Главная » Linux

Big ip edge client для windows

Содержание
  1. Big ip edge client для windows
  2. Applies To:
  3. BIG-IP APM
  4. About installation choices for BIG-IP Edge Client on Windows
  5. Overview: Configuring APM for BIG-IP Edge Client for Windows
  6. Task Summary
  7. About location awareness
  8. Customizing a connectivity profile for BIG-IP Edge Clients for Windows
  9. Customizing the Windows client package for BIG-IP Edge Client
  10. Downloading the Windows client package for BIG-IP Edge Client
  11. Overview: Downloading the Component Installer
  12. Downloading the Component Installer package
  13. User rights requirements for endpoint security checks
  14. User rights requirements for access policy actions
  15. Overview: Downloading FullArmor GPAnywhere for VPN
  16. Downloading FullArmor GPAnywhere for VPN
  17. Overview: Installing and using the client troubleshooting utility

Big ip edge client для windows

Activate F5 product registration key

Verify the proper operation of your BIG-IP system

Get up to speed with free self-paced courses

Join the community of 300,000+ technical peers

Advance your career with F5 Certification

Product Manuals and Release notes

Applies To:

BIG-IP APM

About installation choices for BIG-IP Edge Client on Windows

The BIG-IP® Access Policy Manager ® includes automatic installation support for Windows clients. Access Policy Manager (APM ® ) downloads components to the end user’s computer at initial login. These downloaded client components enable the various features of the Access Policy Manager functionality.

This download occurs automatically for those systems that support software installation. For clients that do not support automatic software installation, you can configure and distribute the BIG-IP Edge Client ® , configured to meet the needs of the client systems you support.

The requirements for automatic installation differ depending on whether the Windows client initiates a session from a browser, or instead starts a network access tunnel.

  • To automatically install a control from a browser session, the controls require certain conditions:
    • The user must have ActiveX enabled if the browser is Internet Explorer.
    • If the browser is not Internet Explorer, the user must allow software installation.
  • If the client starts a network access tunnel, one of the following must be true:
    • The client has Administrator privileges on the client system.
    • The client control is already installed on the system.
    • The Component Installer Package for Windows has been installed on the system.

Access policy sessions other than network access tunnels do not require administrative access. All client-side checks and actions, except the Windows group policy action, can run without administrative rights.

Overview: Configuring APM for BIG-IP Edge Client for Windows

To use the BIG-IP ® Edge Client ® for Windows, you must configure settings for the BIG-IP Edge Client for Windows in a connectivity profile on Access Policy Manager ® (APM). The connectivity profile for Windows includes Win/Mac Edge Client settings including:

  • The list of servers to display on the BIG-IP Edge Client
  • DNS settings for location-awareness for mobile clients, such as laptops that roam.

A Windows client package is attached to the connectivity profile. APM ® can use it for automatic installation on Windows systems. You can customize the Windows client package. You can also download and distribute it.

Читайте также:  Windows 10 доступны необязательные обновления

Task Summary

About location awareness

The BIG-IP ® Edge Client™ provides a location awareness feature. Using location awareness, the client connects automatically only when it is not on a specified network. You can specify the networks that are considered in-network by adding DNS suffixes to the connectivity profile.

Customizing a connectivity profile for BIG-IP Edge Clients for Windows

  1. On the Main tab, click Access Policy > Secure Connectivity . A list of connectivity profiles displays.
  2. Select the connectivity profile that you want to update and click Edit Profile . The Edit Connectivity Profile popup screen opens and displays General Settings.
  3. From the left pane of the popup screen, select Win/Mac Edge Client . Edge Client action and password caching settings display in the right pane.
  4. Set Edge Client action settings:
    1. Optional: Retain the default (selected) or clear the Save Servers Upon Exit check box. Specifies whether the BIG-IP Edge Client maintains a list of recently used Access Policy Manager servers. The BIG-IP Edge Client always lists the servers defined in the connectivity profile, and sorts the list of servers by most recent access, whether this option is selected or not. However, the BIG-IP Edge Client lists user-entered servers only if this option is selected.
    2. Optional: Select the Reuse Windows Logon Session check box. When selected, the client tries to use the Windows login session for the APM session also. This is cleared by default.
    3. Select the Reuse Windows Logon Credentials check box. When selected, the client tries to use the credentials that were typed for Windows login to start the APM session.

    Customizing the Windows client package for BIG-IP Edge Client

    1. On the Main tab, click Access Policy > Secure Connectivity . A list of connectivity profiles displays.
    2. Select a connectivity profile.
    3. Click the Customize Package button. The Customize Windows Client Package popup screen displays with Available Components displayed. Most components are selected by default.
    4. Clear the check box for any component that you want to exclude from the package. If you clear the BIG-IP Edge Client check box, BIG-IP Edge Client is no longer available for selection in the left pane. If you clear the Dialup Entry/Windows Logon Integration check box, Dialup Settings is no longer available for selection in the left pane.
    5. Select the User Logon Credentials Access Service check box to include the software service that allows the client to store encrypted Windows logon credentials and use those credentials to log in to Access Policy Manager ® .
    6. Select the Machine Certificate Checker Service check box to include a service that can check the machine certificate on a client endpoint even when the user does not have admin privilege. Without this service, a user running without admin privilege cannot pass the Machine Cert Auth endpoint security check.
    7. If the BIG-IP Edge Client check box is selected, select BIG-IP Edge Client from the left pane. BIG-IP Edge Client settings display in the right pane.
      1. To add the virtual servers (from the Windows/Mac Edge Client section of the connectivity profile) to the Windows Trusted sites list the first time the client starts. retain selection of the the Add virtual server to trusted sites list check box. Otherwise, clear it. Virtual servers added to the Trusted sites list with this option remain on the trusted sites list indefinitely. This works with the User Logon Credentials Access Service setting (available on the Available Components screen) to provide seamless logon with the BIG-IP Edge Client™ if Access Policy Manager accepts the same credentials that users use to log on to Windows.
      2. To automatically start the BIG-IP Edge Client™ after the user logs on to Windows, retaing selection of the Auto launch after Windows Logon check box. Otherwise, clear it.
      3. To enable the BIG-IP Edge Client to try to connect to VPN right after the user logs on to Windows and to prohibit the user from disconnecting VPN, select the Enable always connected mode check box. This setting is cleared by default. The user is prevented from accessing the Internet and the local network until a VPN connection is established.
    8. Click Download . The screen closes and the package, BIGIPEdgeClient.exe , downloads.

    Downloading the Windows client package for BIG-IP Edge Client

    1. On the Main tab, click Access Policy > Secure Connectivity . A list of connectivity profiles displays.
    2. Select a connectivity profile.
    3. Click the Customize Package button. The Customize Windows Client Package popup screen displays with Available Components displayed. Most components are selected by default.
    4. Click Download . The screen closes and the package, BIGIPEdgeClient.exe , downloads.

    Overview: Downloading the Component Installer

    Installing and running a BIG-IP ® APM ® component on Windows-based systems require certain user rights. Pre-installing components provides a seamless upgrade for clients after you upgrade the BIG-IP ® Access Policy Manager ® .

    You can also use the Component Installer feature to provide completely transparent installation and upgrading of components, regardless of the rights you are running under. Your security policy may prohibit granting users the power-user rights needed to install ActiveX components, or your browser security policy may prohibit downloading active elements. For these reasons, you might prefer to pre-install components on your users Windows systems.

    You can use the Clients Download screen to download the Component Installer Package containing the Windows components needed for the various Access Policy Manager functions. You can use the Component Installer service to install and upgrade client-side Access Policy Manager components for all kinds of user accounts, regardless of the rights under which the user is working.

    This component is especially useful for installing and upgrading client-side components when the user has insufficient rights to install or upgrade the components directly. For information about configuring the MSI installer to run with elevated privileges, see the documentation for your operating system. You must use an account that has administrative rights to initially install the Component Installer on the client computer as a part of Client Components Package (MSI). Once installed and running, the Component Installer automatically installs and upgrades client-side Access Policy Manager components. It can also update itself. The Component Installer requires that the installation or upgrade packages be signed using the F5 Networks certificate or another trusted certificate. By default, F5 Networks signs all components using the F5 Networks certificate.

    Downloading the Component Installer package

    1. On the Main screen, click the F5 ® logo to display the Welcome page.
    2. In the Downloads section, click the Component Installer Package for Windows link.

    User rights requirements for endpoint security checks

    This table lists user rights required to use endpoint security components on Windows clients from a network access tunnel.

    Access Policy Manager plugin Guest rights User rights Power User rights Administrator rights
    Antivirus No supported Supported Supported Supported
    Firewall No supported Supported Supported Supported
    Windows File No supported Supported Supported Supported
    Machine Cert No supported Supported Supported Supported
    Windows information No supported Supported Supported Supported
    Windows Process No supported Supported Supported Supported
    Registry No supported Supported Supported Supported
    UI mode Supported Supported Supported Supported
    Client-Side Capability Supported Supported Supported Supported
    Client OS Supported Supported Supported Supported
    Landing URI Supported Supported Supported Supported
    Logging action Supported Supported Supported Supported
    Anti-Spyware Supported Supported Supported Supported
    Hard Disk Encryption Supported Supported Supported Supported
    Patch Management Supported Supported Supported Supported
    Peer-to-peer Supported Supported Supported Supported
    Windows Cache and Session Control Supported Supported Supported Supported

    User rights requirements for access policy actions

    This table lists user rights required on Windows clients to use actions other than endpoint security client checks from a network access tunnel.

    Access Policy Manager component User rights Power User rights Admin rights
    Client Cert Inspection Supported Supported Supported
    On-Demand Cert Auth Supported Supported Supported
    Active Directory (auth or query) Supported Supported Supported
    HTTP Auth Supported Supported Supported
    LDAP (auth or query) Supported Supported Supported
    RADIUS (auth or accounting) Supported Supported Supported
    RSA SecurID Supported Supported Supported

    Overview: Downloading FullArmor GPAnywhere for VPN

    This download enables the FullArmor GPAnywhere management tool for VPN integration with Windows clients. You can use this tool to create Group Policy templates, which you can then use to apply Group Policy to computers outside of an Active Directory domain. With VPN, you can distribute Group Policy Object templates through SSL VPN.

    Downloading FullArmor GPAnywhere for VPN

    1. On the Main screen, click the F5 logo to display the welcome page.
    2. In the Downloads section, click the FullArmor GPAnywhere for VPN or the FullArmor GPAnywhere for VPN (x64 edition) link.

    Overview: Installing and using the client troubleshooting utility

    Access Policy Manager ® provides a client troubleshooting utility for BIG-IP ® Edge Client ® on Windows. Clients can use the client troubleshooting utility on Windows systems to check the availability and version information for Windows client components, and run Network Access diagnostic tests.

    Читайте также:  Браузер uran для linux
Оцените статью
© 2024 Советы по настройке компьютера