Applies To:

Show Versions Show Versions

Release Note: F5 Access for Android 3.0.1
Release Note

Original Publication Date: 07/31/2017

Summary:

Version 3.0.1 of F5 Access for Android devices is now available. The download is available from the app store for your device.

Contents:

- User documentation for this release
     - Features and enhancements in 3.0.1
     - Fixes in 3.0.1
     - Known issues in 3.0.1
- Legal notices
- Contacting F5 Networks

Version 3.0.1 of the F5 Access for Android devices is now available. The download is available from the app store for your device.

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the following page:

Features and enhancements in 3.0.1

There are no new features in 3.0.1.

New Features in 3.0.0:

MobileIron Core Integration
With MobileIron Core, full device connection configurations can be passed down to F5 Access.
Biometric and Device Authentication for Re-use of Cached Credentials
F5 Access supports device authentication via native fingerprint scanners, patterns, and PINs to protect cached passwords.
Managed Configuration Mode
Mobile device management (MDM) administrators can now disable any user modifications of the VPN configurations.
Server URL Validation Flow
Checks connection to APM during configuration with the capacity to download per-client policy.
Always-On VPN Mode
With Always-On VPN mode for Android for Work, F5 Access connects after system startup. In this mode F5 Access keeps the VPN connection alive as much as possible, and reconnects when needed. In Always-On Mode, when a VPN connection is not established, all direct network traffic is blocked.Always-On Mode is enabled with an MDM and requires specific MDM configuration capabilities. Check with your MDM solutions provider for more information. (ID 445999)
RSA SecurID software token support
A number of features have been added to support RSA SecurID two-factor authentication. (ID 382224)
New session variables
A number of new session variables have been added. See the user guide for more information. (ID 490015)
Session logging improvements
Previously F5 Access session logs did not contain APM session IDs, making troubleshooting difficult. F5 Access logs now include the APM session ID. (ID 618863)

Fixes in 3.0.1

Fixes in 3.0.1

ID Number Description
643523 Previously, connections on some hardware with SSL Certificates took a long time. This issue has been resolved.
667358 Previously, if the root certificate was missing from the device trusted list, but an intermediate certificate was included, certificate verification would fail on Android 7.x. Certificate verification will now succeed if only an intermediate CA certificate is found in the device trusted list.
669416 Previously, when attempting to authenticate using Google ID, authentication could not complete. Authentication with Google ID now succeeds.

Fixes in 3.0.0

ID Number Description
498040 Previously, when a session was closed, F5 Access cleared persistent cookies. F5 Access no longer clears persistent cookies when the session is closed.
517367 An Edge Client configuration created in version 2.0.4 or earlier would no longer auto-reconnect after the client was upgraded To version 2.0.6 or later. This issue has been fixed, and no longer occurs on F5 Access 3.0.0.
517373 With some devices and applications, F5 Access closes the tunnel when a GPS application starts a location search. this has been fixed.
579559 Previously, Network Access always fell back to a TLS connection even if DTLS was configured when connecting to some hardware platforms. Network Access no longer falls back to TLS.
633388 Some external SAML IdP pages that attempted to access the localStorage HTML5 API would cause a Javascript error and could be rendered incorrectly. These pages are now rendered correctly.

Known issues in 3.0.1

Known Issues in F5 Access

ID Number Description
504685 F5 Access does not change to the Reconnecting state if the GTM server is down. Load balancing with GTM doesn't work.
624395 The web logon screen might disappear after a user sends F5 Access to the background after entering an RSA SecurID software token PIN.

Known Issues in Third Party Software

ID Number Description
553811 On Android 6.0.0, in a Google for Work profile, the user cannot select a certificate from the system credential storage. As a workaround, install the client certificate to F5 Access internal certificate storage. Choose Certificates, tap the "+" button and choose "Install from SD card". The certificate file must be available in the Google for Work profile storage.
555767 On Android 6.0.0, F5 Access cannot send a diagnostics report using the Gmail app in a Google for Work profile. The Gmail app shows the erro "Can't attach empty file". As a workaround, go to Settings > Apps > Gmail (work profile) > Permissions and enable the "Storage" permission.
617631 When Always-On VPN Mode is enabled, a VPN connection is established, and a Network Access resource is configured to use split tunneling, resources from the split tunneling space can be successfully accessed using the managed application, but all resources outside of the split tunneling space cannot be accessed by the managed application.
620294 In Android 7.0 RC4, ciphers and SSLv3 are disabled for security reasons. AES ciphers must be enabled in the RSA Authentication Manager configuration in order for Dynamic Seed Provisioning (CT-KIP) to work on Android 7.0. For more details, see https://community.rsa.com/docs/DOC-45530.
634069 In most cases, when an Always-On VPN is disabled by the DPM (Device Policy Manager), the F5 Access VPN will be revoked if it is currently connected. In some corner cases, if F5 Access is not connected when, for example, the DPM enables Always-On VPN, but the connection doesn't start because of a misconfiguration, and the DPM then disables Always-On VPN, F5 Access won't be notified, and may continue to attempt to reconnect until the device is rebooted.
616957 If Always-On VPN mode is enabled for F5 Access by an MDM, and a force stop is done for F5 Access, F5 Access goes into the Disconnected state, and the user loses internet access through managed apps. F5 Access does not reestablish the VPN connection automatically. As a workaround, the user can restart the device to reestablish Always-On VPN mode. Another workaround is to disallow force stops in the MDM configuration, using DISALLOW_APPS_CONTROL.
617362 On some devices with Android 4.x, F5 Access Home screen icons might not get updated, and continue to show the older Edge Client icon. This is caused by Android issue 42921: https://code.google.com/p/android/issues/detail?id=42921
619106 On certain Android devices F5 Access will show 2 icons in notification area when connected to VPN. This behavior is by design.
629242 The RSA SecurID software token PIN setup might timeout if the user does not provide a new PIN within the RSA SecurID token interval.

Legal notices

Contacting F5 Networks

Phone - North America: 1-888-882-7535 or (206) 272-6500
Phone - Outside North America, Universal Toll-Free: +800 11 ASK 4 F5 or (800 11275 435)
Fax: See Regional Support for your area.
Web: https://support.f5.com/csp/home
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 Publication Preference Center

To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.

  • TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
  • TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
  • Security Alerts: Timely security updates and ASM attack signature updates from F5.

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)