Forum Discussion

Menno's avatar
Menno
Icon for Nimbostratus rankNimbostratus
Jan 18, 2018

F5 Access for Mac OS client

I've upgraded APM to 13.1.0.1 and would like to test the 'F5 Access for Mac OS' client that can be found in the Appstore. However, it's not working out of the box for me.

 

I've not found any success stories, so I was wondering if it is even production ready.

 

The client immediately gives me this error: Failed to get NA settings The operation couldn’t be completed. (PacketTunnel.VpnFavoriteParamsOperationError error 2.

 

The server says: New session from client IP xxx Session deleted due to user inactivity.

 

All works fine with 'BIG-IP Edge Client'

 

BIG-IP Access Policy Manager (APM)
big-ip edge client
f5 access
os x
security
ssl vpn

2 Replies

Sort By
  • Menno's avatar
    Menno
    Icon for Nimbostratus rankNimbostratus
    Jan 23, 2018

    I've solved this issue by removing the pre-logon checks for the clients coming in with the F5 Access for Mac OS client.

     

    My advice towards F5 is to make this reflect in the error message.

     

    Since our security policy demands we use AV and Firewall pre-logon checks, I'm currently unable to use this client in production. Any ideas if more pre-logon checks will be implemented in the near future for the F5 Access Mac OS client?

     

  • Ryan77777's avatar
    Ryan77777
    Icon for Altocumulus rankAltocumulus
    Jan 24, 2018

    Perhaps something is prohibiting the inspection agent from running? Does the app from the app store include the inspection agent like on the Windows install? Have you tried creating a custom package from the Connectivity profile under Access -> Connectivity / VPN -> Connectivity -> Profiles, highlight the profile, go to Customize Package -> Mac, Download and install? Is that a different application than what you're looking for and/or are trying to accomplish?

     

    Typically in the past, when I've received errors indicating a session deletion due to inactivity (during the login process), it's because the inspection agent isn't relaying data to APM (usually because it fails to complete) - and hence fails the posture assessment. I run into this more so with Windows systems - but perhaps related.