The following table contains a list of session variables and their attributes.
|session.client.type||Indicates the client type. For example, Standalone.|
|session.client.platform||Indicates the platform type, such as Android or Chrome OS .|
|session.client.plugin||Indicates whether the client is a plugin. This is always set to 0.|
|session.client.app_id||The app ID for the client. For F5 Access for Android and Chrome OS this is com.f5.edge.client_ics.|
|session.client.app_version||The Android and Chrome OS app version for the client. For F5 Access for Android 3.0.4 this is 3.0.4.|
|session.user.agent||Indicates the browser, device type, and operating system version of the client, as well as the version of F5 Access.|
|session.client.model||Indicates the model name of the mobile device. For example, Nexus 6P|
|session.client.platform_version||Indicates the platform and version of the mobile device. For example, 7.0.0
Note: For Android Runtime on Chrome (ARC) the platform version points to Android container version instead of Chrome OS version.
|session.client.unique_id||Indicates the unique ID of the device. For example, 8ccaf965e51e3077.|
|session.client.imei||Indicates the IMEI ID of the device. For example, 490154203237518. (Not applicable for Chrome OS)|
|session.client.jailbreak||Indicates the jailbreak status of the device. 0 indicates the device is not jailbroken, 1 indicates the device is jailbroken, and an empty response indicates that the status of the device is unknown.|
|session.client.biometric_fingerprint||Indicates whether the device supports biometric fingerprint authentication. 1 indicates that a fingerprint is configured, 0 indicates that a fingerprint is not configured, or the device does not support fingerprint authentication.|
|session.client.vpn_scope||Indicates the scope of the VPN tunnel. The result is device for a device-wide VPN connection, and per-app for a per-app VPN. (Not applicable for Chrome OS)|
|session.client.vpn_tunnel_type||Indicates the type of VPN tunnel. For F5 Access for Android and Chrome OS, this is L3.|
|session.client.vpn_start_type||Indicates how the VPN connection was initiated.
|session.client.device_passcode_set||Indicates whether the user has a device unlock passcode, PIN, pattern, or biometric authentication configured. The results is 1 if a device lock is configured, and 0 if it is not.|
|session.client.always_connected_mode||Indicates whether Always-On Mode is configured for the device. The results is 1 if Always-On Mode is enabled, and 0 if it is not.|
|session.client.hostname||This is a human-readable mobile device name. The results depends on the device manufacturer and OS version, this might be a Bluetooth device name that can be changed by user, a Wi-Fi Direct device name that can be changed by user, or a Linux hostname (for example, android-8ab2bead5c56a02a).|
|session.client.js||Indicates whether the device used Web Logon mode to log on. The result is 1 if Web Logon Mode was used, and 0 if it was not.|
The following table provides tips for setting up F5 Access for devices.
|Proxy servers||Public and private-side proxy servers are not currently supported.|
|Client endpoint checks||Client end-point checks are not currently supported.|
|Require device authentication||For devices with Android 6.0 or later, F5 Access can require device
authentication with one of the device locking methods, including biometric
authentication, a PIN, a pattern, or a passphrase. To enable device authentication for
F5 Access, in the Connectivity Profile under Android
Edge Client, enable the options Allow Password
Caching and Require Device Authentication.
This setting has no effect on for devices with a pre-Android 6.0 OS. On such devices, even with this setting configured on the server, users must enter a password for each connection.
|Password caching policy||
|Client certificates||Client certificate authentication is supported in Web Logon mode with or without a password. In standard logon mode, certificates are supported, but a password is required. A password (including an empty password) can be saved in the configuration.|
You can start F5 Access connections for users from a URL. You can then provide these URLs to users, so they can start the VPN connection without having to manually start the application. If there is already an active connection, a prompt appears to warn the user that the existing connection must be stopped before the new connection can start. The connection uses a client certificate if it is specified in the existing configuration.
URL connections use the following parameters. This is an example, you must provide your own parameters and values.
You can start an alternate light client with no client branding, using the following parameters.
The syntax to start a connection from a URL follows.
The following examples illustrate how to start F5 Access connections for users from a URL.
Connecting to an existing configuration called MYVPN:f5access://start?name=MYVPN
Connecting to an existing configuration called MYVPN and including the server URL myvpn.siterequest.com:f5access://start?name=MYVPN&server=myvpn.siterequest.com
Connecting to a specific server called myvpn.siterequest.com:f5access://start?server=myvpn.siterequest.com
Connecting to a specific server called myvpn.siterequest.com with web logon enabled:f5access://start?server=myvpn.siterequest.com&logon_mode=web
Connecting to an existing configuration called MYVPN and including the username smith and the password passw0rd:f5access://start?name=MYVPN&username=smith&password=passw0rd
Starting a connection to a configuration called MYVPN and specifying the post-launch URL jump://?host=10.10.1.10&username=smith:f5access://start?name=MYVPN&postlaunch_url=jump%3A%2F%2F%3Fhost%3D10.10.1.10 %26username%3Dsmith
Starting a connection called apm_rsa with a SecurID software token 000117906115.f5access://start?name=apm_rsa&securid_sn=000117906115
Stopping a connection:f5access://stop
Minimizing the F5 Access UI:f5access://start?name=MYVPN&username=smith&password=passw0rd &hide_ui_when_connected=yes
Starting a connection in Lite mode:f5access-lite://start?name=apm&server=edgeportal.siterequest.com &username=test&x-cancel=http%3A%2F%2Fgoogle.com &x-error=http%3A%2F%2Fyahoo.com&x-success=http%3A%2F%2Ff5.com
Stopping a connection in Lite mode:f5access-lite://stop?x-cancel=edgeportal.siterequest.com &x-error=http%3A%2F%2Fyahoo.com&x-success=http%3A%2F%2Ff5.com
Allowing a list of applications to access the VPN:f5access://start?name=myvpn&allowed_apps=com.android.chrome,org.mozilla.firefox
Preventing a list of applications access the VPN:f5access://start?name=mvypn&disallowed_apps=com.android.chrome,org.mozilla.firefox
You can add BIG-IP® server definitions to F5 Access from a URL. You can provide these URLs to users, so they can create and/or start VPN connections without having to manually start the application.
Use the following URL and parameters to create a server:
The syntax to define a server from a URL follows.
Certificate common name. Matches the common name of the issuer of a valid certificate pre-installed on the device.
Specifies whether the logon mode is the standard logon (native) or web logon (web). The default logon mode is native.
The following examples illustrate how to define servers for F5 Access connections from a URL.
Create a server at edgeportal.siterequest.com:f5access://create?server=edgeportal.siterequest.com
Create a server named EdgePortal with the server URL edgeportal.siterequest.com:f5access://create?name=EdgePortal&server=edgeportal.siterequest.com
Create the same server with a user name, password, and certificate:f5access://create?name=EdgePortal&server=edgeportal.siterequest.com &username=edgeportal&password=androiddemo&certcn=clientcert-cert.siterequest.com
Create the same server with a user name and certificate:f5access://create?name=EdgePortal&server=edgeportal.siterequest.com &username=edgeportal&certcn=clientcert-cert.siterequest.com
Identify a certificate from the device credentials storage:f5access://create?server=edgeportal.siterequest.com&name=EdgePortal &cert_keychain_alias=<certificate alias>
Creating a connection called apm_rsa to server https://rsa.siterequest.com with a SecurID software token 000117906115.f5access://create?name=apm_rsa&server=https%3A%2F%2rsa.siterequest.com &logon_mode=web&securid_sn=000117906115
Creating a list of applications allowed to access the VPN:f5access://create?server=edgeportal.siterequest.com&name=EdgePortal &allowed_apps=com.android.chrome,org.mozilla.firefox
Creating a list of applications forbidden to access the VPN:f5access://create?server=edgeportal.siterequest.com &name=EdgePortal&disallowed_apps=com.android.chrome,org.mozilla.firefox