Windows 10 Support (including F5 BIG-IP Edge Client) Available With Certain BIG-IP APM Versions
This isthelatestinformation available from F5 regarding MicrosoftWindows 10 support (including F5 BIG-IP Edge Client) with certain BIG-IP APM versions. Microsoft Windows 10 support is available for certain BIG-IP APM versions. This entry replaces the original AskF5 solution (SOL16626) on support.f5.com F5 currently supports Microsoft Window 10 for the following versions: BIG-IP 12.0.0(seeF5 BIG-IP APM Client Compatibility Matrix for 12.0.0) Note: Support for Windows 10 has been added in BIG-IP 12.0.0 HF1 and later. For more information about BIG-IP hotfixes, please refer toSOL13123: Managing BIG-IP product hotfixes (11.x - 12.x). BIG-IP 11.6.0 (see F5 BIG-IP Client Compatibility Matrix for 11.6.0) Note: Support for Windows 10 has been added in BIG-IP 11.6.0 HF6 and later. For more information about BIG-IP hotfixes, refer toSOL13123: Managing BIG-IP product hotfixes (11.x - 12.x). BIG-IP 11.5.3 (see F5 BIG-IP APM Client Compatibility Matrix for 11.5.3) Note: Support for Windows 10 has been added in BIG-IP 11.5.3 HF2 and later. For more information about BIG-IP hotfixes, please refer toSOL13123: Managing BIG-IP product hotfixes (11.x - 12.x). Previously, in the original AskF5 solution (SOL16626), it was stated that F5 planned to support Windows 10 withBIG-IP 11.4.1. However, as many customers have been able to upgrade to newer versions of BIG-IP, and because F5customersshouldbenefit substantially from stability improvements in BIG-IP 11.5 and 12.0.0, which are within F5’sMajor Release/Long Term Stability Release model, F5 will not be providing additional support for Windows 10 with BIG-IP APM 11.4.1, as previously stated. Additionally, F5 will be enabling the following as regards Windows 10: Windows 10 Browser Support The Windows Internet Explorer browser included in the Windows 10 release is supported. The BIG-IP APM system does not currently support the Microsoft Edge (Spartan) browser. Inbox F5 VPN Client Windows 8.1 includes a built-in VPN client for BIG-IP APM (Inbox F5 VPN Client). For Windows 10, the VPN client for the BIG-IP system will be available for download from the Windows Store. Please note that the name of the app may also change. Windows Protected Workspace The Windows Protected Workspace feature of BIG-IP APM is not currently supported on Windows 10. Client side checks Certain client-side security checks (such as Patch Management and Windows Health Agent) are no longer supported on Windows 10. Depending on how you use these checks with BIG-IP APM, these Windows 10 client checks may fail. For information about adding Windows 10 clients to BIG-IP APM, please refer toSOL16874: Adding a new device type detection to an access policy.What are F5 Access and BIG-IP Edge Clients?
tl;dr - F5 Access and BIG-IP Edge are VPN clients that connect to APM access policies for L3 network connectivity. Building on the DevCentral Basics article What is BIG-IP APM, a few questions remain. How do mobile clients access web application resources? How can I easily turn on and off VPN connectivity? The question distill down to connectivity options for clients connecting to BIG-IP APM infrastructure. Users are limited to using web client connectivity which may not always be a preferred or allowed option. F5 provides several client-based options for connectivity to BIG-IP APM. F5 Access When used in conjunction withBIG-IP APM access policies, F5 Access provides traditional L3 VPN connectivity to your corporate resources. F5 Access is supported on Windows 10, Windows 10 Mobile, iOS, and Android. Currently the client features does not have parity across the different operating systems for various reasons. For a complete supported version matrix please see the F5 Apps Compatibility Matrix. F5 Edge Client As of version 3.0 the F5 Edge Client is renamed to the above F5 Access client. Prior to the 3.0 version, F5'sEdge Client was the preferred client solution for L3 VPN access. This client is still supported through BIG-IP version 13 but will be eventually deprecated as the F5 Access client matures into full feature compliancy. F5 Edge Portal We previously discussed BIG-IP APM's Web Portal gateway, allowing policy-based granular access to web applications directly instead of requiring full VPN. The F5 Edge Portal offers a client version of the Web Portal for easier mobile access to web portal applications. The F5 Edge Portal will not continue support into iOS 11 or Android 8. Please the EOL plans:F5 BIG-IP Edge Portal - End of Support and End of Availability Announcement. As the BIG-IP APM product evolves and customer security requirements and requests changes, we'll continue to keep updating our client functionality to anticipate those requirements. The F5 Access client is the future of BIG-IP client connectivity for those who don't wish to use the web client offered with BIG-IP APM. We'll keep you updated here and through AskF5, our authoritative support resource. Please check out the below links for more information on F5 client functionality, supportability, and how to configure your client access policies. As always, please let us know any content you would like to see expanded. Happy Networking! On DevCentral: F5 BIG-IP Edge Portal - End of Support and End of Availability Announcement F5 Access for Your Chromebook F5 Access for Windows 10/Windows 10 Mobile Now Available On F5.com: F5 Apps Compatibility Matrix F5 Access & BIG-IP Edge Apps Documentation University.f5.com - Search for F5 Access AND/OR Edge (requires F5 Support login)
Linux CLI VPN Client - "Server certificate verification failed."
Hi all, We've recently gone live with our VPN (on v13 HF2) and some of our users have reported their having issues accessing the VPN from their Linux command line. On RHEL/Fedora, the VPN connection doesn't work. On Ubuntu, I can see the errors in the logs but it lets me through anyhow. After installing the package, they run the command to connect to the VPN: f5fpc -s -t https://ourvpn.com When querying how the connection went, I can see: f5fpc -i Connection Status: logon failed Server certificate verification failed. The certificate we're using is a properly signed QuoVadis cert. The ~/.F5Networks/standalone.log shows: 2017-07-24,14:39:27:019, 2839,2849,standalone, 0, /LinuxEventHandler.cpp, 924, , LinuxEventHandler::loadCAStore()- Using default Trusted cert store at=/etc/ssl/certs, for CA cert validation 2017-07-24,14:39:27:019, 2839,2849,standalone, 2, /LinuxEventHandler.cpp, 1052, LinuxEventHandler::verify_context_chain(), Server Cert chain is empty 2017-07-24,14:39:27:021, 2839,2849,standalone, 0, /LinuxEventHandler.cpp, 1063, , LinuxEventHandler::verify_context_chain() - X509_verify_cert(): verification error=2, string=unable to get issuer certificate 2017-07-24,14:39:27:021, 2839,2849,standalone, 48, /LinuxEventHandler.cpp, 68, CLinuxEventHandler::HandleEvent(), exit with, 0 2017-07-24,14:39:27:022, 2839,2849,standalone, 2, /USSLChannel.cpp, 312, USSLChannel::Write, SSL_write failed (result: -1, error: SSL_ERROR_SSL) 2017-07-24,14:39:27:022, 2839,2849,standalone, 1, /UHTTP.cpp, 38, UHTTP::makeRequest(), EXCEPTION - send request error 2017-07-24,14:39:27:022, 2839,2849,standalone, 1, /UHTTP.cpp, 115, , EXCEPTION caught: UHTTP::makeRequest() - EXCEPTION 2017-07-24,14:39:27:022, 2839,2849,standalone, 48, /UFirepass.cpp, 679, UFirepass::doGetRequestWithoutRedirect, server returned HTTP code, return code, 0, -1 2017-07-24,14:39:27:022, 2839,2849,standalone, 1, /UFirepass.cpp, 688, UFirepass::doGetRequestWithoutRedirect, (0x27) EXCEPTION - Channel error, 39 2017-07-24,14:39:27:022, 2839,2849,standalone, 48, /UChannelChain.cpp, 34, UChannelChain::~UChannelChain(), destroying channel 2. Stats (0) - Recv=3283 Send=524 2017-07-24,14:39:27:022, 2839,2849,standalone, 48, /UChannelChain.cpp, 34, UChannelChain::~UChannelChain(), destroying channel 1. Stats (0) - Recv=3283 Send=524 2017-07-24,14:39:27:022, 2839,2849,standalone, 1, /UFirepass.cpp, 782, , EXCEPTION caught: UFirepass::getFirepassToken - EXCEPTION 2017-07-24,14:39:27:022, 2839,2849,standalone, 1, /UFirepass.cpp, 911, UFirepass::DoPrelogon, Failed to obtain logon token: prelogon is not enabled or Firepass server has version below 5.5 2017-07-24,14:39:27:022, 2839,2849,standalone, 48, /UChannelChain.cpp, 55, UChannelChain::BuildChannels(), enter, 0x7: U_ENABLE_SOCKET_CHANNEL U_ENABLE_SSL_CHANNEL U_ENABLE_PROXY_CHANNEL 2017-07-24,14:39:27:022, 2839,2849,standalone, 48,,,, USSLChannel::USSLChannel:RAND_status(1) I've tried uploading the root/intermediate certificates to /etc/ssl/certs but still not luck. The workaround is to use the ignore certificate switch (-x) but I don't really want to do this. f5fpc -s -t https://ourvpn.com/ -x Any ideas?? Thanks, Nick
VPN BIG-IP Edge client : firewall rules applied by BIG-IP Edge Client
We have established a VPN connection between a Windows client and a BIG-IP v15. We are using BIG_IP Edge client, with network access. According to table 3.5 in this document : https://support.f5.com/csp/article/K49720803#link_05_04 when "always connected" mode is enabled, BIG-IP edge client applies firewall rules. Is there any other feature that allow BIG-IP edge client to apply firewall rules ? What kind of rules are applied ?Windows BIG-IP Edge Client cannot verify certificate revocation information
Hi, I have the local Windows firewall on for my test machine ONLY allows access to the IP address of the SSL VPN. This all works fine. However the Windows BIG-IP Edge Client cannot verify certificate revocation information. The funny thing is, Internet Explorer can and doesnt give me any warnings. I've tried making it a trusted site, installing the certificate. I just don't know why IE can check it/trust it, but the Edge Client can't?
Big IP Edge Client Issue
Recently when connecting using BIG-IP Edge Client, users are now getting a popup window that seems to be coming from "https://www.f5.com/apps/all/avail.txt"; and the window is blank and has the text "avail" in it. If the window is closed the connection is terminated, if the window is left minimized the client stays connected. Running APM version 11.5.3, no recent changes have been done. Attached image of the popup window. Any suggestions what could be causing this all of a sudden?Is Window 7 supported?
Hello. I sucessfully usedBIG-IP Edge Client in Windows 7 but yesterday it auto-updated installing CAB files for a long time and after that it was impossible to connect to any server. I uninstalled it and now I cannot install it again. Installation process installs ActiveX components, then drivers and quickly rollbacks saying that there was error and installation was not successful. I understand that Windows 7 maybe not supported, but just to be sure that it is so. If you need some additional logs and information feel free to ask.Big IP Edge Client windows 10 no connectivity with VPN - works on windows 7
Hi we are using Big IP Edge client for VPN connection. We validate with user creds, machine certificate check and antivrus check. When connecting from a windows 7 machine all is well and works as expected. When connecting form a windows 10 machine, the VPN connects (Access policy is passed A-OK) and it all seems ok (ip address assigned from correct lease pool etc) but I cannot connect to anything! I can see the traffic leaving the client (when I look at firewall logs the client is sending out the traffic to servers i am trying to RDP to for example) but it seems when the traffic is on its way back it doesn't properly get handled by the client (as if maybe its not getting decrypted by the edge client and sent on to application layer or something like that) Now we are running 11.6 Hotfix 6 which is compatible with windows 10 but so far support haven't been much help. I provided them decrypted tcpdump from F5, wireshark from client, f5wininfo output but last update from support was to disable windows firewall which made no difference (I knew it wouldnt as all outbound traffic allowed anyway and VPN connection is all outbound) then they asked to check that machine has latest windows updates! (As if thats got anything to do with it) This is causing much grief as we are about to rollout win 10 to the company but unless I can get VPN working its delaying rollout. Anyone seen this before? Any help would be greatly appreciated.
Big-IP Edge Client seems not to work with Windows 10 1803
Hi everybody Windows 10 Release 1803 will be delivered in the next few days to the public. We are running the latest build from the Windows Insider Program: Unfortunately the Big-IP Edge client version 7160,2018,118,2335 (APM 13.1.0.5) is not working with this Windows build. The VPN connection cannot be established. First error message in logterminal.txt [User]: Error CURDialer::InitializeConnectionThreadProc, Failed to set entry properties in C:\Users\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk (error: 0x278) Does anybody get the Big-IP Edge client worked with Windows 10 1803? Thank you, John
BIG IP Edge Client
Hi, I am working with my Windows desktop from remotely and using the BIG IP Edge client [SSL VPN], when my internet connection drops, the Edge client stops and when it reconnects it prompts me with AD credentials again, As I have typed in my AD credentials at first instance [when first time I launched it], Can I not avoid this authentication again [when internet drops and come back again]?
