Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.3.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Sep 13, 2016 Severity: 3-Major Related Article:
K25991373
Users connecting to a virtual server using Edge Client and fails authentication are directed to the policy's deny page, which directs them to a new session link. Once the user clicks that link, the new session is launched, but the user is denied and keeps getting directed to the same Deny page with a link to new session.
Once the user clicks new session link from the deny page, new session is launched but client-type gets detected as Full Browser/Mobile and user is denied. This continues until user cancels the external logon dialog.
Have an access policy that allows Client-Type Edge Client but denies Full Browser/Mobile. There is no Message Box on the Full Browser/Mobile branch in Client-Type.
In the "Full or Mobile Browser" branch, add a "Message Box".
The new behavior is that on Edge Client, the new session link will not be shown. The user can click Cancel and then Connect to try to login to the VPN again. On browsers, the behavior is same. The link will be shown and user can click it to launch new session.
Older versions of client were being detected as Browser if user failed authentication the first time and created new session from the client UI. With this fix, Edge client will be detected as edge client in the above scenario.