Windows 10 Support (including F5 BIG-IP Edge Client) Available With Certain BIG-IP APM Versions
This isthelatestinformation available from F5 regarding MicrosoftWindows 10 support (including F5 BIG-IP Edge Client) with certain BIG-IP APM versions. Microsoft Windows 10 support is available for certain BIG-IP APM versions. This entry replaces the original AskF5 solution (SOL16626) on support.f5.com F5 currently supports Microsoft Window 10 for the following versions: BIG-IP 12.0.0(seeF5 BIG-IP APM Client Compatibility Matrix for 12.0.0) Note: Support for Windows 10 has been added in BIG-IP 12.0.0 HF1 and later. For more information about BIG-IP hotfixes, please refer toSOL13123: Managing BIG-IP product hotfixes (11.x - 12.x). BIG-IP 11.6.0 (see F5 BIG-IP Client Compatibility Matrix for 11.6.0) Note: Support for Windows 10 has been added in BIG-IP 11.6.0 HF6 and later. For more information about BIG-IP hotfixes, refer toSOL13123: Managing BIG-IP product hotfixes (11.x - 12.x). BIG-IP 11.5.3 (see F5 BIG-IP APM Client Compatibility Matrix for 11.5.3) Note: Support for Windows 10 has been added in BIG-IP 11.5.3 HF2 and later. For more information about BIG-IP hotfixes, please refer toSOL13123: Managing BIG-IP product hotfixes (11.x - 12.x). Previously, in the original AskF5 solution (SOL16626), it was stated that F5 planned to support Windows 10 withBIG-IP 11.4.1. However, as many customers have been able to upgrade to newer versions of BIG-IP, and because F5customersshouldbenefit substantially from stability improvements in BIG-IP 11.5 and 12.0.0, which are within F5’sMajor Release/Long Term Stability Release model, F5 will not be providing additional support for Windows 10 with BIG-IP APM 11.4.1, as previously stated. Additionally, F5 will be enabling the following as regards Windows 10: Windows 10 Browser Support The Windows Internet Explorer browser included in the Windows 10 release is supported. The BIG-IP APM system does not currently support the Microsoft Edge (Spartan) browser. Inbox F5 VPN Client Windows 8.1 includes a built-in VPN client for BIG-IP APM (Inbox F5 VPN Client). For Windows 10, the VPN client for the BIG-IP system will be available for download from the Windows Store. Please note that the name of the app may also change. Windows Protected Workspace The Windows Protected Workspace feature of BIG-IP APM is not currently supported on Windows 10. Client side checks Certain client-side security checks (such as Patch Management and Windows Health Agent) are no longer supported on Windows 10. Depending on how you use these checks with BIG-IP APM, these Windows 10 client checks may fail. For information about adding Windows 10 clients to BIG-IP APM, please refer toSOL16874: Adding a new device type detection to an access policy.What are F5 Access and BIG-IP Edge Clients?
tl;dr - F5 Access and BIG-IP Edge are VPN clients that connect to APM access policies for L3 network connectivity. Building on the DevCentral Basics article What is BIG-IP APM, a few questions remain. How do mobile clients access web application resources? How can I easily turn on and off VPN connectivity? The question distill down to connectivity options for clients connecting to BIG-IP APM infrastructure. Users are limited to using web client connectivity which may not always be a preferred or allowed option. F5 provides several client-based options for connectivity to BIG-IP APM. F5 Access When used in conjunction withBIG-IP APM access policies, F5 Access provides traditional L3 VPN connectivity to your corporate resources. F5 Access is supported on Windows 10, Windows 10 Mobile, iOS, and Android. Currently the client features does not have parity across the different operating systems for various reasons. For a complete supported version matrix please see the F5 Apps Compatibility Matrix. F5 Edge Client As of version 3.0 the F5 Edge Client is renamed to the above F5 Access client. Prior to the 3.0 version, F5'sEdge Client was the preferred client solution for L3 VPN access. This client is still supported through BIG-IP version 13 but will be eventually deprecated as the F5 Access client matures into full feature compliancy. F5 Edge Portal We previously discussed BIG-IP APM's Web Portal gateway, allowing policy-based granular access to web applications directly instead of requiring full VPN. The F5 Edge Portal offers a client version of the Web Portal for easier mobile access to web portal applications. The F5 Edge Portal will not continue support into iOS 11 or Android 8. Please the EOL plans:F5 BIG-IP Edge Portal - End of Support and End of Availability Announcement. As the BIG-IP APM product evolves and customer security requirements and requests changes, we'll continue to keep updating our client functionality to anticipate those requirements. The F5 Access client is the future of BIG-IP client connectivity for those who don't wish to use the web client offered with BIG-IP APM. We'll keep you updated here and through AskF5, our authoritative support resource. Please check out the below links for more information on F5 client functionality, supportability, and how to configure your client access policies. As always, please let us know any content you would like to see expanded. Happy Networking! On DevCentral: F5 BIG-IP Edge Portal - End of Support and End of Availability Announcement F5 Access for Your Chromebook F5 Access for Windows 10/Windows 10 Mobile Now Available On F5.com: F5 Apps Compatibility Matrix F5 Access & BIG-IP Edge Apps Documentation University.f5.com - Search for F5 Access AND/OR Edge (requires F5 Support login)
Frequently Asked Questions - F5 Access 2018
FAQ - F5 Access 2018 (Introduction): What are F5 Networks’ plans for F5 Access and F5 Access 2018 long-term? F5 is committed to providing the latest in SSL VPN technology to its users. Long-term, F5 Networks will focus on providing F5 Access 2018 users with the newest features and bug-fixes necessary for secure remote access. F5 Access will continue to be fully supported until it is transitioned to “Legacy F5 Access” in Fall 2018. What are the differences between the F5 Access and F5 Access 2018 applications? F5 Access and F5 Access 2018 are both SSL VPN applications that are published by F5 Networks on the App Store to provide secure access to enterprise applications. F5 Access 2018 uses Apple’s Network Extension framework to deliver SSL VPN functionality, whereas F5 Access utilizes an older Apple-provisioned plug-in framework. F5 Access will be deprecated over time, but continues to be deployed in many enterprise environments. Which application should my organization use? F5 Access supports Apple iOS v10 and later; it remains the recommended version for organizations that want to leverage the full feature set offered today. F5 Access 2018 will support Apple iOS v11.0 and later. F5 Access 2018 and F5 Access Differences: Configuration Deployment VPN Type Manual Configured MDM Configured Device-wide VPN No Client Certificate import in F5 Access 2018 User has to permit adding the first configuration VPNSubType change: F5 Access: com.f5.F5-Edge-Client.vpnplugin F5 Access 2018: com.f5.access.ios Managed user configuration mode is not supported in F5 Access 2018 Per-App VPN N/A VPNSubType change: F5 Access: com.f5.F5-Edge-Client.vpnplugin F5 Access 2018: com.f5.access.ios Extra key ProviderType must be set to "packet-tunnel" in F5 Access 2018 Key PerAppVpn is no longer required in VendorConfig dictionary in F5 Access 2018 iii. F5 Access 2018 and F5 Access Differences: VPN Establishment VPN Type Manual On-Demand Device-wide VPN F5 Access 2018: Notifications must be enabled for any user prompts or weblogon interactions User is able to save password during connection establishment in native mode if 'save password' is set to 'disk' on BIG-IP F5 Access 2018: Notifications must be enabled for anyuser prompts or weblogon interactions. With mechanism of notifications following is supported in F5 Access 2018: Web Logon mode; Authentication prompt in native mode; Device authentication Per-App VPN N/A Per-App VPN cannot be established if user interaction is required. For F5 Access 2018, configure the F5 Access policy so that user interaction is not required to establish the VPN connection. F5 Access 2018 and F5 Access Differences: BIG-IP Configuration Configuring BIG-IP for Per-App VPN Virtual server changes: Application Tunnels (Java & Per-App VPN) option is no longer needed to be enabled Access policy changes: Since per-app VPN is L3 tunnel in F5 Access 2018 following resources must be assigned to access policy: Network Access resource Webtop Enforce Logon Mode Support Admin can enforce logon mode on server side in the connectivity profile. User cannot change Web Logon option value if it's enforced by BIG-IP. ATS-related changes in F5 Access 2018 Plain text HTTP connections are no longer allowed, and HTTPS with the strongest TLS configuration (TLS 1.2 and PFS cipher suites) is required. Self-signed certificates are not supported (unless CA certificate is set to Trusted on device) Client Cert Authentication Client Certificate Authentication Is Not Supported in Web Logon mode. If you want to use client certificate, it can only be installed via configuration profile (.mobileconfig file) or by your MDM service. What are the support terms for F5 Access and F5 Access 2018? F5 Networks will continue to support both F5 Access and F5 Access 2018 applications simultaneously, but will announce the updated legacy support terms for the F5 Access iOS application in Fall 2018. Can both F5 Access and F5 Access 2018 applications coexist on iOS devices? Yes, both applications can coexist on iOS devices, although it is neither recommended nor supported by F5 Networks. Do I need to change my MDM configurations when transitioning from F5 Access to F5 Access 2018? F5 Access and F5 Access 2018 have different App IDs, so when deploying F5 Access 2018 any existing MDM policies that include the F5 Access application should be re-purposed for the F5 Access 2018 application. All cached F5 Access application data should be removed before deploying and using the F5 Access 2018 application. This includes: saved configurations and certificates. Certificates that were previously deployed for F5 Access can be re-distributed for F5 Access 2018. Are there any usability changes in the F5 Access 2018 application? There are some minor usability changes in the F5 Access 2018 application. These are described in more detail below: Initially Launching F5 Access 2018 Upon the initial launch of the F5 Access 2018 the user is prompted with the following message: “F5 Access 2018” Would Like to Send You Notifications may include alerts, sounds, and icon badges. These can be configured in Settings. It is imperative that the user allow this particular prompt because if he/she doesn’t accept the application will not be able to display prompts necessary to allow native authentication and web logon for multi-factor authentication. Granting initial access to the F5 Access 2018 creates a more seamless user experience. Due to changes in Network Extension, only when user interface interaction is required is the user prompted with modal windows; otherwise the F5 Access 2018 runs quietly in the background. Adding VPN Configurations Adding a VPN configuration results in an additional prompt for permission to create the configuration after the user selects the Save button. Please note: prompt is shown only for 1 st configuration. For 2 nd configuration and all further configurations prompt won’t be shown. If the device is secured with a password, pin, or TouchID authentication methods, the user will be prompted to authenticate. If the user selects “Don’t Allow” in the Add Configuration modal window, the configuration fails to save. Are there specific hardware limitations for using F5 Access or F5 Access 2018? No, F5 Access and F5 Access 2018 can be used from any iOS device including all versions historically available for the following models: iPhones, iPad, and iPod touch. How should I setup a VPN-profile for F5 Access 2018 in Mobile Device Management solution? Device-wide VPN profile: Add VPN profile Select Connection type: “Custom” Set Identifier to “com.f5.access.ios” Complete the rest of configuration as needed. Per-app VPN profile: Add VPN profile Select Connection type: “Custom” Set Identifier to “com.f5.access.ios” Select Provider Type: “Packet Tunnel” Complete the rest of configuration as needed.F5 Access for Your Chromebook
My 5 th grader has a Chromebook for school. She loves it and it allows her access to school applications and educational tools where she can complete her assignments and check her grades. But if 5 th grade is a tiny dot in your rear-view and you’re looking to deploy Chromebooks in the enterprise, BIG-IP v12 can secure and encrypt ChromeOS device access to enterprise networks and applications. With network access, Chromebook users can run applications such as RDP, SSH, Citrix, VMware View, and other enterprise applications on their Chrome OS devices. From an employee’s perspective, it is very easy to get the SSLVPN configured. Log on to a Chromebook, open Chrome Web Store, search for ‘F5 Access’ and press the +ADD TO CHROME button. Add app when the dialogue box pops and F5 Access will appear in your ‘All Apps’ window. Next, when launched, you’ll need to accept the license agreement and then add a server from the Configuration tab: Next, give it a unique name, enter the BIG-IP APM server URL and optionally add your username and password. Your password will not be cached unless that’s allowed by the APM Access Policy. You can also select a client certificate if required. Once configured, it’ll appear in the list. You can also have multiple server configurations if needed: To connect, click the bottom tray bar and select the tile that says, ‘VPN Disconnected.’ And select the server configured when setting up the app. Depending on the configuration, you’ll either get the native login window or the WebTop version: Once connected, there won’t be any indication in the tray but if you click it, you’ll see the connection status in the same VPN area as above and it’ll show ‘connected’ within the F5 Access app: As you can see in the above image, you can also check Statistics and Diagnostics if those are of interest. To end the connection, click the tray again, select the VPN tile and click Disconnect. For administrators, it’s as simple as adding a ‘ChromeOS’ branch off the ClientOS VPE action: Then add a Connectivity Profile to BIG-IP: In addition to generic session variables, client session variables are also available. Check out the release notes and BIG-IP Access Policy Manager and F5 Access for Chrome OS v1.0.0 manual for more info. ps Related: VDI on ChromeBook via APM Chromebooks Gain Traction in the Enterprise Dell brings the Chromebooks to the enterprise
F5 Access for Mac OS client
I've upgraded APM to 13.1.0.1 and would like to test the 'F5 Access for Mac OS' client that can be found in the Appstore. However, it's not working out of the box for me. I've not found any success stories, so I was wondering if it is even production ready. The client immediately gives me this error: Failed to get NA settings The operation couldn’t be completed. (PacketTunnel.VpnFavoriteParamsOperationError error 2. The server says: New session from client IP xxx Session deleted due to user inactivity. All works fine with 'BIG-IP Edge Client'
OS X F5 Access Scripting
Hello All, Is there any way to script the F5 Access client on the Mac? The documentation does not indicate that any scripting language can be used. AppleScript is not an option because all of tcc is now behind SIP, so we'd like to do BASH or Pyton, but Swift/Coca would also be acceptable if that was my only option. I would like to... Install the app via VPP (using my MDM for this) Configure it to launch through a LaunchAgent Create a new configuration Manage (Enable/Open and Disable/Close) a configuration If none of that is possible, does anybody know if the F5 environment can be configured to allow the Mac's built-in VPN (L2TP over IPSec, IKEv2 or Cisco IPSec) clients and what that configuration may look like. If I can be pointed to the right documentation or if anybody has examples, I would greatly appreciate the assist. Thank You, Nick Lucia
F5 Access Client, Client Certificate Authentication?
F5 APM F5 Access Client and F5 Access Client 2018! How do we do client certificate authentication with new F5 Access client for iOS devices? Old F5 Edge Client had the ability to do client certificate authentication, new Access Client doesn't seem to have that functionality?
