Release Notes :
F5 Access for Android 3.0.1
Applies To:
Show Versions
BIG-IP APM
- 13.0.0, 12.1.2, 11.6.1, 11.5.4, 11.5.1
Original Publication Date: 10/31/2018
Updated Date: 08/17/2023
Summary:
Version 3.0.1 of F5 Access for Android devices is now available. The download is available from the app store for your device.
Contents:
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the following page:
Features and enhancements in 3.0.1
There are no new features in 3.0.1.
New Features in 3.0.0:
- MobileIron Core Integration
- With MobileIron Core, full device connection configurations can be passed down to F5 Access.
- Biometric and Device Authentication for Re-use of Cached Credentials
- F5 Access supports device authentication via native fingerprint scanners, patterns, and PINs to protect cached passwords.
- Managed Configuration Mode
- Mobile device management (MDM) administrators can now disable any user modifications of the VPN configurations.
- Server URL Validation Flow
- Checks connection to APM during configuration with the capacity to download per-client policy.
- Always-On VPN Mode
- With Always-On VPN mode for Android for Work, F5 Access connects after system startup. In this mode F5 Access keeps the VPN connection alive as much as possible, and reconnects when needed. In Always-On Mode, when a VPN connection is not established, all direct network traffic is blocked.Always-On Mode is enabled with an MDM and requires specific MDM configuration capabilities. Check with your MDM solutions provider for more information. (ID 445999)
- RSA SecurID software token support
- A number of features have been added to support RSA SecurID two-factor authentication. (ID 382224)
- New session variables
- A number of new session variables have been added. See the user guide for more information. (ID 490015)
- Session logging improvements
- Previously F5 Access session logs did not contain APM session IDs, making troubleshooting difficult. F5 Access logs now include the APM session ID. (ID 618863)
Fixes in 3.0.1
Fixes in 3.0.1
| ID Number | Description |
|---|---|
| 643523 | Previously, connections on some hardware with SSL Certificates took a long time. This issue has been resolved. |
| 667358 | Previously, if the root certificate was missing from the device trusted list, but an intermediate certificate was included, certificate verification would fail on Android 7.x. Certificate verification will now succeed if only an intermediate CA certificate is found in the device trusted list. |
| 669416 | Previously, when attempting to authenticate using Google ID, authentication could not complete. Authentication with Google ID now succeeds. |
Fixes in 3.0.0
| ID Number | Description |
|---|---|
| 498040 | Previously, when a session was closed, F5 Access cleared persistent cookies. F5 Access no longer clears persistent cookies when the session is closed. |
| 517367 | An Edge Client configuration created in version 2.0.4 or earlier would no longer auto-reconnect after the client was upgraded To version 2.0.6 or later. This issue has been fixed, and no longer occurs on F5 Access 3.0.0. |
| 517373 | With some devices and applications, F5 Access closes the tunnel when a GPS application starts a location search. this has been fixed. |
| 579559 | Previously, Network Access always fell back to a TLS connection even if DTLS was configured when connecting to some hardware platforms. Network Access no longer falls back to TLS. |
| 633388 | Some external SAML IdP pages that attempted to access the localStorage HTML5 API would cause a Javascript error and could be rendered incorrectly. These pages are now rendered correctly. |
Known issues in 3.0.1
Known Issues in F5 Access
| ID Number | Description |
|---|---|
| 451826 | When F5 Access uses split tunneling for traffic, after establishing a VPN connection, all DNS queries are sent to the VPN-configured enterprise DNS server. |
| 504685 | F5 Access does not change to the Reconnecting state if the GTM server is down. Load balancing with GTM doesn't work. |
| 624395 | The web logon screen might disappear after a user sends F5 Access to the background after entering an RSA SecurID software token PIN. |
Known Issues in Third Party Software
| ID Number | Description |
|---|---|
| 553811 | On Android 6.0.0, in a Google for Work profile, the user cannot select a certificate from the system credential storage. As a workaround, install the client certificate to F5 Access internal certificate storage. Choose Certificates, tap the "+" button and choose "Install from SD card". The certificate file must be available in the Google for Work profile storage. |
| 555767 | On Android 6.0.0, F5 Access cannot send a diagnostics report using the Gmail app in a Google for Work profile. The Gmail app shows the erro "Can't attach empty file". As a workaround, go to Settings > Apps > Gmail (work profile) > Permissions and enable the "Storage" permission. |
| 617631 | When Always-On VPN Mode is enabled, a VPN connection is established, and a Network Access resource is configured to use split tunneling, resources from the split tunneling space can be successfully accessed using the managed application, but all resources outside of the split tunneling space cannot be accessed by the managed application. |
| 620294 | In Android 7.0 RC4, ciphers and SSLv3 are disabled for security reasons. AES ciphers must be enabled in the RSA Authentication Manager configuration in order for Dynamic Seed Provisioning (CT-KIP) to work on Android 7.0. For more details, see https://community.rsa.com/docs/DOC-45530. |
| 634069 | In most cases, when an Always-On VPN is disabled by the DPM (Device Policy Manager), the F5 Access VPN will be revoked if it is currently connected. In some corner cases, if F5 Access is not connected when, for example, the DPM enables Always-On VPN, but the connection doesn't start because of a misconfiguration, and the DPM then disables Always-On VPN, F5 Access won't be notified, and may continue to attempt to reconnect until the device is rebooted. |
| 616957 | If Always-On VPN mode is enabled for F5 Access by an MDM, and a force stop is done for F5 Access, F5 Access goes into the Disconnected state, and the user loses internet access through managed apps. F5 Access does not reestablish the VPN connection automatically. As a workaround, the user can restart the device to reestablish Always-On VPN mode. Another workaround is to disallow force stops in the MDM configuration, using DISALLOW_APPS_CONTROL. |
| 617362 | On some devices with Android 4.x, F5 Access Home screen icons might not get updated, and continue to show the older Edge Client icon. This is caused by Android issue 42921: https://code.google.com/p/android/issues/detail?id=42921 |
| 619106 | On certain Android devices F5 Access will show 2 icons in notification area when connected to VPN. This behavior is by design. |
| 629242 | The RSA SecurID software token PIN setup might timeout if the user does not provide a new PIN within the RSA SecurID token interval. |
Contacting F5 Networks
| Phone - North America: | 1-888-882-7535 or (206) 272-6500 |
| Phone - Outside North America, Universal Toll-Free: | +800 11 ASK 4 F5 or (800 11275 435) |
| Fax: | See Regional Support for your area. |
| Web: | https://support.f5.com/csp/home |
| Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: https://f5.com/support
- The AskF5 web site: https://support.f5.com/csp/home
- The F5 DevCentral web site: https://devcentral.f5.com/
- AskF5 Publication Preference Center: https://interact.f5.com/AskF5-SubscriptionCenter.html
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5
AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 Publication Preference Center
To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.
- TechNews Weekly eNewsletters: Up-to-date information about product and hotfix releases, new and updated articles, and new feature notices.
- TechNews Notifications: Periodic plain text TechNews, sent any time F5 releases a product or hotfix. (This information is always included in the next weekly HTML TechNews email.)
- Security Alerts: Timely security updates and ASM attack signature updates from F5.
