Exit

User Guide

Back Exit

F5 Access Overview

F5 Access for iOS provides a secure VPN connection to your internal networks, behind a BIG-IP® Access Policy Manager or a BIG-IP® Edge Gateway. With full network access, you can make RDP, SSH, and other types of connections to internal servers, in addition to internal web sites and applications.

To define a configuration, you need this information:

On the home screen, next to Configuration, click Add New to specify a new configuration.

To choose an existing configuration, click Settings, and select a configuration, or click Add Configuration to add a new configuration.

You will not be able to create a configuration if your device is managed by a Mobile Device Manager (MDM), and the MDM administrator prohibits it.

Note: Please allow notifications. Notifications for this app are required for app functionality. To enable notifications, in the Settings app, go to F5 Access > Notifications, and enable the Allow Notifications setting.

Back Exit

Configure the Client

Back Exit

Add Configuration

Click Add New on the home screen, or click Add Configuration on the Settings screen to add a VPN configuration. In the Server field, type the fully qualified domain name of a BIG-IP® Access Policy Manageror a BIG-IP® Edge Gateway.
Type a name for this server in the Description field to describe it in the list of configurations.

Note: You must add a server description.

Note: You can use an IPv6 server address in the Server field, if such a configuration is enabled on the server.

Click Save to save the configuration and return to the Settings screen.

Note: The first time you save a configuration, you must click Allow to allow the configuration to be created, or authenticate with a passcode or Touch ID, if required by your device. This is not required when you create further configurations.

Use the following options to further customize the server configuration.

Back Exit

Connect on Demand

Use the Connect on Demand feature to automatically start a network access client connection when you attempt to connect to a specific domain. You can also specify domains for which the VPN should not connect, and domains that should start a VPN tunnel only if necessary.

Connect on demand can be used with the following authentication options, or no authentication.

Note: Client Certificates can be installed in the following ways:

To use this feature, set the Connect on Demand switch to On. Click the Domain List field to specify domains, add domains, and click Done when you are finished. Actions are applied to all matching addresses. Addresses are compared using simple string matching. For example ".siterequest.com" matches www.siterequest.com and server.siterequest.com, but not www.mysiterequest.com. However, the domain "siterequest.com" with no initial period, matches all these domains.
You can specify domains for the following VPN actions.

Back Exit

Connect to a server

After you add a configuration, you can connect to the server.

At the bottom of F5 Access screen, click Connection. A configuration description is shown. Slide the Connection switch to connect to this configuration.

To select another configuration, click the Configuration field. The Settings screen is displayed. Select the desired configuration, and click Connection again at the bottom of the screen to return to the connection screen. After you connect, you can click Status to view tunnel details.


To disconnect from a server, at the bottom of F5 Access screen, click Connection. Slide the Connection switch off to disconnect from the displayed configuration.

Back Exit

Connect and disconnect with a URL

You can connect to, and disconnect from a server by typing a URL into your browser. You can connect either to a server at a specified URL or to a predefined server configuration.

URL connections use the following parameters.

Note: You can use an IPv6 server address for the server parameter, if such a configuration is enabled on the server.

f5access://{start|stop}?[parameter1=value1&
parameter2=value2...]

The syntax to start and disconnect from a URL follows.

Note:Special characters in parameters must be URL-encoded.

See URL Connection Examples for example usage of these parameters.

Back Exit

URL Connection Examples

Back Exit

Creating a server from a URL

Use the following URL and parameters to create a server:

f5access://create?server=server_address[&parameter1=
value1&parameter2=value2...]

The parameters are specified as follows:

Note: Connect on Demand is enabled when valid values for domain_ifneeded or domain_never are specified.

See URL Server Examples for example usage of these parameters.

Back Exit

Creating a Server with a URL Examples

Create a server at edgeportal.siterequest.com
f5access://create?server=edgeportal.siterequest.com

Create a server named EdgePortal at edgeportal.siterequest.com
In this scenario, both name and server are specified, and username is absent.
f5access://create?name=EdgePortal&server=
edgeportal.siterequest.com

Create the same server with a username, password, and domains
f5access://create?name=EdgePortal
&server=edgeportal.siterequest.com
&username=edgeportal
&password=appledemo
&domain_never=abc.siterequest.com
&domain_ifneeded=intra.siterequest.com

Create the same server with a username and domains
f5access://create?name=EdgePortal
&server=edgeportal.siterequest.com
&username=edgeportal
&domain_never=abc.siterequest.com
&domain_ifneeded=intra.siterequest.com

Back Exit

View Stats

Click Statistics at the bottom of F5 Access screen to view statistics for the network access tunnel. Inbound and outbound traffic throughput and compression is graphed.

Back Exit

Trusting a CA root certificate

To trust certificates from a root certificate authority, you must install a root CA certificate to your device.

This ensures that your device will trust all certificates issued by that CA.

  1. Download and open the certificate file with Safari, or open the certificate from the Mail app.
  2. Go to Settings > General > About > Certificate Trust Settings, and enable the installed certificate in the Enable Full Trust for Root Certificates list.
Back Exit

Managing certificates

To manage client certificates that were imported using a URL link or with a share extension:

  1. Go to Settings > Manage Certificates. The list of imported certificates is displayed.
  2. To remove a certificate, swipe it in the list and click Delete.
  3. To edit a certificate list, click Edit at the top right of the screen.

Import client certificate from a URL

To import a certificate (.p12 file) using a URL, go to Settings > Manage Certificates, and click Import Certificate...

The app prompts for a URL of the certificate. A password may be required if necessary.

Import client certificates with a share extension

You can use share extension to import a certificate (.p12 file) from the Mail app or other sources.

To import a certificate from the Mail app:

  1. Attach the certificate to be imported to F5 Access, in the Mail app.
  2. Tap and hold the attached certificate.
  3. From Share options that pop up, select F5 Access from the list of apps. If F5 Access is not visible, scroll all the way to the right and click More... to enable it.
  4. A password may be required if necessary. Type the password and click OK.
Back Exit

View Tunnel Details

Click the Status field after you connect on F5 Access connection screen to view tunnel details. Tunnel details are dependent on the server's network access configuration. Click Back to return to the main connection screen.

Back Exit

Viewing Diagnostics

To view diagnostics:

  1. On your device, start F5 Access.
  2. Click Settings.
  3. Click Diagnostics.

Various system and network information is displayed for viewing, including device information, DNS servers, and routing tables. Click each category to view more information.

Back Exit

Emailing logs with F5 Access

To email the logs:

  1. On your device, start F5 Access.
  2. Click Settings.
  3. Click Email Logs.

The logs are collected and added to an email. You can send this log to yourself or others to analyze.

Back Exit

Supported Features

Network Settings

iOS F5 Access Settings

DNS/Host Settings

Launch Applications