*|
|Google Chrome||Google Chrome||Google Chrome|
|Mozilla Firefox||Mozilla Firefox||Mozilla Firefox|
Supported Client Features
|Windows 7, Windows 8.1 and Windows 10||Mac OS X 10.11 and macOS Sierra||Linux|
|Continuous endpoint checks**||Continuous endpoint checks||Continuous endpoint checks|
|Network Access (SSL VPN)||Network Access (SSL VPN)||Network Access (SSL VPN)|
|Static Aplication Tunnels|
|Optimized Tunnels (with or without VPN)|
**Windows Protected Workspace and Windows Cache and Session Control access policy items are not supported with the F5 Helper Applications in Chrome, Firefox, or Edge browsers. Use Internet Explorer to support these features on Windows 7 and Windows 8.1. Protected Workspace is not supported on Windows 10.
Contacting F5 Networks
|Phone - North America:||1-888-882-7535 or (206) 272-6500|
|Phone - Outside North America, Universal Toll-Free:||+800 11 ASK 4 F5 or (800 11275 435)|
|Fax:||See Regional Support for your area.|
For additional information, please visit http://www.f5.com.
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: https://f5.com/support
- The AskF5 web site: https://support.f5.com/csp/home
- The F5 DevCentral web site: https://devcentral.f5.com/
- AskF5 Publication Preference Center: https://interact.f5.com/AskF5-SubscriptionCenter.html
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 Publication Preference Center
To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.
- TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
- TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
- Security Alerts: Timely security updates and ASM attack signature updates from F5.