NimbostratusRecently we've restricted the ciphers on the SSL profiles (Client), and disallowed SSLv3, TLSv1, and a number of other encryption. However, after the change, users using the Edge client were unable to VPN to the F5. When the users tried to connect they get, "Can't receive settings from server."
MVPjust checked for 11.5.1. HF7 and it provides quite a few (Cipher Suites: 26 suites) in the client hello.
can you provide your exact ssl profile settings?
as a check i would try with a browser client to connect to that server to rule out you totally disabled access. also something like https://www.ssllabs.com/ssltest/ would be interesting to check if a connection is still possible.
as for the edge client, which version of TMOS are you using?
NimbostratusThe TMOS version is 11.4.1 HF3. Yes, the security team did use a scanning tool, and the ciphers "TLSv1_2:ECDHE+AES:DH+AES:ECDHE+AES:DH+AES:ECDHE+AES:DH+AES:ECDHE+3DES:DH+3DES:RSA+AES:RSA+AES:RSA+3DES:!MD5:!SSLv3:!EXP:!TLSv1:!RC4:!DES" did take as expected. Those using the web client for Edge Gateway were able to login, it's just those who used the Edge Window's client are having issues.
MVPfor me it works fine with that CIPHER string (which seems to have some double entries) on a client SSL profile, but as mentioned that is version 11.5.1 HF7. you can do a packetcapture to determine what your edge client offers. but i wouldn't certainly also open a support ticket.