F5 VPN client + Endpoint Inspection

It sounds like you run Edge Client, enter connected mode, then it opens up a browser control, and then can't run the inspector ActiveX.

I believe there is a group policy setting that can disallow webview (also knows as "browser control", "embedded IE", "mini browser") from running ActiveX, which seems like what's going on here. The setting you want to enable is "run activex controls and plug-ins".

This should be enabled by default. Also the server URL should be in Trusted Sites.

Here's some additional information about that:

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-client-configuration-11-5-0/1.html

Hello Lucas,

Following up on the above issue. Some users (a minority, yet to determine exact numbers) are seeing something unexpected after we upgraded some of our (test)users to the new VPN-client:

'a browser component is needed'
'1) Your current security settings prohibit running ActiveX controls on this page, or 2) You have blocked a publisher of one of the controls. As a result, the page might not display correctly."'

Are these notifications something that is known? I deploy with SCCM with the command:

"msiexec /i "BIGIPComponentInstaller.msi" ALLUSERS=1 REBOOT=REALLYSUPPRESS /q /l*v %TEMP%\F5_BIGIP_Install.log" with a created installer package as advised above. Installation runs ok on all pc's.

'Install the addon and continue' or 'Continue without installing':

'Permission required':

Thanks in advance.

With kind regards,

Sven

Good morning Lucas,

And thank you. This was indeed the bit i was missing. Thanks to your info everything works out fine now. Thanks a million ;-)

With regards,

Sven

This might be confusing because there are two different ways that the endpoint inspector can fire, depending on if the users are connecting with Edge Client or not.

If you're using Edge Client to start the VPN, it has special functions that recognize and start up the EPS process by calling the library directly.

If you're using a browser to start the VPN, the endpoint-inspection javascript code delivered to the browser tries to call a special URL scheme "f5-epi://" that should be registered to the EPI app. This is similar to how Zoom works to launch the Zoom thick app from a browser.

To get that endpoint inspector installed and registered as a URL scheme, choose these options when you create the Edge Client package from the big-ip GUI:

The inspector ones that should install that are "Endpoint Security", "Inspector Service", and "Web Browser Add-ons for BIG-IP Edge Client".