Applies To:

Show Versions Show Versions

Manual Chapter: FirePass Controller Administrator Guide: 9 - Using FirePass Controller Client Components
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


9

Using FirePass Controller Client Components


Downloading client components

The FirePass controller downloads components to the end user's computer at initial logon. The downloaded client components enable the various features of FirePass controller functionality.

The type of control downloaded differs depending on the user's operating system. For proper functionality, the controls require certain conditions:

For Microsoft® Windows®-based computers, the requirements are:

  • The user must have ActiveX or Java enabled for the browser.
  • One of the following is true:
    • The user has Power User privileges on the endpoint system.
    • The client control is already installed on the system.
    • The Component Installer has been installed on the system.

For Apple® Macintosh® (OS X only) and Linux®-based systems, the user must have Superuser authority, or the user must supply the Administrative password at the time of initial installation.

For more information about downloading and installing the client components, see Installing client components on Windows systems , following. For more information about the Component Installer, see Using the Component Installer .

Using Windows clients with the FirePass controller

The FirePass controller includes support for remote Windows clients, so you can use the FirePass controller for secure remote access.

Installing client components on Windows systems

Installing and running a FirePass controller component on Windows-based systems requires certain user rights. Table 9.1 , contains a list of the endpoint inspectors, and shows the user rights required for downloading and installing the associated components. Preinstalling components provides seamless upgrade for clients after you upgrade the FirePass controller. For information about preinstalling components, see Using MSI to preinstall client components .

You can also use the Component Installer feature to provide completely transparent installation and upgrading of components, regardless of what rights under which the user is running. For more information about the Component Installer, see Using the Component Installer .

Table 9.1 User rights requirements for endpoint inspector support
FirePass controller endpoint inspector
Guest rights
User rights
Power User rights
Administrator rights
Check for Google Desktop
No support
Preinstall component
OK
OK
Extended Windows and Internet Explorer info
No support
Preinstall component
OK
OK
Firewall check
No support
Preinstall component
OK
OK
Check for Antiviruses
No support
Preinstall component
OK
OK
Check Processes
No support
Preinstall component
OK
OK
Check Registry
No support
Preinstall component
OK
OK
Check Files
No support
Preinstall component
OK
OK
Switch to PWS
No support
Preinstall component
OK
OK
Check Time
OK
OK
OK
OK
Show virtual keyboard
OK
OK
OK
OK
UI mode
OK
OK
OK
OK
Check OS
OK
OK
OK
OK
Check client certificate
OK
OK
OK
OK
Write to Logon log
OK
OK
OK
OK
Send mail
OK
OK
OK
OK
External Far-end check
Varies based on check required
Varies based on
check required
Varies based on check required
Varies based on check required

 

For client systems that have the inspector component pre-installed using the MSI package, the requirements are the same. In cases in which user rights are insufficient, although the system cannot download the update, the previously installed component still works.

You can use the Component Installer feature to provide completely transparent installation and upgrading of components, regardless of the rights under which the user is working. For more information about the Component Installer, see Using the Component Installer .

For the Java-based client adapters listed in the Table 9.2 , Sun Java or Microsoft Java must be installed on the user workstation.

Table 9.2 User rights requirements for installing and running other FirePass controller components
FirePass controller component
User rights
Power User rights
Admin rights
Cache cleanup
Preinstall component
OK
OK
VT-xxxx legacy terminal (Java)
OK
OK
OK
VT-3270 legacy terminal (Java)
OK
OK
OK
TN-5250 legacy terminal (Java)
OK
OK
OK
VT-320 legacy terminal (Java)
OK
OK
OK
X11 UNIX adapter
Preinstall component
OK
OK
Microsoft Terminal Server
Preinstall component
OK
OK
Citrix Terminal Server
Preinstall component
OK
OK
VNC
Preinstall component
OK
OK
SSL-VPN connector
Preinstall component
Preinstall component
OK
Application connector
(host name)
Preinstall component
OK, but system cannot modify Hosts file
OK
Application connector
(IP address)
Preinstall component
OK
OK

 

For client systems that have the components pre-installed using the MSI package, the requirements are the same. In cases in which user rights are insufficient, although the system cannot download the update, the previously installed component still works.

Using MSI to preinstall client components

Your security policy may prohibit granting users the power user rights needed to install ActiveX components, or your browser security policy may prohibit downloading active elements. For these reasons, you might prefer to preinstall components on your users' Windows systems.

You can use the Device Management : Client Downloads screen to configure and download a Microsoft Installer Package (MSI) containing the Windows controls needed for the various FirePass controller functions. You must also configure the MSI installer to run with elevated privileges so that it can install the components for users with lesser privileges. For information about configuring the MSI installer to run with elevated privileges, see the documentation for your operating system.

This is valid only for Windows-based installations. There is no MSI functionality for installing on client systems running other operating systems.

The Client Downloads screen provides tabs for Customize Package, Customize Client Components, and Download. On the Customize Package tab, you can specify the components you want in the downloaded package.

On the Customize Client Components tab, you can specify options that govern Windows logon integration and functionality of the standalone Windows client. For more information, see the online help for the Device Management : Client Downloads : Windows (x86) screen.

On the Download tab, you can review the selected components and start the download operation. You can install downloaded packages onto client computers, or you can copy the packages to a shared location so that individual users can complete their own installation.

Using the Component Installer

You can use the Component Installer component to install and upgrade client-side FirePass controller components for all kinds of user accounts, regardless of the rights under which the user is working. This component is especially useful for installing and upgrading client-side components when the user has insufficient rights to install or upgrade the components directly.

You must use an account that has administrative rights to initially install the Component Installer on the client computer as a part of Client Components Package (MSI). Once installed and running, the Component Installer automatically installs and upgrades client-side FirePass controller components. It can also update itself.

The Component Installer requires that the installation or upgrade packages be signed using the F5 Networks certificate or another trusted certificate. By default, F5 Networks signs all components using the F5 Networks certificate. You can add your own certificate and use it to sign the components. For more information, see Adding your own trusted certificates to the F5FirePassRoot certificate store , following.

Adding your own trusted certificates to the F5FirePassRoot certificate store

The Component Installer service works with components only if they are signed by the F5 Networks certificates, or a certificate in the special system store named F5FirePassRoot on the client computer. You can re-sign components with your own trusted certificate and upload them on the FirePass controller using the Code Signing tab on the Device Management : Customization screen. When you add your trusted certificate to that store, the installer service allows installation and upgrade of packages signed with your certificate.

You can distribute the certificates to clients computers using the Windows utility certmgr.exe, or another certificate-distribution utility. For example, you can specify the following command at the Windows command line to add one trusted certificate:

certmgr /add /all /c fptrusts.cer /s /r localMachine F5FirePassRoot

The fptrusts.cer file name represents the name of the certificate file you received from your Certificate Authority. The rest of the command should be typed exactly as it appears. You can add multiple certificates by specifying the command once for each certificate you want to add.

Installing the F5 Networks VPN Client for Windows

Using the standalone client, remote users can access your corporate LAN without using a Web browser. The client gives users access to these FirePass controller features:

  • Network Access
  • Application Access
  • Terminal Services

You can use the Client Downloads screen to download the following components:

  • F5 Networks VPN Client for Windows
    The F5 Networks VPN Client for Windows is a program that allows a user to initiate and uses Network Access, App Tunnel, and Terminal Services sessions outside the context of an Internet browser. The F5 Networks VPN Client for Windows uses the FirePass controller API.
  • F5 Networks Client COM API library
    The F5 Networks Client COM API library is a set of routines that you can use to construct standalone applications that allow the user to access FirePass controller services. The API is provided as a C++ library. The F5 Networks VPN Client for Windows uses the FirePass controller API to provide the following functionality:
    • Log on to the FirePass controller
    • Get a list of authorized, preconfigured favorites
    • Select a favorite
    • Show parameters of the selected favorite
    • Establish a connection to one or more favorites
    • Mark a selected favorite to be connected automatically in subsequent sessions
    • Close favorites
    • Log out of the FirePass controller

You can find descriptions of optional settings in the online help for the Customize Windows Client screen. To access the screen, click Device Management, click Client Downloads, and click the Customize Windows Client tab.

Installing the Networks Client API

The F5 Networks Client API is a library that provides an interface and methods for use by third-party applications. Using this API, the third-party applications can access FirePass controller Network Access, App Tunnels, and Terminal Server Connector favorites. Application vendors can use it to provide seamless remote access from their proprietary application clients to application servers inside a network accessible to the FirePass controller.

COM-aware third-party applications can invoke the F5 Networks Client API. You can create COM-aware applications using any development environment supporting COM and ActiveX controls; for example, VisualBasic, VisualC++, and Delphi.

You can also use the F5 Networks Client API inside scripts, including scripts of the following type: JavaScript, VBScript inside Internet Explorer, and Windows Scripting Host.

For more information about using the F5 Networks Client API, and the available interfaces, methods, and events, please visit F5 DevCentral at http://devcentral.f5.com/. F5 DevCentral provides technical documentation and tips, as well as a developer forum for posting feedback and questions about using the F5 Networks Client API.

Using Macintosh and Linux clients with the FirePass controller

The FirePass controller includes Network Access support for remote Macintosh and Linux clients, so you can use the FirePass controller for secure remote access in mixed-platform environments. As with the Windows platform support, you do not need to preinstall or preconfigure any client software when using FirePass controller with Macintosh and Linux systems.

Introducing supported Network Access features

All of the primary Network Access features are supported on Macintosh and Linux clients. For a list of Network Access features, see Configuring Network Access resource group settings, in Chapter 5 . The FirePass controller does not support Drive Mappings or Policy Checks features on Macintosh and Linux systems.

For more information about Network Access and configuring Network Access features, see Chapter 5, Configuring Network Access .

Features supported on Macintosh and Linux clients include:

  • Secure remote access to your internal network, with support for IP-based applications.
  • Split tunneling, so only network traffic that you specify goes through the Network Access connection.
  • Packet-based and group-based IP filtering, giving you the ability to restrict groups of users to specific addresses, ranges of addresses, and ports.
  • Compression, to reduce the amount of traffic passing between the remote client and your internal network.
  • Application launching.
    You must configure the starting of remote client applications based on the operating system on the remote computers. You can configure all other features independent of the remote client operating systems. For details, see Configuring the starting of applications on Macintosh or Linux clients .

Configuring the starting of applications on Macintosh or Linux clients

The launch application feature specifies a client application that starts when the client begins a Network Access session. You can use this feature when you have remote clients who routinely use Network Access to connect to an application server, such as a mail server.

To configure the application start for Macintosh and Linux

  1. In the navigation pane, click Network Access.
    The Network Access Client Settings screen opens.
  2. From the For the group list (above the tabs), select the group for which you are configuring application launch settings.
    The screen refreshes to display the information for the group you selected.
  3. Note: The group must already exist in order to configure Network Access for that group. For information on creating groups, see Managing user information in an external data store, in Chapter 2 .
  4. Click the Launch Application tab near the top of the screen.
    The Launch Applications screen opens.
  5. In the App Path box, type the path of the application.
    For example:
    • For Macintosh, type open.
    • For Linux, type /usr/bin/mozilla.
  6. In the Parameters box, type any parameters you want to include.
    For example:
    • For Macintosh, type /Applications/ie.app http://www.f5.com.
    • For Linux, type http://www.f5.com.
  7. From the OS list, select an option.
    • For Macintosh, select Mac.
    • For Linux, select UNIX.
  8. Click Add to add the configuration.
    When remote users in the group make a Network Access connection, the application you configured starts automatically.

Installing the client on Macintosh and Linux systems

The first time a remote user starts Network Access, the FirePass controller downloads a client component. This client component is designed to be self-installing and self-configuring, but the user's browser must have Java enabled on Macintosh systems, or have Mozilla or Firefox to install a plugin on Linux systems.

If the browser does not support this requirement, the FirePass controller prompts the user to download the controller client component from the controller and install it manually. Users can find instructions on downloading the components manually on the Network Access Help page, available on their webtop after they log on to the FirePass controller.

Important

The remote user must have superuser authority, or must be able to supply an administrative password in order to successfully install the Network Access client.

Both Macintosh and Linux systems must also include PPP support (this is most often the case). When the user runs the Network Access client and makes a connection for the first time, the client detects the presence of pppd (the point-to-point protocol daemon), and determines whether the user has the necessary permissions to run it. If pppd is not present, or if the user does not have permissions needed to run the daemon, the connection fails.

After installation, the Macintosh client must restart the browser before launching Network Access.

Note

If you have a firewall enabled on your Linux system, you need to enable access on IP address 127.0.0.1 port 44444.

Establishing client connections

Users can initiate connections through Network Access from Windows, Linux, and Macintosh OS X systems, using various browsers. They can also use Network Access from Windows mobile versions on PDAs and Pocket PC phones.

For a list of browsers that Network Access supports, and a complete list of the clients that the FirePass controller supports, see the most current version of the release notes.

Important

When the user clicks a configured Network Access link, a small window opens. It must remain open for the whole duration of the Network Access session. If the user closes the window, it terminates the connection.
Note

On Microsoft Windows platforms, the user might also see a new network connection icon in the system tray.

Understanding Network Access error messages on Macintosh or Linux clients

Macintosh or Linux clients might receive error messages while working with Network Access connection. Table 9.3 , following, contains a list of the error messages as well as a description of their meaning and any recommendations for resolving the error.

Table 9.3 Network Access error codes on Linux or Macintosh clients
Error code
Meaning
1
Another Network Access client is already running
The client is either running or is in its shutdown stage. Wait a few seconds, and try connecting again.
2
Invalid version format
3
Control channel timeout on wait state during handshake
4
Null input received by control channel
5
Control channel timeout while in session
6
Unrecognized command from control channel while in session
7
Unrecognized command from control channel during handshake
8
Deadlock detected while acquiring lock
9
Unrecognized command from plugin during handshake
10
Invalid command for handling bytes transmitted
11
Invalid command for handling bytes received
12
Control channel does not receive initial handshake
13
Network Access client does not start
14
Timeout on reading initial configuration from the FirePass controller
15
Invalid format on parameters from the FirePass controller
16
Invalid local IP address on parameters from the FirePass controller
17
Invalid local port on parameters from the FirePass controller
18
Invalid session ID format on parameters from the FirePass controller
19
No session ID was specified
20
Cannot resolve the FirePass controller IP address
21
The FirePass controller IP address was not specified
22
Control channel socket error
23
Control channel does not respond to default command
24
Control channel hangs on disconnection or does not respond
25
Unrecognized command from plugin while in session
26
Control channel window timeout
27
PPP daemon or the FirePass controller file descriptors have changed
28
SSL handshake with the FirePass controller failed
29
No DNS server was specified
30
Timeout while receiving command from plugin
31
Timeout while sending information to plugin
32
Signal caught
33
Invalid remote IP address on parameters from the FirePass controller
34
Timeout while writing to Network Access tunnel
Possible network reconfiguration caused the connection to the FirePass controller to drop.
35
Timeout while reading from PPP daemon
36
Timeout while writing to PPP daemon
37
Timeout while reading from Network Access tunnel
38
Network Access client initialization error
39
Invalid split tunneling settings on parameters from the FirePass controller
40
Timeout while starting PPP daemon
41
PPP daemon does not exist on the host system
Verify that PPP daemon is installed or has been installed at the non-standard location.
42
Cannot open pseudo terminal

 

Controlling the client using the command-line interface

You can access and control the Windows Standalone Client interactively or using an API. Using the command-line interface (CLI), you can employ scripted applications to establish a Network Access connection, and to open one or more App Tunnels.

The standalone client CLI supports the following commands:

  • -start
    Begins a FirePass controller session, logs on to the specified host, and automatically runs the Network Access favorites specified in parameters. For more information, see Using the -start command , following.
  • -stop
    Halts the specified session or specified favorite within a session. For more information, see Using the -stop command .
  • -info
    Posts to the screen information about sessions and favorites. For more information, see Using the -info command .
  • -profile
    Posts to the screen information about the profile specified. For more information, see Using the -profile command .
  • -help
    Posts to the screen information about the CLI commands. For more information, see Using the -help command .

Using the -start command

You can use the -start command to begin a session with the FirePass controller, log on to the controller, and run one or more favorites. The command returns a 0 (zero) when successful, and writes the assigned session ID to stdout.

You can specify that -start run in one of two modes.

  • Blocked
    Returns on failure or upon completion of a specified operation (for example, session establishment or favorite start).
  • Nonblocked
    Starts the specified operation and immediately returns a value, without waiting for the operation to complete. You can use the -info command to get operation status at a later time.

Overview of -start command arguments

The -start command provides arguments for using an ID to start a session or favorite or a name to start a favorite. Table 9.4 contains a list of the arguments that the -start command supports.

Table 9.4 Command arguments for the -start command
Parameter
Alias
Values
Description
Comment
/config
/c
String
Specifies the configuration profile file name.
Uses the default program profile, if /conf is not specified.
/nonblock
/nb
None
Turns on nonblocking mode.
Returns immediately.
/host
/h
[http|https]host[:port] [/landing_uri]
Represents the FirePass controller host name.
If no value is specified, uses the default value from the program profile or presents a dialog box.
/user
/u
String
Indicates the user name.
If no value is specified, uses the default value from the program profile or presents a dialog box.
/password
/p
String
Indicates the password.
If no value is specified, uses the default value from the program profile or presents a dialog box.
/userhex
/uh
String
Indicates the user name in hex-encoded format.
If no value is specified, uses the default value from the program profile or presents a dialog box.
/passwordhex
/ph
String
Indicates the password in hex-encoded format.
If no value is specified, uses the default value from the program profile or presents a dialog box.
/mode
/m
[simple|advanced]
Indicates the UI mode.
Simple is the default mode.
/sid
/s
String
Indicates the session ID.
Starts a favorite in an already established session.
/sid is a required parameter. All other parameters are optional.
You can use the -info command to get the /sid value.
/fid
/f
String
Represents the favorite's unique ID.
You can use the -info command to get the /fid value.
/fname
/n
name[:{vpn|apptunnel|terminal}]
Indicates the name of the favorite to affect.
You can also specify a type if the name is not unique.
You can use the -info command to get the /fname value.
/verbose
/v
None
Enables verbose output to stdout.
 
/minimize
/t
None
Minimizes the window after start.
 

 

Process exit codes for the -start command

The process returns an exit code that indicates the status of the command. Table 9.5 contains the value and description of each code that the -start command returns.

Table 9.5 Process exit codes for the -start command
Code
Description
0x0
Operation completed successfully.
0x1
User terminated operation.
0x2
Authentication attempt failed.
0x4
Autolaunch operation failed.
0x8
User attention requested.
0x10
Favorite start failed.
0x100
Error unknown.
0x200
Parameter unknown.
0x300
Parameter value incorrect.
0x400
Session ID unknown.
0x500
Favorite ID unknown.

 

Examples of using the -start command

This section presents examples of possible -start command sequences.

Note

You can get session and favorite ID values using the -info command.

Description

Runs the standalone client in simple mode and does not send a return value until the system authenticates the user and establishes the session.

Command

f5fpc -start /h firepass.com:443 /u joe

Output

session id: 15

Description

Establishes a session named corp and starts the favorite named sales in nonblocking mode.

Command

f5fpc -start /nb /h firepass.com /u joe /p password /m advanced /n corp:vpn /n sales:apptunnel

Output

session id: 15

Description

Starts the favorite named sales in the already established session with a session ID of 15.

Command

f5fpc -start /s 15 /n sales:vpn

Description

Starts the favorite whose favorite ID is 1 in the already established session with a session ID of 345.

Command

f5fpc -start /s 345 /f 1

Using the -stop command

You can use the -stop command to halt the session or specified favorite.

Note

You can get session and favorite ID values using the -info command.

Overview of -stop command arguments

The -stop command provides arguments for using an ID to halt a session or favorite, or using a name to halt a favorite. You must specify a session ID for all -stop commands. Table 9.6 contains a list of the arguments that the -stop command supports.

Table 9.6 Command arguments for the -stop command
Parameter
Alias
Values
Description
Comment
/sid
/s
string
Indicates the session ID.
Halts the session as well as all established favorites running in the session.
/sid is a required parameter. All other parameters are optional.
You can use the -info command to get the /sid value.
/fid
/f
string
Represents the favorite's unique ID.
You must also include the /sid.
You can use the -info command to get the /fid value.
/fname
/n
name[:{vpn|apptunnel|terminal}]
Indicates the name of the favorite to affect.
You must also include the /sid.
You can also specify a type if the name is not unique.
You can use the -info command to get the /fname value.

 

Process exit codes for the -stop command

The process returns an exit code that indicates the status of the command. Table 9.7 contains the value and description of each code that the -stop command returns.

Table 9.7 Process exit codes for the -stop command
Code
Description
0x0
Operation completed successfully.
0x100
Error unknown.
0x200
Parameter unknown.
0x300
Parameter value incorrect.
0x400
Session ID unknown.
0x500
Favorite ID unknown.

 

Examples of using the -stop command

This section presents examples of possible -stop command sequences.

Note

You can get session and favorite ID values using the -info command.

Description

Closes the Network Access connection whose session ID is 15, and halts all running favorites.

Command

f5fpc -stop /s 15

Description

Closes the Network Access connection whose name is corp, and halts all running favorites.

Command

f5fpc -stop /s 15 /n corp:vpn

Description

Stops the favorite whose ID is 1 running in the session whose ID is 345.

Command

f5fpc -stop /s 345 /f 1

Using the -info command

The -info command provides information about sessions and favorites running on the FirePass controller. You use the -info command to retrieve session and favorite information to use in conjunction with the -start and -stop commands.

Overview of -info command arguments

The -info command provides arguments for retrieving session or favorite information and favorite names. The system presents information in the following format:

session_id favorite_id favorite_type favorite_name status_code user_friendly_message

The following example illustrates a sample of the output that the -info command returns.

15 1 vpn EMPLOYEE 0 available

Table 9.8 contains a list of the arguments that the -info command supports.

Table 9.8 Command arguments for the -info command
Parameter
Alias
Values
Description
Comment
/sid
/s
string
Indicates the session ID.
For -info commands that do not contain a value for /sid, the operation returns a list of all sessions and statuses.
For -info commands that contain a value for /sid, the operation returns a list of favorites and their status codes.
For -info commands that do not contain a value for /fid or /fname, the operation returns a list of all favorites and status codes.
For -info commands that contain a value for /fid or /fname, the operation returns information about that favorite only.
/fid
/f
string
Represents the favorite's unique ID.
You must also include the /sid.
/fname
/n
name[:{vpn|apptunnel|terminal}]
Indicates the name of the favorite to affect.
You must also include the /sid.
You can also specify a type if the name is not unique.

 

Process exit codes for the -info command

The process returns an exit code that indicates the status of the command. Table 9.9 contains the value and description of codes that the -info command returns.

Table 9.9 Process exit codes for the -info command
Code
Description
0x0
Operation completed successfully.
0x100
Error unknown.
0x200
Parameter unknown.
0x300
Parameter value incorrect.
0x400
Session ID unknown.
0x500
Favorite ID unknown.

 

Other codes returned depend on parameters specified.

Examples of using the -info command

This section presents examples of possible -info command sequences.

Description

Returns all active sessions.

Command

f5fpc -info

Output

there are 2 active sessions

session code status

15 1 session established

345 4 user should select host from presented list

Note

The code value returned represents the session status. For information about session status codes, see Session status codes .

Description

Returns the status and list of favorites for session whose ID is 15.

Command

f5fpc -info /s 15

f5fpc -info /s 15 /f 1

session code status

15 1 session established

session favorite type name code status

15 1 vpn network1 1 established

15 2 apptunnel AS400 0 available

15 3 apptunnel SALES 0 available

Description

Returns information about the favorite whose ID is 1, which is running in the session whose ID is 15.

Command

f5fpc -info /s 15 /f 1

Return

session favorite type name code status

15 1 vpn network1 1 established

Note

The code value returned represents the favorite status. For information about favorite status codes, see Session status codes , following.

Description

Returns information about the favorite whose name is sales, which is running in the session whose ID is 15.

Command

f5fpc -info /s 15 /n SALES:apptunnel

Return

session favorite type name code status

15 3 apptunnel SALES 0 available

Note

The code value returned represents the favorite status. For information about favorite status codes, see Favorite status codes .

Session status codes

Table 9.10 contains the value and description of session codes that the -info command returns.

Table 9.10 Session status codes for the -info command
code
status
0x1
Session established.
0x2
Logon in progress.
0x4
User must select the host from presented list.
0x8
Autolaunch in progress.
0x10
User attention required.

 

Favorite status codes

Table 9.11 contains the value and description of favorite status codes that the -info command returns.

Table 9.11 Favorite status codes for the -info command
code
status
0x0
Favorite not active.
0x1
Favorite running.
0x2
Favorite connecting.
0x10
Process requires attention.

 

Using the -profile command

Returns information from the profile configuration file. The profile contains information such as FirePass controller IP address and gateway IP addresses.

Overview of -profile command arguments

The -profile command provides an argument for specifying the configuration file name. Table 9.12 contains a list of the arguments that the -profile command supports.

Table 9.12 Command arguments for the -profile command
Parameter
Alias
Values
Description
Comment
/conf
/c
string
Represents the configuration profile file name.
If no /conf value is specified, the operation uses the default current program profile.

 

Process exit codes for the -profile command

The process returns an exit code that indicates the status of the command. Table 9.13 contains the value and description of codes that the -profile command returns.

Table 9.13 Process exit codes for the -profile command
Code
Description
0x0
Operation completed successfully.
0x100
Error unknown.
0x200
Parameter unknown.
0x300
Parameter value incorrect.

 

Examples of using the -profile command

This section presents examples of possible -profile command sequences.

Description

Returns information about the FirePass controllers configured in the default profile file.

Command

f5fpc -profile

Return

Name Address Port Description

Main 44.58.251.1 443 The main gateway

Asia 28.45.13.22 443 Asia gateway

Using the -help command

Returns help for a specific command.

Overview of -help command arguments

The -help command provides an argument for specifying the configuration file name Table 9.14 contains a list of the arguments that the -help command supports.

Table 9.14 Command arguments for the -help command
Parameter
Alias
Values
Description
Comment
/help
-?
/?
string
Represents the command.
If no command is specified, displays a list of all commands.

 

Examples of using the -help command

This section presents examples of possible -help command sequences.

Description

Returns a list of all standalone client CLI commands.

Command

f5fpc -help

f5fpc /?

Description

Returns help about the -start command.

Command

f5fpc -start /?

Description

Returns help about the -stop command.

Command

f5fpc -stop -help

Using the command-line interface on the client

You can configure the FirePass Windows Client for download to a user's computer.

To configure the FirePass Windows Client for download

  1. In the navigation pane, click Device Management, expand Client Downloads, click Windows (x86), and click the Customize Package tab.
    The Customize Package screen opens.
  2. Check the FirePass Windows Client check box.
  3. Click the Download tab.
    The Download screen opens.
  4. Click the Download link, and save the f5fpcsetup.exe file to the location you want.

To configure Network Access favorites.

  1. In the navigation pane, click Network Access, and click Resources.
    The Network Access Resources screen opens.
  2. Configure Network Access favorites.
  3. Click Application Access, click App Tunnels, and click Resources.
    The App Tunnels screen opens.
  4. Configure App Tunnel favorites.

To configure Network Access favorites.

  1. Log on to a client computer.
  2. Double-click f5fpcsetup.exe, and follow the instructions to install the FirePass Windows Client.

To use the FirePass Windows Client CLI

  1. Log on to a client computer.
  2. To open a Windows command window, click Start, select Run, and type cmd in the box.
    The Windows command window opens.
  3. At the command prompt, type cd /d "C:\Program Files\F5 VPN"
    Include the quotation marks in the string you type.
  4. Run a command.
    The following are examples of commands you can run.
    • To list all FirePass controller Windows Client CLI commands, at the command prompt, type f5fpc -help
    • To list all options for the -info command, at the command prompt, type f5fpc -info /?
    • To open a Network Access session, at the command prompt, type
    • f5fpc -start /h <FirePass> /u <username> /p <password>
    • To get information about the current Network Access session, at the command prompt, type f5fpc -info
      At this point, the Network Access session should not be active.
    • To use the session ID returned in the previous command to get more detailed information about this session, at the command prompt type
    • f5fpc -info /s <session>
    • To start Network Access using a favorite ID returned in the previous command, type
    • f5fpc -start /s <session> /f <favorite-id>
    • To view the status of the open App Tunnel, type
      f5fpc -info /s <session>
      This time, the operation should report an established Network Access connection.
    • To use the session ID returned in the previous command to get more information about the session, at the command prompt, type
    • f5fpc -info /s <session>
    • To open an App tunnel using a favorite ID returned in the previous command, at the command prompt, type
    • f5fpc -start /s <session> /f <favorite-id>
    • To view the status of the open App Tunnel, at the command prompt, type f5fpc -info /s <session>
    • To use the favorite ID to close the App Tunnel, at the command prompt, type
    • f5fpc -stop /s <session> /f <favorite-id>
    • To use the session ID returned in the previous command to close the current session, including the Network Access connection, at the command prompt, type f5fpc -stop /s <session>
    • To get the session information again, and confirm that the session has been closed, at the command prompt, type fpfpc -info



Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)