Original Publication Date: 12/19/2018
In September 2018, Apple posted the release of F5 Access for iOS 3.0.2. Users should download this new version from the app store.
For a comprehensive list of documentation that is relevant to this release, refer to BIG-IP Access Policy Manager Documentation.
There are no features and enhancements in 3.0.2.
F5 Access 3.0.1 allows you to install client certificates in the following ways.
There are no behavior changes in 3.0.2.
The name of the app is changed from "F5 Access 2018" to "F5 Access". The current version of app is F5 Access 3.0.1.
|679249||Starting with F5 Access version 3.0, the client is distributed with App Transport Security enabled. App Transport Security (ATS) requires that beginning with iOS 9 apps no longer be allowed to initiate insecure plain text HTTP connections, or TLS connections that don't comply with stricter requirements. The changes include:
|697694||In F5 Access 2.1.1, the session variable session.client.biometric_fingerprint was not populated when an on-demand connection was completed. In F5 Access 3.0.0, session.client.biometric_fingerprint is populated when an on-demand connection is completed.|
|702427||If the BIG-IP configuration contains the LaunchApplication block for the Edge Client branch, the application work for on-demand VPN scenarios and per-app VPN scenarios. The Following notification appears when the tunnel is established: The Remote Access Server is attempting to run a local application. The user must click this message or launch F5 Access to start the app.|
|706017||Beginning with F5 Access 3.0.0, Per-App VPN connections are L3. As a result:
The following are known issues that affect the user experience when F5 Access is used on an iOS device. These issues may be addressed in the future by F5 or Apple.
|504919||F5 Access does not resolve the BIG-IP APM hostname each time it reconnects after the connection is broken. This limits the use of load balancing with BIG-IP DNS as it keeps using the same IP address for the connection.|
|557905||On iOS 9, if a managed app is being updated while Per-App VPN is active, the updated app might not make use of the active session until the active session is expired and a new one is created. As a workaround, wait until the current session expires, and restart the updated app.|
|587775||iOS may frequently sleep/wakeup VPN plugin in sleep mode of device and sending DNS queries. This causes APM session keeps alive for long time. The DNS queries are sent every from 10 seconds to a few minutes. The issue was reported to Apple to confirm and tracked through 25739124|
|695712||Due to an iOS issue (Apple Radar 36006149), it is currently not possible to switch between configurations widget added to the Today view.|
|696882||In this release, we don't support user interaction (prompts) for per-App VPN scenario. Server configuration should not require any user interaction to establish VPN.|
|699062||Per-App VPN that requires user interaction works only with a single Per-App VPN configuration, and only with clients running iOS 12. We currently don't support user interaction in a Per-App VPN scenario with any other Per-App VPN configurations. Administrators should configure the BIG-IP so as not to require user interaction to establish VPN for configurations that require more than a single Per-App VPN.|
|700849||When you use an MDM to push a device-wide VPN that includes the SavePasswordEnabled feature, the setting enforceWebLogon does not work after the device is restored from backup.|
|700903||User may have to enter password again when there is a network connectivity changes, eg, enable/disable wifi and wifi roaming. This issue is currently reported to Apple as 36379795 and under investigation.|
|701247||With the use of Apple Transport Security (ATS) in version 3.x, insecure HTTP does not work for most connections. However, in some cases an HTTP (not HTTPS) IP address does still work. This may or may not be removed in the future by Apple.|
|701636||The Session expired or closed by server message will not appear when session is killed by an administrator or by timeout. The tunnel will be silently closed instead. Similarly, the message will not be shown if no lease pool is specified for the NA resource or the NA's lease pool is exhausted.|
|704309||Before iOS 12, F5 Access did not send the client certificate to BIG-IP if the weblogon mode was enabled in configuration, due to framework limitations. In iOS 12, Apple partially fixed this issue, but the client certificate is attached twice. We are still waiting for Apple to update us.|
|704554||The error message "Authentication failed" is displayed if notifications are not allowed for F5 Access, in a scenario where F5 Access requires user input to authenticate. As a workaround, the user should enable notifications in.|
|706718||If per-app VPN configuration doesn't have SafariDomains specified it is displayed as Enterprise VPN in F5 Access.|
|707434||The confirmation message "F5 Access would like to add VPN configurations" that appears when the user attempts to save a first VPN configuration is not localized in iOS 11. Regardless of the selected system language, the message appears in English.|
|734519||On the iPad, in the Credentials prompt, the Save Password box is not aligned correctly.|
|738442||Under certain circumstances, per-app VPN sessions can intermittently close with APM log "Session deleted (network_error; code - 4)" or new sessions can be established while current sessions are still active.|
|738742||There is a DTLS fragmentation when F5 Access version 3.0.1 (and 3.0.0) is used.|
|739513||F5 Access for iOS web logon fails in some cases when there are multiple redirects to external pages.|
|742410||F5 Access 3.0.2 cannot access certificates deployed for F5 Access 2.1.2 due to limitations of iOS. The only solution is to redeploy certificates to F5 Access 3.0.2.|
|743249||With both F5 Access Legacy 2.1.2 and F5 Access 3.0.1 running on the same device, if there are two configurations created in each VPN client with the same name, after iOS is rebooted "2" is appended to the name of whatever configuration was created last.|
|743918||VPN connection cannot be established if PAC file cannot be downloaded without the established VPN. As a workaround, set the "Ignore Client Proxy Autoconfig Script Download Failure" setting to enabled, so the client does not attempt to download the PAC file prior to establishing the connection. The tunnel will be created with PAC specification as provided in NA resource.|
|741595||Previously, F5 Access 3.0.x ignored the password specified in the URL-schema request if password caching is disabled in the connectivity profile. Instead of using the password, F5 Access showed the credentials prompt to the user. This issue is resolved in version 3.0.2.|
|741849||Previously, when an F5 Access 3.0.x connection was redirected from one virtual server to another, the VPN connection would fail to establish. This has been fixed.|
|742270||Previously, F5 Access failed to recognize SAML http post request, and wrongly treated it as external redirect and restarted the weblogon. This issue is resolved in version 3.0.2.|
|742285||Previously, F5 Access 3.0.x did not send the VHOST cookie for the landing URI. This has been fixed.|
|720093||Previously, F5 Access did not support opening links for App Store app during authentication with Web Logon. When the user selected the link, an error message "Unsupported URL" was displayed. This issue is resolved in version 3.0.1.|
|734512||Previously, when the Japanese language was selected for the user interface, some items or the native logon UI were displayed in Korean language. This issue is resolved in version 3.0.1.|
|Phone - North America:||1-888-882-7535 or (206) 272-6500|
|Phone - Outside North America, Universal Toll-Free:||+800 11 ASK 4 F5 or (800 11275 435)|
|Fax:||See Regional Support for your area.|
For additional information, please visit http://www.f5.com.
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of knowledgebase articles that help you manage your F5 products more effectively. Whether you want to browse periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
To subscribe, click AskF5 Publication Preference Center, enter your email address, select the publications you want, and click the Submit button. You will receive a confirmation email. You can unsubscribe at any time by clicking the Unsubscribe link at the bottom of the email, or on the AskF5 Publication Preference Center screen.