F5 recently released a new version of the F5 Edge Client (v7.2.1). For those of you not familiar with the F5 Edge Client, it is an SSL VPN client that is used to provide access to enterprise networks for employees working from home or remote locations. It is used with BIG-IP Access Policy Manager (APM), F5’s secure, highly-scalable access management proxy solution that provides centralized access control to applications and APIs, and also enables Zero Trust application access when configured for identity aware proxy (IAP). The F5 Edge Client secures remote access for home and remote workers. F5 Edge Client is available on Apple macOS and Microsoft Windows. (F5 also offers SSL VPN clients—F5 Access clients—for Apple iOS, and Google Android, and Chrome OS platforms. F5 Access clients are available for download from the Apple App Store, Google Play Store, and Chrome Web Store, respectively.)
Older versions of F5 Edge Client supported Datagram Transport Layer Security (DTLS) version 1.0 for remote connectivity, securing, and tunneling delay-sensitive applications.
F5 Edge Client 7.2.1 now supports DTLS 1.2, which enables enterprises and government agencies and ministries to meet new compliance requirements and to stop using DTLS 1.0, which has a number of security limitations. DTLS 1.2 allows client / server applications to communicate without fear of eavesdropping, tampering, or message forgery.
Another new feature in this version allows name based split tunneling configurations to work with services that are DNS load balanced. This allows continued long-lived connections—such as those used by streaming services—even if a subsequent name resolution results in a different IP address.
Organizations deploy BIG-IP APM to provide their users—employees, contractors, and others—remote access to their networks and to provide secure remote access to enterprise applications. To reduce friction and increase agility for their users, organizations must provide seamless access to web applications as well as their network without requiring users to log in multiple times. This is especially important given the explosion in the number of users forced to work from home or remotely due to the coronavirus pandemic.
The most exciting new feature of F5 Edge Client 7.2.1 is its ability to deliver single sign-on (SSO) across web and remote access applications.
F5 Edge Client 7.2.1 uses Open Authentication (OAuth) authorization code flow to obtain an access token from an OAuth authorization server. That access token is then used to authenticate to BIG-IP APM to obtain secure remote access to an organization’s enterprise network. F5 Edge Client 7.2.1 works with any compliant OAuth authorization server and is validated with Azure AD, Okta, Google, and Ping Identity authorization servers.
By utilizing OAuth Authorization code flow, this new version of F5 Edge Client delegates authentication to a user’s external browser. Since user authentication is performed via external browser, F5 Edge Client can now support all new modern authentication methods that may be supported by an organization’s authorization servers, including:
- Password-less authentication from a registered Microsoft Windows device using biometrics, such as a fingerprint scan or facial recognition, or a PIN.
- 2nd factor authenticators, such as YubiKey from Yubico, which comply with the Universal 2nd Factor (U2F) specification. U2F devices can be enrolled through a web-based enrollment flow without requiring any client-side software or drivers.
- FIDO2 authentication from any Windows or macOS device by using third-party or built-in authenticators without requiring additional drivers or client-side software to enable these authenticators.
F5 Edge Client 7.2.1 enables enterprises to realize several benefits, such as enhanced security, improved usability and convenience, increased privacy for end users, and scalability by performing authentication in the browser and by utilizing FIDO2 authentication.
FIDO2 cryptographic login credentials never leave a user’s device and are never stored on a server. Therefore, this eliminates risks associated with phishing, all forms of password theft. and replay attacks.
Users can unlock cryptographic login credentials with simple built-in methods, such as fingerprint readers or cameras on their devices, or by leveraging easy-to-use FIDO security keys. Users can select the device that best fits their needs and complies with their organization’s policies. Also, since authentication context is maintained in the browser, a user does not need to login again when attempting to access a web application after connecting to their organization’s network using F5 Edge Client.
Because FIDO cryptographic keys are unique for each site, they cannot be used to track users across sites, enhancing user privacy. Plus, biometric data, when used, never leaves the user’s device.
Finally, FIDO 2 authenticators can be enrolled and enabled through a web-based workflow. This allows deployments to scale very easily.
BIG-IP Edge Client is available as a standalone package that can be installed on BIG-IP APM running 13.1.0 or later. For more information on the latest version of F5 Edge Client (v7.2.1), please refer to the release notes, compatibility matrix, and administration guide.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...