Applies To:

Show Versions Show Versions

Release Note: APM Client 7.1.7.2
Release Note

Original Publication Date: 12/05/2018

Summary:

This release note documents the Edge Client version 7.1.7.2 release.

Contents:

- User documentation for this release
     - Features and enhancements in 7.1.7.2
     - Fixes in 7.1.7.2
     - Known issues in 7.1.7.2
- Legal notices
- Contacting F5 Networks

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following pages:

Features and enhancements in 7.1.7.2

Features and enhancements in 7.1.7.2

Limit application launch

With this release for macOS, the configured application is launched only the first time when VPN is started. When the VPN is reconnected with the same session, the configured application connects automatically.

Features and enhancements in 7.1.7.1

There were no features or enhancements in 7.1.7.1.

Fixes in 7.1.7.2

Fixes in 7.1.7.2

ID Number Description
681956-1 If you disconnect from the VPN while there is no connectivity on a statically-configured network adapter, and then if the network connectivity is restored to that adapter after the disconnection, the default route is not restored. With this release, the Edge Client restores the default route on the disconnected interface.
743021-1 Previously on macOS, the Edge Client did not handle return code ENOBUFS, and this resulted in DTLS connection interruption in heavy load conditions. macOS returns error code ENOBUFS when the output queue for a network interface is full. This issue is fixed now, and the DTLS connection is no longer interrupted.
743276-1 Previously, the Edge Client installer with Always Connected mode gave errors while installing the Stonewall service on Windows 7. This issue is fixed, and now the Edge Client and accompanying components are installed successfully.
744035-7

These fix CVE-2018-15332 (https://support.f5.com/csp/article/K12130880). The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS ran as a privileged process and could allow an unprivileged user to get ownership of files owned by root on the local client host.

747739-1 Previously, after auto-upgrade, checks could not be performed on macOS as the Policy Server could not verify the signature on Edge Client installation. Now, with auto-upgrade, the old custom.css file is removed, and this issue is fixed.
748632-2 Previously, when there were two or more endpoint checks that require OPSWAT libraries, the endpoint checks failed on macOS Mojave. Now, this issue is resolved as the OPSWAT libraries are loaded/unloaded once for each policyserver execution.
750649-1 Previously, with the Windows Logon Integration, the network logon using dial-up connection failed with Connecting - Error 1471: Unable to finish the requested operation because the specified process is not a GUI process error message and VPN could not be established. This issue has been resolved.

Fixes in 7.1.7.1

ID Number Description
714628-2 Previously, the split tunneling scope was too small to allow a large number of entries. The split tunneling scope size has been increased.
737443-1, 737443-2, 739090-1,739094-1

These fix CVE-2018-5546 (https://support.f5.com/csp/article/K54431371). The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS ran as a privileged process and could allow an unprivileged user to get ownership of files owned by root on the local client host.

738704-1,737362-1 These fix CVE-2018-5547 (https://support.f5.com/csp/article/K10015187). The logon integration feature of APM window client prior to version 7.1.7.1 used a system account to establish network access. This feature displayed a certificate user interface dialog box which contained the link to the certificate policy. By clicking on the link, unprivileged users could open additional dialog boxes and get access to the local machine windows explorer which could be used to get administrator privilege.

Known issues in 7.1.7.2

The following are known issues in this release.

ID Number Description
681023 F5 endpoint inspection and F5 VPN applications are not upgraded automatically on OpenSuse 42.3 and Suse Enterprise Desktop 12 SP2. As a workaround, with the F5 EPI or F5 VPN downloads linux_f5epi.tgz or linux_f5vpn.tgz in the platform's download folder.
  1. Untar the file. tar -xvf linux_f5epi.tgz
  2. Select the appropriate file. For example, for a 64-bit CPU select linux_f5epi.x86_64.rpm
  3. Install the package: rpm --force -ivh linux_f5epi.x86_64.rpm, or uninstall the older component first: rpm -e f5epi or rpm -ivh linux_f5epi.x86_64.rpm.
681281 On Fedora 26, after disconnecting from the VPN, the default route is not restored. As a workaround, disable and re-enable the network adapter.
683819 When Edge Client is installed using the CLI or msiexec, the following config parameters are not installed.
  • Exclusion List is not installed properly
  • Auto Launch option is not installed properly
As a workaround, use the F5 Edge Client installer to install the client. From CLI this can be performed with the command BIGIPEdgeClient.exe /q.
700770 With the Always Connected mode, when hosts and IP addresses are added to the exclusion list in the registry manually after the client is installed, they are deleted after the client is uninstalled. As a workaround, after the client is reinstalled, add the exclusions again.
703874 If the VPN is connected and disconnected repeatedly, a user may fail to log on. Edge Client retries to logon automatically and succeeds eventually.
708922 If the proxy configuration is deployed using DHCP option 252, then on establishing the VPN the client-side proxy configuration is ignored. As a workaround, configure client-side proxy information in IE configuration.
714043 NPAPI inspection host plugin on macOS does not work with the latest Endpoint Security (EPSEC) image because the policy server is bundled with individual applications and is not a part of the OESIS package. There is no workaround at this time.

Legal notices

Contacting F5 Networks

Phone - North America: 1-888-882-7535 or (206) 272-6500
Phone - Outside North America, Universal Toll-Free: +800 11 ASK 4 F5 or (800 11275 435)
Additional phone numbers: See Product Support Regional Contact Information for your area.
Web: https://f5.com/
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5 Knowledge Base

AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

F5 Publication Subscription Center AskF5 Publication Preference Center

To subscribe, click F5 Publication Subscription Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the F5 Publication Subscription Center screen.

  • TechNews Weekly eNewsletters: Timely information about known issues, product releases, hotfix releases, point releases, updated and new articles, and new feature notices.
  • TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
  • Security Alerts: Application Classification Signature and Service Provider Notifications .

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.

Additional Comments (optional)