Symptoms

If you have a proxy rule that requires that client connections use Microsoft Windows 10 or later, client connections that use earlier versions will be blocked. The returned User-Agent sting appears similar to the following: User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; xxxxxx/6.0; F5 Networks Client)\r\n

Impact

Customer proxy identifies the client from User-Agent string. If the User-Agent string has Windows 7 ("Windows NT 6.1"), it blocks access.

Conditions

1. Connecting client is running a version earlier than Windows 10. 2. Your network proxy configuration requires Windows 10 or later to establish VPN tunnel.

Workaround

(1) Bypass at the proxy based on destination FQDN of APM virtual server or based on Edge Client User-Agent string. (2) Create the following registry key** on the client: HKEY_LOCAL_MACHINE\SOFTWARE\F5 Networks\RemoteAccess (if this key exists, create below subkey and String value) UserAgentString REG_SZ Mozilla/5.0 (Windows NT 10.0; WOW64; xxxxx/7.0; rv:11.0) like Gecko EdgeClient/7211.2021.0107.1217 HKEY_CURRENT_USER\Software\F5 Networks\RemoteAccess (if above key does not exist, search for this key and create below subkey and String value) UserAgentString REG_SZ Mozilla/5.0 (Windows NT 10.0; WOW64; xxxxxx/7.0; rv:11.0) like Gecko EdgeClient/7211.2021.0107.1217 * Here, UserAgentString value can be any User-Agent value of a string (in above example, User-Agent string of Edge Client 7211 is used). ** This workaround involves modifying the Windows Registry. Note this warning from Microsoft about modifying the registry: "Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk."

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips