Manual Chapter : BIG-IP Edge Client for Linux

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 11.4.1, 11.4.0
Manual Chapter

Overview: Installing and using BIG-IP Edge Client for Linux

The BIG-IP® Access Policy Manager® (APM) includes network access support for remote Linux clients. You can use APM® for secure remote access in mixed-platform environments. You do not need to preinstall or preconfigure any client software if the client allows installation of the required browser components.

The first time a remote user starts network access, the BIG-IP APM downloads a client component. This client component is designed to be self-installing and self-configuring, but the user must use Firefox to be able to install a plugin on Linux systems. If the browser does not support this requirement, the BIG-IP APM prompts the user to download the controller client component from the controller and install it manually.
Note: The remote user must have superuser authority, or must be able to supply an administrative password in order to successfully install the network access client.

Linux systems must also include PPP support (this is most often the case). When the user runs the network access client and makes a connection for the first time, the client detects the presence of PPPD (Point-to-Point Protocol Daemon), and determines whether the user has the necessary permissions to run it. If PPPD is not present, or if the user does not have permissions needed to run the daemon, the connection fails.

Note: If you have a firewall enabled on your Linux system, you must enable access on IP address 127.0.0.1 port 44444.

Task summary

About establishing client connections from Linux

You can initiate connections through network access from Linux systems, by connecting to the virtual server address using a browser, or by starting the BIG-IP® Edge Client®.

Configuring application starting on a Linux client

The launch application feature specifies a client application that starts when the client begins a network access session. You can use this feature when you have remote clients who routinely use network access to connect to an application server, such as a mail server.
  1. On the Main tab, click Access Policy > Network Access > Network Access List. The Network Access List screen opens.
  2. In the Name column, click the name of the network access resource you want to edit.
  3. To configure applications to start for clients that establish a network access connection with this resource, click Launch Applications on the menu bar.
  4. Click Add to add an application list. A screen opens showing the Add Application To Launch area.
  5. In the Application Path field type an application to launch. For example, type /usr/bin/mozilla to start Mozilla.
  6. In the Parameters field, type a parameter. For example, type http://www.f5.com.
  7. From the Operating System list, select Unix.
  8. Click Finished to add the configuration.
Now, when remote users with assigned resources make a network access connection, the application you configured starts automatically.

Editing the log level in the configuration file for Linux

You can edit log settings in the configuration file on Linux systems.
  1. In the /usr/local/lib/F5Networks directory, open the f5networks.conf file.
  2. Edit the settings to change the log level. By default, the values are 0 (zero). For debugging purposes, set the values to 5.

Supported network access features for Mac and Linux clients

BIG-IP Access Policy Manager supports all of the primary network access features on Macintosh and Linux clients, except for Drive Mappings and some client checks.

Feature Notes
Secure remote access to an internal network Includes support for IP-based applications.
Split tunneling Only network traffic that you specify goes through the network access connection.
IP address filtering with connection-based ACL Allows you to restrict groups of users to specific addresses, ranges of addresses, and ports.
DNS Servers  
DNS Suffixes  
Allow local subnets Includes forcing all traffic through the tunnel.
Application launching You must configure the starting of remote client applications based on the operating system on the remote computers. You can configure all other features independent of the remote client operating systems.

VPN component installation and log locations on Linux

On Linux operating systems, you install the VPN components and write VPN logs to the locations listed in the table.

Category Location
VPN component /usr/local/lib/F5Networks
VPN logs ~/.F5Networks