Original Publication Date: 08/10/2018
In September 2017, Apple posted the release of F5 Access for macOS version 1.0.0. Users should download this new version from the macOS app store.
For a comprehensive list of documentation that is relevant to this release, refer to BIG-IP Access Policy Manager Documentation.
F5 Access for macOS uses Apple's new Network Extension Framework. Apple's Network Extension Framework is a major architectural shift for the F5 Access client related to features such as Layer 3 VPN, Per-App VPN Tunneling, Server Certificate Verification, and other features.
|Split-tunneling (include list)||Split-tunneling include list of IP address ranges/subnet masks.|
|Split-tunneling (exclude list)||Split-tunneling exclude list of IP address ranges/subnet masks.|
|Server SSL Certificate Verification||Verify server SSL certificate against CA store.|
|Authentication w/ Username and Password Support||Username and password in native
|Authentication with Username and Password and Client Certificate||Two-factor authentication with username and password and client certificate in native
|Certificate-only Authentication Support||Authentication with
|Keychain||Users can use the saved password from the keychain.|
|MDM Provisioning||Support configuration by endpoint management systems or MDM.|
|VPN Tunnel Information||Display detailed information about the VPN tunnel.|
|Per-App VPN Support Layer 3 VPN||With the macOS Network Extension Framework, Per-App VPN policies are enforced by macOS.|
|Per-App VPN On-Demand||Start Per-App VPN on demand.|
|TLS and DTLS Support||TLS and DTLS protocols switch when appropriate. DTLS to TLS fallback is supported today.|
|Compression over TLS||The compression of traffic (GZIP) for a given TLS network tunnel.|
|Landing URI support||Configuration of a landing URI for the VPN tunnel.|
The following are known issues that affect the user experience when F5 Access is used on a macOS device. These issues may be addressed in the future by F5 or Apple.
|669654||The system UI server macOS component might crash when you enable "show VPN status in menu bar". This issue is being tracked with Apple issue 32750779.|
|669689||When the VPN Configuration is removed from System > Network Preference, the VPN Profile isn't removed, and the system becomes inconsistent. This issue is being tracked with Apple issue 29301077.|
|670618||F5 Access is not notified when a VPN profile is installed, and the user has to restart F5 Access to refresh the F5 Access menu. This issue is being tracked with Apple issue 31506133.|
|670699||When the credential is installed with the VPN profile, the user must enter device credentials in order to allow F5 Access to read credentials from the system keychain to establish the VPN connection. This issue is being tracked with Apple issue 30311873.|
|670770||According to Apple documentation, the "App-to-Per-App VPN Mapping" feature does not currently work.|
|670772||According to Apple documentation, OnDemandRules with EvaluateConnection should work; however, this feature does not currently work. This issue is being tracked with Apple issue 31825144.|
|670775||With the Per-App VPN SafariDomain feature, after a connection, the Per-App VPN status is not updated in the System > Network Preference dialog. Note that the app doesn't display the Per-App VPN configuration in the menu or configuration manager. This issue is being tracked with Apple issue 31719435.|
|676151||Currently, only one active VPN connection is supported. Connections to multiple VPN servers are not supported due to platform limitations. This issue is being tracked with Apple issue 33902689.|
|676553||Because of limitations in the new network extension framework, domain name to IP mapping assigned under /etc/hosts is not picked up by DNS resolution. This issue is being tracked with Apple issue 33712200.|
|676735||Because of limitations in the new network extension framework, included routes will not work if they overlap with the local subnet. This issue is being tracked with Apple issue 33832609.|
|676763||Because of limitations in the new network extension framework, if static routes already exist on the macOS device, these static routes are not removed after the VPN is established, and traffic may leak from the VPN. This issue is being tracked with Apple issue 33730108.|
|677151||Because of limitations in the new network extension framework, when the VPN configuration is installed from a profile, the user can still enable or disable onDemand from the network preference panel. This creates inconsistency between the profile and the actual configuration on the system. This issue is being tracked with Apple issue 33761127.|
|677152||Because of limitations in the new network extension framework, when a Per-App VPN profile is installed, the user can not start the profile from the network preferences panel. This issue is being tracked with Apple issue 33812079.|
|677347||Because of limitations in the new network extension framework, a VPN tunnel interface
|677657||Because of limitations in the new network extension framework, when a client reconnects immediately after disconnecting, the F5Access process is stopped by
|Phone - North America:||1-888-882-7535 or (206) 272-6500|
|Phone - Outside North America, Universal Toll-Free:||+800 11 ASK 4 F5 or (800 11275 435)|
|Fax:||See Regional Support for your area.|
For additional information, please visit http://www.f5.com.
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.