Applies To:

Show Versions Show Versions

Release Note: F5 Helper Applications for Chrome, Firefox, and Edge Browsers for BIG-IP 13.0
Release Note

Original Publication Date: 11/08/2017

Summary:

This version of F5 Helper Applications for Chrome, Firefox, and Edge browsers was released with BIG-IP APM 13.0, on February 23, 2017.

Contents:

- Known issues and behavior changes in 13.0
- Features in 13.0
- Contacting F5 Networks
- Legal notices

What it does

NPAPI plugin support has largely been discontinued by browser manufacturers. Functionality that was previously installed with NPAPI plugins is now handled by helper applications, which are installed on the user's machine, and handled with protocol handlers. We install an Endpoint Check application and a Network Access application. These clients can be downloaded from the APM administration console and can be distributed for download by users, installed by group policy, or installed by device management solutions.

Supported features and required installation privileges

The following privileges are required to install the F5 Helper Applications.

Application Windows Mac Linux
EPS Helper App User Standard Root
VPN Helper App Admin Admin Root

Browser Support

This solution works with 32-bit or 64-bit Chrome, Firefox, and Edge browsers. Internet Explorer and Safari are currently not supported through this method, as they still support NPAPI. We continue to support the previous method with NPAPI browser plugins in Internet Explorer and Safari.

BIG-IP APM versions and browser support

For users that must access BIG-IP APM 13.0 and an earlier version of BIG-IP (for example, 12.1), such mixed-version connections are supported, with some caveats.

  • For users on Chrome and Edge browsers accessing BIG-IP APM 13.0, the new F5 Helper Applications for endpoint check and VPN are required. There is no plugin-based alternative for these browsers.
  • For users on Firefox accessing BIG-IP APM 13.0, F5 Helper Applications for endpoint inspection and VPN can be used. To access BIG-IP version 12.1 or earlier, the browser plugin is still supported, and allows access.
  • For all supported BIG-IP APM versions, Internet Explorer and Safari still support and use browser plugins, so there is no change for these browsers.

Client downloads

Clients can be downloaded from the APM console, and pushed through group policy as in previous releases.

Linux support

This release supports Linux versions that comply with the freedesktop specification. On Debian Linux, the f5epi and f5vpn packages require the user to install a new version of QT (minimum version 5.5) that doesn't exist in the stable repository.

Known issues and behavior changes in 13.0

Known Issues and Behavior Changes

The following issues and behaviors have been identified in this version of the helper applications.

Uninstalling client components on Windows
To uninstall client components on Windows systems, go to to Control Panel > Programs > Programs and Features and click Uninstall BIG-IP Edge Client Components.
Uninstalling client components on Linux

Use the package manager native to your Linux distribution (for example apt, zypper, dnf, or yum) to remove f5epi (the F5 Endpoint Check application) and f5vpn (the F5 VPN application).

Uninstalling client components on macOS

To uninstall, move the helper applications to the Trash on macOS.

HTTP vs HTTPS virtual server, or a valid certificate
It is suggested that you use an HTTPS virtual server with a valid certificate to prevent end users from seeing invalid certificate warnings.
Endpoint check and Network Access screens
Network Access and endpoint check screens do not appear in the foreground when running.
Windows Edge browser "switch apps" warning
When opening some endpoint checks with the Windows Edge browser, the Did you mean to switch Apps dialog appears. This occurs because a protocol handler calls an external program from Windows Edge Browser. Click Yes to dismiss the dialog.
Windows Edge browser "new app" warning
When using Windows Edge browser, the warning You'll need a new app to open this f5eps appears. This behavior occurs because the Edge browser is attempting to open a component for which the helper program is not yet installed. As a workaround, use Chrome, Internet Explorer, or Firefox first to install the helper applications, then use the Edge browser.

Known Issues with Bug IDs

ID Description
572103 Windows Protected Workspace does not work with Chrome, Firefox or Edge browsers. As a workaround, use Internet Explorer on Windows 7 and Windows 8.1. Protected Workspace is not supported on Windows 10.
572121 After a user launches network access and closes the browser window, no warning message is shown to the user. This is a change in behavior from previous versions. This behavior change is applicable to browsers where a protocol handler is used to launch network access applications (Chrome, Firefox, Spartan). The warning message is only shown in IE as IE still uses plugin-based network access. This behavior will be deprecated in IE as well in a future release. The user needs to explicitly close network access by clicking Disconnect in the network access application window.
574648 When a user connects to an APM device configured with Endpoint Inspection for the first time using the Edge browser, the browser prompts the user to install an application from the Windows Store. This is confusing because there is no application in the store. Have the end user dismiss this dialog box and follow the prompts in the browser to download and install the F5 client components.
587648 Cache cleaner fails to launch from Chrome, Firefox, and Edge browsers. Cache cleaner is not supported for this client, so the access policy takes the fallback branch.
589103 Windows Universal app cannot use application tunnels without establishing a VPN first.
590291 The new web client depends on Qt library version 5.5. On some Linux distributions, this version may not be available in standard repositories. Web client installation fails on such distributions. As a workaround, download and install the required qt library from the non-standard repository. Then build and install required Qt library on the distribution before installing the web client.
592410 When installing web client packages downloaded from APM, installation may fail on certain Linux distributions with the following error message: nothing provides libQt5WebKit.so.5(). As a workaround, either use a distribution of Linux that has libQt5WebKit.so.5 or later installed, or install libQt5WebKit.so.5 or later before installing web clients.
598401 On some Linux distributions, Google Chrome will show a prompt to launch xdg-open to launch the f5epi:// and f5vpn:// URL schemes if f5vpn and f5epi applications are not installed. This may confuse the user trying to connect.
600493 Endpoint checking and VPN cannot be launched from Google Chrome on certain Linux distributions. Endpoint checking and VPN launching through Google Chrome on Linux is currently supported only on the following distributions:
  • Ubuntu 16.0
  • OpenSuse leap 42.1
  • LinuxMint 18
  • Fedora 24

As a workaround, use a supported Linux distribution.

600676 Log viewer cannot be launched from the client UI. As a workaround, open the log file from the command shell.
603081 Allow access to white listed URLs in locked client mode
604498 On Windows 10, if f5vpn or F5epi applications are not installed on the user's machine, a message box is shown to the user. This message box is on top of the message displayed on the web page that shows instructions to the user about how to proceed. This can result in user confusion. As a workaround, close the message box.
615816 If user logs onto APM and launches the VPN client and then closes the browser, the VPN will continue to run and the session will not stop. This is a change in behavior from previous plugin-based web clients. Close both the browser and the VPN client to stop the session.
629233 Once the VPN is established and F5 Access updates the proxy configuration on the client, the first request sent from the Firefox browser does not use the updated proxy configuration. Subsequent requests use the correct proxy configuration.
629774 If a VE deployment with APM provisioned is allocated less than 8 GB of RAM, TMM restarts periodically. To work around this, allocate a minimum of 8 GB of RAM to a VE instance on which APM is provisioned.

Features in 13.0

The following client features are available in version 13.0:

Supported Browsers

Table 1. Supported Browsers
Windows 7, Windows 8.1 and Windows 10 Mac OS X 10.11 and macOS Sierra Linux*
Google Chrome Google Chrome Google Chrome
Mozilla Firefox Mozilla Firefox Mozilla Firefox
Microsoft Edge
The following Linux operating systems and versions are supported.
  • Ubuntu 16.0

  • OpenSuse leap 42.1

  • LinuxMint 18

  • Fedora 24

  • Debian 8, with Firefox browser. Chrome is not supported on Debian 8

  • CentOS

Supported Client Features

Table 2. Supported Client Features
Windows 7, Windows 8.1 and Windows 10 Mac OS X 10.11 and macOS Sierra Linux
Continuous endpoint checks** Continuous endpoint checks Continuous endpoint checks
Network Access (SSL VPN) Network Access (SSL VPN) Network Access (SSL VPN)
Static Aplication Tunnels
Optimized Tunnels (with or without VPN)

**Windows Protected Workspace and Windows Cache and Session Control access policy items are not supported with the F5 Helper Applications in Chrome, Firefox, or Edge browsers. Use Internet Explorer to support these features on Windows 7 and Windows 8.1. Protected Workspace is not supported on Windows 10.

Contacting F5 Networks

Phone - North America: 1-888-882-7535 or (206) 272-6500
Phone - Outside North America, Universal Toll-Free: +800 11 ASK 4 F5 or (800 11275 435)
Fax: See Regional Support for your area.
Web: https://support.f5.com/csp/home
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 Publication Preference Center

To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.

  • TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
  • TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
  • Security Alerts: Timely security updates and ASM attack signature updates from F5.

Legal notices

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)