In the Custom Expression box, enter the following syntax: In the right list, click Custom Expression.ġ4. For Property, click client_proxy_settings.ġ3. For Name, click the appropriate network resource.ġ2. In the left list, click Configuration Variable.ġ1. Click Variable Assign and click Add Item.ĩ. In the VPE, at the point in the access policy where you want to insert the Variable Assign agent, click the Add icon (+).Ħ. For the access policy you want to configure, click Edit.Ĥ. Navigate to Access Policy :: Access Profiles :: Access Profiles List.ģ. To do so, perform the following procedure:Ģ.
#F5 big ip edge client for vpn access download#
In v12.1.0 or later, this behavior is controlled by a new setting called 'Ignore Client Proxy Autoconfig Script Download Failure' on the BIG-IP system.įor other fixed versions (12.0.0 HF1, 11.6.1 HF1, 11.5.4 HF2), the fix is implemented using the Visual Policy Editor (VPE) to add a Variable Assign policy item in the access policy. In this situation the desired behavior is for the client to ignore the problem and continue as if the proxy PAC was not configured at all. However, in some deployments it is expected that the PAC files and their security settings are configured but unavailable (404, DNS or routing trouble, etc). These critical errors would cause BIG-IP Edge Client to disconnect the tunnel because the security settings could not be correctly applied. Previously, problems in this process were always considered critical errors. The BIG-IP APM SSLVPN Client has the ability to download and merge remote proxy PAC files to facilitate browsing via proxy while preserving the security posture defined in the Network Access settings. This bug's Behavior Change section contains a procedure for using VPE to add a Variable Assign policy item in the access policy. This behavior is controlled by a new setting called 'Ignore Client Proxy Autoconfig Script Download Failure' in BIG-IP 12.1.0 and later.įor other fixed versions (12.0.0 HF1, 11.6.1 HF1, 11.5.4 HF2), the fix is implemented using the Visual Policy Editor (VPE). PAC file download and merging issues were considered critical before and Edge Client disconnects the tunnel. Workaroundįix infrastructure issues that result in PAC file download failure. PAC file cannot be downloaded by Edge Client. PAC file configured in the Network Access settings. Tunnel disconnects in case of PAC file download errors. If the BIG-IP Edge Client fails to download the PAC file, the VPN connection cannot be established. Any failure to download the proxy PAC file is treated as a fatal error.