Release Notes : Desktop Client 7.1.6

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0
Release Notes
Original Publication Date: 02/01/2019 Updated Date: 08/22/2019

Summary:

Version 7.1.6 of the Edge Client is now available on downloads.f5.com.

Contents:

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following pages:

Features and enhancements in 7.1.6

Client Troubleshooting Utility Enhancements

The Client Troubleshooting Utility can now collect all service and user logs in a single run. Previously, to collect troubleshooting logs, the user had to run the utility twice, once as a user, and the second time as an administrator.

This version of the Client Troubleshooting Utility prompts the user to escalate privileges and collects all the logs in a single run.

Network Location Awareness for Always Connected Mode

The usability of the Network Location Awareness feature has been improved in an Always Connected configuration, Network connectivity is enabled only when the user is connected to the Enterprise LAN, either directly or through the VPN. Previously, a running instance of Edge Client was required for the network location to be detected. Now a running instance of Edge client is not required. Also, this mode works even when the user is not logged onto the machine.

Connection startup time improved

Initial loading and connection time for Edge Client connections with limited bandwidth has been significantly improved, by reducing the number of pre-connection resource requests (691777).

Fixes in 7.1.6

ID Number Description
668247 Previously, on Windows, the Machine Certificate service was not used when UAC was disabled. Now, the Machine Certificate is used even when UAC is disabled.
670926 Previously a user with Firefox 54 or 55 on Fedora 24 or 25 could not establish a session to APM if endpoint checks were configured. This is fixed in Firefox 58.
695409 Previously, after the client upgrade from 13.0.0 to a later version, all users running FireFox or Chrome browsers on Windows were asked to re-install the Endpoint Inspector Application. Now, this issue has been fixed.
671517 Previously the incorrect language text was displayed in the main window of the Edge Client for macOS when the Disconnected button was clicked. This has been fixed.
676690 Previously, in some instances, the Edge Client on Windows would crash when the user signed out of Windows. This has been fixed.
679074 Previously, if the Allow Local DNS options was enabled, and only one DNS server was specified on a macOS High Sierra client, the VPN tunnel could not be established. This has been fixed.
686206 Previously, Machine Info agent did not collect information for disconnected network adapters on Mac OS X or Windows clients. The Machine Info now collects information on these adapters.
687213 Previously, in Always Connected mode, when Edge Client could not connect to APM, it switched to Always Disconnected mode, and did not retry the VPN connection. Now, when APM fails, Edge Client remains in Always Connected mode for locked clients, so the VPN tunnels can be established when the APM machine becomes available.
689826 Previously, on a Windows 10 system configured for a Unicode language (for example, Japanese, Korean, or Chinese) the client proxy autoconfig file was not assigned with Internet Explorer after the VPN connection was established. This issue has been fixed.
691546 Previously, DTLS would switch to TLS on networks with high latency. The internal DTLS timeout has been increased allowing DTLS to work on networks with latency of up to 3000ms.
691808 Previously, the launching of application tunnels to hosts with names beginning with a digit would fail. Now, application tunnels to such hosts do not fail.
693994 Previously, Edge Clients on Mac or Linux using DTLS might switch to TLS if DTLS packet reordering occurred. Now, Mac and Linux Edge Clients can handle UDP packet reordering and continue to use DTLS.
694852 Previously, F5 helper apps could not start with Firefox 56. The Firefox 57 update has resolved this issue.
700783 Previously, with a macOS system that had multiple hostnames, the machine certificate check could not check against all hostnames, causing failures in some scenarios. Now, the machine certificate check compares all hostnames on macOS devices.

Known issues in 7.1.6

The following are known issues in this release.

ID Number Description
590291 The new web client depends on Qt library version 5.5. On some Linux distributions, this version may not be available in standard repositories. Web client installation fails on such distributions. As a workaround, download and install the required qt library from the non-standard repository. Then build and install required Qt library on the distribution before installing the web client.
610436 DNS resolution does not work in a particular case of DNS Relay Proxy Service, when two adapters have the same DNS Server address on Microsoft Windows version 10. "

To work around this issue, add the following registry key:

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient

with DWORD EnableMultiHomedRouteConflicts set to 0.

This reverts the Windows DNS client behavior to pre-Windows 10 behavior, so the DNS relay proxy creates listeners on loopback for incoming requests, and the driver redirects DNS requests to the listener on the loopback.

Important: Use extreme care when editing Windows registry keys. Incorrect modification of keys might cause unexpected behavior.
630062 gnome-software returns the error This file is not supported for F5VPN and F5EPI RPMs on Fedora 25. As a workaround, open the Terminal application. From the command line run either of the following commands:

- pkgcon install-local -y -n /path/to/rpm/package.

- dnf install /path/to/rpm/package

666497 Some of the Korean translations in Microsoft Windows Edge Client's main windows are incorrect.
681023 F5 endpoint inspection and F5 VPN applications are not upgraded automatically on OpenSuse 42.3 and Suse Enterprise Desktop 12 SP2. As a workaround, with the F5 EPI or F5 VPN downloads linux_f5epi.tgz or linux_f5vpn.tgz in the platform's download folder.
  1. Untar the file. tar -xvf linux_f5epi.tgz
  2. Select the appropriate file. For example, for a 64-bit CPU select linux_f5epi.x86_64.rpm
  3. Install the package: rpm --force -ivh linux_f5epi.x86_64.rpm, or uninstall the older component first: rpm -e f5epi or rpm -ivh linux_f5epi.x86_64.rpm.
681281 On Fedora 26, after disconnecting from the VPN, the default route is not restored. As a workaround, disable and re-enable the network adapter.
681956 If a user disconnects from the VPN while there is no connectivity on a statically-configured network adapter, and network connectivity is then restored to that adapter after the disconnection, the default route is not restored. As a workaround, you can either manually add a default route to the network adapter gateway, or enable DHCP on the network adapter.
683439 On Windows 10 RS3 update or higher, if drive Mapping is configured in a Network Access resource, and that drive mapping resource doesn't require authentication, the drive mapping fails. As a workaround, enable authentication for the remote drive.
683819 When Edge Client is installed using the CLI or msiexec, the following config parameters are not installed.
  • Exclusion List is not installed properly
  • The Auto Launch option is not installed properly
As a workaround, use the F5 Edge Client installer to install the client. From CLI this can be performed with the command BIGIPEdgeClient.exe /q.
689398 After installing KB4041681 or KB4041691 from Windows Update, package users may see an error dialog that indicates that an application exception has occurred when closing some applications. This can affect applications that use mshtml.dll to load web content. The failure only occurs when a process is already shutting down and will not impact application functionality. As a workaround, uninstall KB4041681 (Windows 7) or KB4041691 (Windows 10).
699330 On a fedora 27 client, f5vpn and f5epi crash upon start, causing VPN and endpoint check features to be unavailable. The user cannot use the browser to establish a VPN connection or for endpoint checks. "As a workaround, download the patchelf utility and issue the following commands.

For the endpoint inspection app:

sudo patchelf --remove-needed libssl.so.1.0.0 /opt/f5/epi/f5epi

sudo patchelf --remove-needed libcrypto.so.1.0.0 /opt/f5/epi/f5epi

for the F5 VPN app:

sudo patchelf --remove-needed libssl.so.1.0.0 /opt/f5/vpn/f5vpn

sudo patchelf --remove-needed libcrypto.so.1.0.0 /opt/f5/vpn/f5vpn

699970 On macOS Sierra, the Edge Client system tray drop-down menu doesn't appear when another application is in fullscreen mode.
700770 When hosts and IP addresses are added manually to the registry exclusion list for Network Location Awareness Always Connected Mode, after uninstall of the client, they are deleted. After the client is reinstalled, those exclusions must be added again.
700960 On Ubuntu 17.10, after disconnecting from the VPN, the default route is not restored. As a workaround, disable and re-enable the network adapter to restore the connectivity. Alternatively, after an indeterminate period, the route is restored.
703984 The Machine Cert check improperly matches the hostname with CN and SAN. The option Match CN with FQDN should match the certificate's CN with the exact FQDN, but this option currently identifies the CN as a match with the FQDN even if only the initial characters of the FQDN match the CN. The option Match subject Alt Name with FQDN exhibits the same behavior, incorrectly matching the SAN with the FQDN even if only the initial characters match.

Legal notices

Contacting F5 Networks

Phone - North America: 1-888-882-7535 or (206) 272-6500
Phone - Outside North America, Universal Toll-Free: +800 11 ASK 4 F5 or (800 11275 435)
Fax: See Regional Support for your area.
Web: https://support.f5.com/csp/home
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 Publication Preference Center

To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.

  • TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
  • TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
  • Security Alerts: Timely security updates and ASM attack signature updates from F5.