F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Centralized Management
  4. BIG-IQ Centralized Management: Access
  5. Connectivity
Manual Chapter : Connectivity

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.0.0, 6.1.0, 6.0.1
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Connectivity

About connectivity profiles and Network Access

A connectivity profile defines connectivity and client settings for a Network Access session.

A connectivity profile contains:

  • Compression settings for network access connections and application tunnels
  • Citrix client settings
  • Virtual servers and DNS-location awareness settings for BIG-IP® Edge Client® for Windows, Mac, and Linux
  • Password caching settings for BIG-IP Edge Client for Windows, Mac, and mobile clients
  • Settings for mobile clients

A connectivity profile is also associated with customizable client download packages for Edge Client for Windows and Edge Client for Mac.

About a connectivity profile and traffic handling

If a connectivity profile is assigned to a virtual server, it creates a secure connectivity (tunnel) interface. Traffic that is allowed through the tunnel is matched against any virtual servers enabled on the tunnel interface. If a matching virtual server is found, the traffic goes to the virtual server before going out to the network. Network access, portal access, iSession, and mobile app tunnel traffic are allowed through the tunnel and the same traffic handling is applied to all of them.

Create a connectivity profile

You create a connectivity profile to configure client connections.
  1. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  2. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  3. Expand Connectivity / VPN and click Connectivity > Profiles .
  4. Click Create.
    The Create New Connectivity Profile screen opens and displays General Settings.
  5. Type a Profile Name for the connectivity profile.
  6. Select a Parent Profile from the list.
    Access for BIG-IQ provides a default profile, connectivity.
  7. To save your changes, click the Save & Close button at the bottom of the screen.
The connectivity profile displays in the list.
To provide functionality with a connectivity profile, you must add the connectivity profile and an access profile to a virtual server.

Connectivity profile general settings

You can configure the following general settings in a connectivity profile.

Profile setting Value Description
Profile Name Text. Text specifying name of the connectivity profile.
Parent Profile A connectivity profile, selected from a list. A profile inherits settings from its parent profile.
FEC Profile A forward error correcting (FEC) profile, selected from a list. A FEC profile applies to a network access tunnel.
Note: FEC profiles might not be available on all BIG-IP systems.
Description Text. Text description of the connectivity profile.

Configure a connectivity profile for Edge Client for Windows

A connectivity profile automatically contains settings for BIG-IP Edge Client for Windows clients. You should configure the settings to fit your situation.
  1. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  2. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  3. Expand Connectivity / VPN and click Connectivity > Profiles .
  4. Select the connectivity profile that you want to update from the list.
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  5. Select Win/Mac Edge Settings in the left pane.
    Settings for the Windows Edge Client display in the right pane.
  6. Set Edge Client action settings:
    1. Retain the default (selected) or clear the Save Servers Upon Exit check box.
      Specifies whether Edge Client maintains a list of recently used user-entered APM servers. Edge Client always lists the servers that are defined in the connectivity profile, and sorts them by most recent access, whether this option is selected or not.
    2. To enable the client to try to use the Windows logon session for an APM session also, select the Reuse Windows Logon Session check box.
      This is cleared by default.
    3. To enable the client to try to use the credentials that they typed for Windows logon in an APM session also, select the Reuse Windows Logon Credentials check box.
      This is cleared by default.
      Note: To support this option, you must also include the User Logon Credentials Access Service in the Windows client package for this connectivity profile and you must ensure that the access policy includes an uncustomized Logon Page action.
  7. To support automatic reconnection without the need to provide credentials again, allow password caching.
    1. Select the Allow Password Caching check box.
      This check box is cleared by default.
      The remaining settings on the screen become available.
    2. From the Save Password Method list, select disk or memory.
      If you select disk, Edge Client caches the user's password (in encrypted form) securely on the disk where it is persisted even after the system is restarted or Edge Client is restarted.
      If you select memory,  Edge Client caches the user's password within the BIG-IP Edge Client application for automatic reconnection purposes.
      If you select memory, the Password Cache Expiration (minutes) field displays with a default value of 240.
    3. If the Password Cache Expiration (minutes) field displays, retain the default value or type the number of minutes to save the password in memory.
  8. To enable automatic download and update of client packages, from the Component Update list, select yes (default).
    If you select yes, APM updates Edge Client software automatically on the client system when newer versions are available. This option applies to updates for theses components only: BIG-IP Edge Client, component installer service, DNS relay proxy service, and user logon credentials access service.
  9. Specify DNS suffixes that are considered to be in the local network.
    Providing a list of DNS suffixes for the download package enables Edge Client to support the autoconnect option. With Auto-Connect selected, Edge Client uses the DNS suffixes to automatically connect when a client is not on the local network (not on the list) and automatically disconnect when the client is on the local network.
    1. From the left pane of the popup screen, select Location DNS List.
      Location DNS list information is displayed in the right pane.
    2. Click Add.
      An update row becomes available.
    3. Type a name and click Update.
      Type a DNS suffix that conforms to the rules specified for the local network.
      The new row displays at the top of the table.
    4. Continue to add DNS names and when you are done, click OK.
  10. To save your changes, click the Save & Close button at the bottom of the screen.
You have now configured the security settings for BIG-IP Edge Client for Windows clients.

Configure a connectivity profile for Edge Client for Mac

A connectivity profile automatically contains settings for BIG-IP Edge Client for Mac clients. You should configure the settings to fit your situation.
  1. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  2. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  3. Expand Connectivity / VPN and click Connectivity > Profiles .
  4. Select the connectivity profile that you want to update from the list.
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  5. Select Win/Mac Edge Settings in the left pane.
    Settings for the Mac Edge Client display in the right pane.
  6. Set Edge Client action settings:
    1. Retain the default (selected) or clear the Save Servers Upon Exit check box.
      Specifies whether Edge Client maintains a list of recently used user-entered APM servers. Edge Client always lists the servers that are defined in the connectivity profile, and sorts them by most recent access, whether this option is selected or not.
    2. To enable the client to try to use the Mac logon session for an APM session also, select the Reuse Mac Logon Session check box.
      This is cleared by default.
    3. To enable the client to try to use the credentials that they typed for Mac logon in an APM session also, select the Reuse Mac Logon Credentials check box.
      This is cleared by default.
      Note: To support this option, you must also include the User Logon Credentials Access Service in the Mac client package for this connectivity profile and you must ensure that the access policy includes an uncustomized Logon Page action.
  7. To support automatic reconnection without the need to provide credentials again, allow password caching.
    1. Select the Allow Password Caching check box.
      This check box is cleared by default.
      The remaining settings on the screen become available.
    2. From the Save Password Method list, select disk or memory.
      If you select disk, Edge Client caches the user's password (in encrypted form) securely on the disk where it is persisted even after the system is restarted or Edge Client is restarted.
      If you select memory,  Edge Client caches the user's password within the BIG-IP Edge Client application for automatic reconnection purposes.
      If you select memory, the Password Cache Expiration (minutes) field displays with a default value of 240.
    3. If the Password Cache Expiration (minutes) field displays, retain the default value or type the number of minutes to save the password in memory.
  8. To enable automatic download and update of client packages, from the Component Update list, select yes (default).
    If you select yes, APM updates Edge Client software automatically on the client system when newer versions are available. This option applies to updates for theses components only: BIG-IP Edge Client, component installer service, DNS relay proxy service, and user logon credentials access service.
  9. Specify DNS suffixes that are considered to be in the local network.
    Providing a list of DNS suffixes for the download package enables Edge Client to support the autoconnect option. With Auto-Connect selected, Edge Client uses the DNS suffixes to automatically connect when a client is not on the local network (not on the list) and automatically disconnect when the client is on the local network.
    1. From the left pane of the popup screen, select Location DNS List.
      Location DNS list information is displayed in the right pane.
    2. Click Add.
      An update row becomes available.
    3. Type a name and click Update.
      Type a DNS suffix that conforms to the rules specified for the local network.
      The new row displays at the top of the table.
    4. Continue to add DNS names and when you are done, click OK.
  10. To save your changes, click the Save & Close button at the bottom of the screen.
You have now configured the security settings for BIG-IP Edge Client for Mac clients.

Configure a connectivity profile for Edge Client for Android

A connectivity profile automatically contains settings for BIG-IP Edge Client for Android clients. You should configure the settings to fit your situation.
  1. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  2. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  3. Expand Connectivity / VPN and click Connectivity > Profiles .
  4. Select the connectivity profile that you want to update from the list.
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  5. Select Mobile Client Settings in the left pane.
    Settings for the Android Edge Client display in the right pane.
  6. To enable users to save their passwords for reconnection purposes within a specified time period, select the Allow Password Caching check box.
    The additional fields in the area become available.
  7. For Save Password Method, specify how to perform password caching:
    • To allow the user to save the encrypted password on the device without a time limit, select disk.
    • To specify that the user password is cached in the application on the user's device for a configurable period of time, select memory.
    If you select memory, the Password Cache Expiration (minutes) field becomes available.
  8. If the Password Cache Expiration (minutes) field displays, type the number of minutes you want the password to be cached in memory.
  9. To enhance security on the client, retain the selection of the Enforce Device Lock check box (or clear the check box).
    This check box is selected by default. Edge Portal® and Edge Client support password locking, but do not support pattern locking. If you clear this check box, the remaining settings in the area become unavailable.
  10. For Device Lock Method, retain the default numeric, or select a different method from the list.
  11. For Minimum Passcode Length, retain the default 4, or type a different passcode length.
  12. For Maximum Inactivity Time (minutes), retain the default 5, or type a different number of minutes.
  13. To force the app to use a selected logon mode and prevent users from changing it:
    1. Select the Enforce Logon Mode check box.
    2. From the Logon Method list, select web or native.
    Note: Support for this feature will be announced in release notes for the individual Mobile and App Store apps (BIG-IP Edge Client for iOS, Edge Client for Android, F5 Access for Chrome OS, Edge Portal for iOS, and Edge Portal for Android). Check the release notes for the Apps to determine whether it is supported.
  14. To save your changes, click the Save & Close button at the bottom of the screen.
You have now configured the security settings for BIG-IP Edge Client for Android clients.

Configure a connectivity profile for Edge Portal for Android

A connectivity profile automatically contains settings for BIG-IP Edge Portal for Android clients. You should configure the settings to fit your situation.
  1. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  2. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  3. Expand Connectivity / VPN and click Connectivity > Profiles .
  4. Select the connectivity profile that you want to update from the list.
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  5. Select Mobile Client Settings in the left pane.
    Settings for the Android Edge Portal display in the right pane.
  6. To enable users to save their passwords for reconnection purposes within a specified time period, select the Allow Password Caching check box.
    The additional fields in the area become available.
  7. For Save Password Method, specify how to perform password caching:
    • To allow the user to save the encrypted password on the device without a time limit, select disk.
    • To specify that the user password is cached in the application on the user's device for a configurable period of time, select memory.
    If you select memory, the Password Cache Expiration (minutes) field becomes available.
  8. If the Password Cache Expiration (minutes) field displays, type the number of minutes you want the password to be cached in memory.
  9. To enhance security on the client, retain the selection of the Enforce Device Lock check box (or clear the check box).
    This check box is selected by default. Edge Portal® and Edge Client support password locking, but do not support pattern locking. If you clear this check box, the remaining settings in the area become unavailable.
  10. For Device Lock Method, retain the default numeric, or select a different method from the list.
  11. For Minimum Passcode Length, retain the default 4, or type a different passcode length.
  12. For Maximum Inactivity Time (minutes), retain the default 5, or type a different number of minutes.
  13. To force the app to use a selected logon mode and prevent users from changing it:
    1. Select the Enforce Logon Mode check box.
    2. From the Logon Method list, select web or native.
    Note: Support for this feature will be announced in release notes for the individual Mobile and App Store apps (BIG-IP Edge Client for iOS, Edge Client for Android, F5 Access for Chrome OS, Edge Portal for iOS, and Edge Portal for Android). Check the release notes for the Apps to determine whether it is supported.
  14. To save your changes, click the Save & Close button at the bottom of the screen.
You have now configured the security settings for BIG-IP Edge Portal for Android clients.

Configure a connectivity profile for Edge Client for iOS

A connectivity profile automatically contains settings for BIG-IP Edge Client for iOS clients. You should configure the settings to fit your situation.
  1. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  2. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  3. Expand Connectivity / VPN and click Connectivity > Profiles .
  4. Select the connectivity profile that you want to update from the list.
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  5. Select Mobile Client Settings in the left pane.
    Settings for the iOS Edge Client display in the right pane.
  6. To enable users to save their passwords for reconnection purposes within a specified time period, select the Allow Password Caching check box.
    The additional fields in the area become available.
  7. To enable device authentication on the client, select Require Device Authentication.
  8. For Save Password Method, specify how to perform password caching:
    • To allow the user to save the encrypted password on the device without a time limit, select disk.
    • To specify that the user password is cached in the application on the user's device for a configurable period of time, select memory.
    If you select memory, the Password Cache Expiration (minutes) field becomes available.
  9. If the Password Cache Expiration (minutes) field displays, type the number of minutes you want the password to be cached in memory.
  10. In the On Demand Disconnect Timeout (minutes) field, retain the default 2, or type a different number of minutes before VPN on demand times out.
  11. To force the app to use a selected logon mode and prevent users from changing it:
    1. Select the Enforce Logon Mode check box.
    2. From the Logon Method list, select web or native.
    Note: Support for this feature will be announced in release notes for the individual Mobile and App Store apps (BIG-IP Edge Client for iOS, Edge Client for Android, F5 Access for Chrome OS, Edge Portal for iOS, and Edge Portal for Android). Check the release notes for the Apps to determine whether it is supported.
  12. To save your changes, click the Save & Close button at the bottom of the screen.
You have now configured the security settings for BIG-IP Edge Client for iOS clients.

Configure a connectivity profile for Edge Portal for iOS

A connectivity profile automatically contains settings for BIG-IP Edge Portal for iOS clients. You should configure the settings to fit your situation.
  1. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  2. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  3. Expand Connectivity / VPN and click Connectivity > Profiles .
  4. Select the connectivity profile that you want to update from the list.
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  5. Select Mobile Client Settings in the left pane.
    Settings for the iOS Edge Portal display in the right pane.
  6. To enable users to save their passwords for reconnection purposes within a specified time period, select the Allow Password Caching check box.
    The additional fields in the area become available.
  7. To enable users to save their passwords for reconnection purposes within a specified time period, select the Allow Password Caching check box.
    The additional fields in the area become available.
  8. For Save Password Method, specify how to perform password caching:
    • To allow the user to save the encrypted password on the device without a time limit, select disk.
    • To specify that the user password is cached in the application on the user's device for a configurable period of time, select memory.
    If you select memory, the Password Cache Expiration (minutes) field becomes available.
  9. If the Password Cache Expiration (minutes) field displays, type the number of minutes you want the password to be cached in memory.
  10. Specify security by keeping Enforce PIN Lock set to Yes.
    Edge Portal supports PIN locking, but does not support pattern locking.
  11. For Maximum Grace Period (minutes), retain the default 2, or type a different number of minutes.
  12. To force the app to use a selected logon mode and prevent users from changing it:
    1. Select the Enforce Logon Mode check box.
    2. From the Logon Method list, select web or native.
    Note: Support for this feature will be announced in release notes for the individual Mobile and App Store apps (BIG-IP Edge Client for iOS, Edge Client for Android, F5 Access for Chrome OS, Edge Portal for iOS, and Edge Portal for Android). Check the release notes for the Apps to determine whether it is supported.
  13. To save your changes, click the Save & Close button at the bottom of the screen.
You have now configured the security settings for BIG-IP Edge Portal for iOS clients.

Configure a connectivity profile for F5 Access for Chrome OS

A connectivity profile automatically contains default settings for F5 Access for Chrome OS. You should configure the connectivity profile settings to fit your situation.
  1. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  2. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  3. Expand Connectivity / VPN and click Connectivity > Profiles .
  4. Select the connectivity profile that you want to update from the list.
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  5. Select Mobile Client Settings in the left pane.
    Settings for F5 Access for Chrome OS display in the right pane.
  6. To enable users to save their passwords for reconnection purposes within a specified time period, select the Allow Password Caching check box.
    The additional fields in the area become available.
  7. For Save Password Method, specify how to perform password caching:
    • To allow the user to save the encrypted password on the device without a time limit, select disk.
    • To specify that the user password is cached in the application on the user's device for a configurable period of time, select memory.
    If you select memory, the Password Cache Expiration (minutes) field becomes available.
  8. If the Password Cache Expiration (minutes) field displays, type the number of minutes you want the password to be cached in memory.
  9. To force the app to use a selected logon mode and prevent users from changing it:
    1. Select the Enforce Logon Mode check box.
    2. From the Logon Method list, select web or native.
    Note: Support for this feature will be announced in release notes for the individual Mobile and App Store apps (BIG-IP Edge Client for iOS, Edge Client for Android, F5 Access for Chrome OS, Edge Portal for iOS, and Edge Portal for Android). Check the release notes for the Apps to determine whether it is supported.
  10. To save your changes, click the Save & Close button at the bottom of the screen.
You have now configured the security settings for F5 Access for Chrome OS.

Configure a connectivity profile for F5 Access for Mac OS

A connectivity profile automatically contains default settings for F5 Access for Mac OS. You should configure the connectivity profile settings to fit your situation.
  1. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  2. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  3. Expand Connectivity / VPN and click Connectivity > Profiles .
  4. Select the connectivity profile that you want to update from the list.
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  5. Select Mobile Client Settings in the left pane.
    Settings for F5 Access for Mac OS display in the right pane.
  6. To enable users to save their passwords for reconnection purposes within a specified time period, select the Allow Password Caching check box.
    The additional fields in the area become available.
  7. For Save Password Method, specify how to perform password caching:
    • To allow the user to save the encrypted password on the device without a time limit, select disk.
    • To specify that the user password is cached in the application on the user's device for a configurable period of time, select memory.
    If you select memory, the Password Cache Expiration (minutes) field becomes available.
  8. If the Password Cache Expiration (minutes) field displays, type the number of minutes you want the password to be cached in memory.
  9. To force the app to use a selected logon mode and prevent users from changing it:
    1. Select the Enforce Logon Mode check box.
    2. From the Logon Method list, select web or native.
    Note: Support for this feature will be announced in release notes for the individual Mobile and App Store apps (BIG-IP Edge Client for iOS, Edge Client for Android, F5 Access for Chrome OS, Edge Portal for iOS, and Edge Portal for Android). Check the release notes for the Apps to determine whether it is supported.
  10. To save your changes, click the Save & Close button at the bottom of the screen.
You have now configured the security settings for F5 Access for Mac OS.

Configure a connectivity profile for Edge Client for Windows

A connectivity profile automatically contains settings for BIG-IP Edge Client for Windows clients. You should configure the settings to fit your situation.
  1. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  2. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  3. Expand Connectivity / VPN and click Connectivity > Profiles .
  4. Select the connectivity profile that you want to update from the list.
    The Edit Connectivity Profile popup screen opens and displays General Settings.
  5. Select Win/Mac Edge Settings in the left pane.
    Settings for the Windows Edge Client display in the right pane.
  6. Set Edge Client action settings:
    1. Retain the default (selected) or clear the Save Servers Upon Exit check box.
      Specifies whether Edge Client maintains a list of recently used user-entered APM servers. Edge Client always lists the servers that are defined in the connectivity profile, and sorts them by most recent access, whether this option is selected or not.
    2. To enable the client to try to use the Windows logon session for an APM session also, select the Reuse Windows Logon Session check box.
      This is cleared by default.
    3. To enable the client to try to use the credentials that they typed for Windows logon in an APM session also, select the Reuse Windows Logon Credentials check box.
      This is cleared by default.
      Note: To support this option, you must also include the User Logon Credentials Access Service in the Windows client package for this connectivity profile and you must ensure that the access policy includes an uncustomized Logon Page action.
  7. To support automatic reconnection without the need to provide credentials again, allow password caching.
    1. Select the Allow Password Caching check box.
      This check box is cleared by default.
      The remaining settings on the screen become available.
    2. From the Save Password Method list, select disk or memory.
      If you select disk, Edge Client caches the user's password (in encrypted form) securely on the disk where it is persisted even after the system is restarted or Edge Client is restarted.
      If you select memory,  Edge Client caches the user's password within the BIG-IP Edge Client application for automatic reconnection purposes.
      If you select memory, the Password Cache Expiration (minutes) field displays with a default value of 240.
    3. If the Password Cache Expiration (minutes) field displays, retain the default value or type the number of minutes to save the password in memory.
  8. To enable automatic download and update of client packages, from the Component Update list, select yes (default).
    If you select yes, APM updates Edge Client software automatically on the client system when newer versions are available. This option applies to updates for theses components only: BIG-IP Edge Client, component installer service, DNS relay proxy service, and user logon credentials access service.
  9. Specify DNS suffixes that are considered to be in the local network.
    Providing a list of DNS suffixes for the download package enables Edge Client to support the autoconnect option. With Auto-Connect selected, Edge Client uses the DNS suffixes to automatically connect when a client is not on the local network (not on the list) and automatically disconnect when the client is on the local network.
    1. From the left pane of the popup screen, select Location DNS List.
      Location DNS list information is displayed in the right pane.
    2. Click Add.
      An update row becomes available.
    3. Type a name and click Update.
      Type a DNS suffix that conforms to the rules specified for the local network.
      The new row displays at the top of the table.
    4. Continue to add DNS names and when you are done, click OK.
  10. To save your changes, click the Save & Close button at the bottom of the screen.
You have now configured the security settings for BIG-IP Edge Client for Windows clients.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information