Applies To:

Show Versions Show Versions

Release Note: Desktop Client 7.1.7
Release Note

Original Publication Date: 08/10/2018

Summary:

Version 7.1.7 of the Edge Client is now available on downloads.f5.com.

Contents:

- User documentation for this release
     - Behavior changes in 7.1.7
     - Features and enhancements in 7.1.7
     - Fixes in 7.1.7
     - Known issues in 7.1.7
- Legal notices
- Contacting F5 Networks

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following pages:

Behavior changes in 7.1.7

Machine Tunnel Service

The Machine Tunnel Service is a new Desktop Client feature for Windows only. When installed on client machines as a Windows service, a machine tunnel starts during the machine boot sequence, and establishes a VPN connection to the specified APM servers in background. No user interaction or interactive Windows session is required. This can be used for several different scenarios.
Off-premise or remote initial provisioning
Machine tunnels can provide connectivity to the corporate datacenter when the user logs in to a corporate laptop for the very first time.
Remote computer maintenance
IT staff can manage the machine and update software when the user is not logged in, but the device is on and idle.
Remote troubleshooting
Support Staff are able to log into a user machine via a secure tunnel.
Remote self-service
When users forget their passwords, IT staff can use machine tunnels to reset the user passwords.

Linux helper application changes

Beginning in 7.1.7, F5 makes two changes to the Linux Helper Applications:
  1. The Linux version of the VPN and Endpoint Inspection helper apps have the required QT 5.5 libraries included, and are installed into /opt/f5/vpn/lib as part of the RPM or DEB installation process. This library path is automatically selected as the highest priority one from the f5vpn and f5epi program's RPATH attribute.
  2. Because of increased size, low usage, and industry trends, F5 has discontinued support of the desktop Linux 32-bit VPN and Endpoint Inspection apps. The 32-bit CLI VPN client remains available.

These changes are tracked with ID 700893. See K35025159: Changes to Linux helper applications for APM Clients 7.1.7 for more information.

Features and enhancements in 7.1.7

Features and Enhancements in 7.1.7

The Machine Tunnel Service is a new Desktop Client feature for Windows only. When installed on client machines as a Windows service, a machine tunnel starts during the machine boot sequence, and establishes a VPN connection to the specified APM servers in background. No user interaction or interactive Windows session is required. This can be used for several different scenarios.
Off-premise or remote initial provisioning
Machine tunnels can provide connectivity to the corporate datacenter when the user logs in to a corporate laptop for the very first time.
Remote computer maintenance
IT staff can manage the machine and update software when the user is not logged in, but the device is on and idle.
Remote troubleshooting
Support Staff are able to log into a user machine via a secure tunnel.
Remote self-service
When users forget their passwords, IT staff can use machine tunnels to reset the user passwords.

Fixes in 7.1.7

Fixes in 7.1.7

ID Number Description
610436 Previously, when two network adapters used the same DNS Server address on Microsoft Windows version 10, there could be DNS resolution errors. Now, DNS addresses are resolved correctly with two network adapters.
666497 Korean translation strings have been corrected.
673025 Previously, when the copyright was customized, the customized copyright was not displayed in the Edge Client for macOS. This has been fixed.
686718-4 Tunnel adapter is now closed on VPN termination even when Application launch is configured.
699330 Previously, On a Fedora 27 client, f5vpn and f5epi crashed upon start. This has been fixed.
700780 Now F5 DNS Relay Proxy service clears TC flag in all proxied packets, preventing client DNS resolvers from using TCP. An appropriate log entry is printed into the service's log.
700960 Previously on Ubuntu 17.10, after disconnecting from the VPN, the default route was not restored. This has been fixed.
702490 Previously, in some situations, Windows Credential Reuse did not work, requiring the EdgeClient end user to log in separately. This issue has been fixed.
702873 Previously, the Windows Logon Integration feature sometimes caused the Windows Logon screen to freeze. Now, this issue has been fixed. As a side effect of the fix, the Logon screen now shows duplicates of the pre-logon VPN Entries, which might be confusing for users. One duplicate comes from the Microsoft Credentials Provider. To disable the default Microsoft Credentials Provider see https://social.technet.microsoft.com/Forums/windows/en-US/9c23976a-3e2b-4b71-9f19-83ee3df0848b/how-to-disable-additional-credential-providers?forum=w8itprosecurity.
703984 In the previous release, the macOS machine cert agent checked only the beginning of the client hostname and certificate common name. The machine cert agent now checks the entire strings.
704535 F5 VPN and F5 EPI now properly consume data processed by Chrome 64+. Because earlier versions of F5 VPN or F5 EPI do not work properly with the Chrome 64+ browser, on those releases applications must be launched out-of-band (by standalone installer), or by launching F5 VPN/F5 EPI from another browser (such as Firefox or Edge).
705208 In the previous release, Edge Client on Windows was unable to establish a VPN connection after SAML authentication. Now, Edge Client can now successfully establish a VPN connection after SAML authentication.
707448 Strings are now properly translated into German.
707738 Due to an issue introduced in Windows RS4, a VPN connection could not be established. This has been fixed.
710188 Previously, Google reCAPTCHA was not displayed on the logon page, when implmented. Now Google reCAPTCHA is displayed.
710407 Previously, the F5 VPN and F5 EPI apps would quit on Linux distributions with Qt version 5.10.1 or higher. This has been fixed.
712728 On Linux, F5 helper apps (f5vpn and f5epi) are not automatically upgraded to version 7.1.7. As a workaround, manually uninstall f5epi and f5vpn. Connect to Access Policy Manager using a web browser. Follow the instructions when prompted to install f5epi or f5vpn.
714542 Now, when a user right-clicks the Edge Client tray icon in Always Connected mode, the Always Connected Mode text is displayed on the tray icon pop-up menu.

Known issues in 7.1.7

The following are known issues in this release.

ID Number Description
681023 F5 endpoint inspection and F5 VPN applications are not upgraded automatically on OpenSuse 42.3 and Suse Enterprise Desktop 12 SP2. "As a workaround, with the F5 EPI or F5 VPN downloads linux_f5epi.tgz or linux_f5vpn.tgz in the platform's download folder.
  1. Untar the file. tar -xvf linux_f5epi.tgz
  2. Select the appropriate file. For example, for a 64-bit CPU select linux_f5epi.x86_64.rpm
  3. Install the package: rpm --force -ivh linux_f5epi.x86_64.rpm, or uninstall the older component first: rpm -e f5epi or rpm -ivh linux_f5epi.x86_64.rpm.
681281 On Fedora 26, after disconnecting from the VPN, the default route is not restored. As a workaround, disable and re-enable the network adapter.
681956 If a user disconnects from the VPN while there is no connectivity on a statically-configured network adapter, and network connectivity is then restored to that adapter after the disconnection, the default route is not restored. As a workaround, you can either manually add a default route to the network adapter gateway, or enable DHCP on the network adapter.
683819 When Edge Client is installed using the CLI or msiexec, the following config parameters are not installed.
  • Exclusion List is not installed properly
  • Auto Launch option is not installed properly
As a workaround, use the F5 Edge Client installer to install the client. From CLI this can be performed with the command BIGIPEdgeClient.exe /q.
700770 With Always Connected mode, when hosts and IP addresses are added to the exclusion list in the registry manually after the client is installed, they are deleted after the client is uninstalled. As a workaround, after the client is reinstalled, add the exclusions again.
703874 If the VPN is connected and disconnected repeatedly, a user may fail to logon. Logon will be retried automatically, and eventually succeed.
708922 Client side proxy configuration will be ignored after VPN is established, if proxy configuration is deployed using DHCP option 252. As a workaround, configure client side proxy information in IE configuration
714043 NPAPI inspection host plugin on macOS does not work with the latest Endpoint Security (EPSEC) update image because policyserver not being part of OESIS package since it's bundled with individual applications. There is no workaround at this time.

Legal notices

Contacting F5 Networks

Phone - North America: 1-888-882-7535 or (206) 272-6500
Phone - Outside North America, Universal Toll-Free: +800 11 ASK 4 F5 or (800 11275 435)
Fax: See Regional Support for your area.
Web: https://support.f5.com/csp/home
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 Publication Preference Center

To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.

  • TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
  • TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
  • Security Alerts: Timely security updates and ASM attack signature updates from F5.

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.

Additional Comments (optional)