Release Notes : F5 Access for Chrome OS 1.0.4

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 13.0.0, 12.1.2, 12.1.1, 12.1.0
Release Notes
Original Publication Date: 10/31/2018 Updated Date: 04/18/2019

Summary:

Version 1.0.4 of F5 Access for Chrome OS is now available. The download is available from the app store for your device, at https://chrome.google.com/webstore/detail/f5-access/hhogfmlhffdddckpokfodepfiimfffjf. (Note that this link is for a third-party site, and thus is subject to change at any time.)

Contents:

Release 1.0.4 requirements

F5 Access for Chrome OS 1.0.4 runs with the following requirements.
  • This version is supported on Chrome OS version 46.0 and later. Version 53.0 or later is required to support reconnecting when switching Wi-Fi access points or resuming a device from sleep.
  • This version is supported on BIG-IP 12.0 and later.
  • In BIG-IP 12.0, the connectivity profile contains specific settings for Chrome OS.
  • In BIG-IP 12.0, use the access policy item Client Type and the Edge Client branch to detect F5 Access for Chrome OS.

F5 Access Session Variables

F5 Access for Chrome OS supports the following session variables and values.

Table 1. F5 Access for Chrome OS session variables
Session variable Description Example value
session.client.app_version Chrome App version 1.0.4
session.client.cpu CPU type ARM, ARM64, x86 or x64
session.client.model Client device model Chromebook, Chromebox, Chromebit, or Chromebase
session.client.platform Operating system name ChromeOS
session.client.platform_version Operating system version 45.0.2454.4
session.client.type Type of session For this client, this value is always Standalone
session.client.activex Active X check For this client, this value is always 0
session.client.jailbreak Jailbreak check For this client, this value is always 0
session.client.version Client protocol version For this client, this value is always 2.0
session.client.js JavaScript check For this client, this value is always 0
session.client.plugin Plugin check For this client, this value is always 0
session.client.vpn_scope VPN connection scope For this client, the value is always device
session.client.vpn_scope VPN tunnel type For this client, the value is always L3
session.client.vpn_start_type How the VPN connection starts For this client, the value is always manual

F5 Access and BIG-IP versions prior to 12.0

F5 Access for Chrome OS may run on versions prior to BIG-IP 12.x. However, the configuration is unsupported and F5 cannot address any issues that may arise with this configuration.

Please see SOL16874 for more information on this configuration.

The following caveats apply to F5 Access for Chrome OS 1.0.4 and versions of BIG-IP prior to 12.0.
  • On BIG-IP versions prior to BIG-IP 12.0, client settings are derived from the Win/Mac F5 Access Client settings in the connectivity profile.
  • On versions prior to BIG-IP 12.0, you can detect Chrome OS clients in an access policy with a custom branch rule in the Client OS access policy item:

    1. Add a Client OS Access Policy item.
    2. Add a custom branch rule called Chrome OS and use the Advanced expression builder to enter the expression: expr { [mcget {session.client.platform}] == "ChromeOS" }

Fixes in 1.0.4

Fixes in F5 Access

ID Number Description
583110 Previously, when a third-party identity provider such as a SAML identity provider set persistent cookies in F5 Access for Chrome OS, those persistent cookies were deleted after the VPN connection was stopped. Now, persistent cookies created by third-party identity providers are stored across subsequent connections.
633366 Previously, clicking the Help button caused an error and did not open the online help. This issue has been fixed.
651377 Previously, the user could not accept or decline the EULA for F5 Access on Chrome OS 57 and later. This issue has been fixed.

Limitations in 1.0.4

Limitations in F5 Access

ID Number Description
555822 Due to Chrome OS limitations, when multiple users sign in on the same Chrome OS device, Chrome OS always uses the network configuration of the primary user (the user who logged in first). A VPN app added or configured as any other user will not work.
562673 VPN performance is limited on low-end Chromebook devices. This is documented in the Chrome OS issue: https://code.google.com/p/chromium/issues/detail?id=534872. (Note that this link is for a third-party site, and thus is subject to change at any time.)

Google Account Sync and F5 Access

By default, Google accounts sync apps across all devices. F5 Access for Chrome OS is not supported on the Chrome browser on platforms other than Chrome OS. An error message will be displayed if the user attempts to launch F5 Access on a platform other than Chrome OS. For more information, see Sync information across Chromebooks. (Note that this link is for a third-party site, and thus is subject to change at any time.)

Known issues in 1.0.4

ID Number Description
537336 Immediately after the installation or upgrade of F5 Access for Chrome OS, the first time the VPN is initiated you may notice a delay.
557689 The certificate information button in the certificate selection screen is not working properly. This is documented in the Chrome OS defect https://code.google.com/p/chromium/issues/detail?id=312893.

Supported features in 1.0.4

The following F5 Access features are available in F5 Access for Chrome OS 1.0.4:

Table 2. Authentication
Feature
Username/Password
Optional Client Certificate
SAML (APM acting as SP with SP initiated access)
Table 3. Tunnel
Feature
TLS 1.x
IPv4 lease pool
DTLS
DTLS port
IPv4 transport
Table 4. Split Tunneling Scope
Feature Notes
Use split tunneling for traffic
Force all traffic through tunnel
Include Subnet List of subnets to be routed through the virtual VPN adapter.
Exclude Subnet List of subnets to exclude from routing through the virtual VPN adapter.
DNSSuffix DNS suffix for intranet.
DNS DNS server for VPN connection.
Table 5. Client Proxy Settings
Feature Notes
Client Proxy Settings Settings apply to the proxy behind the Access Policy Manager.
Client Proxy Autoconfig Script The URL for a proxy auto-configuration script, if one is used with this connection.
Client Proxy Address IP address of the client proxy server that network access clients use to connect to the Internet.
Client Proxy Port Port number on the proxy server that you want network access clients to use to connect to the Internet.
Client Proxy Exclusion List Specifies the Web addresses that do not need to be accessed through your proxy server. You can use wild cards to match domain and host names or addresses. For example,www.*.com, 128.*, 240.8, 8., mygroup.*, *.* , and so forth.

Contacting F5 Networks

For additional information, please visit http://www.f5.com.

Legal notices