The EAA Client can run on a computer (desktop or laptop). The EAA Client runs on Virtual machines (VM) as well. If your applications run on a VM, an additional setup may be required (it's not a recommended solution).
Make sure the computer has at least 256 MB RAM and 200 MB disk space to run the client applications. If you run multiple client applications, check their respective requirements and make sure your computer can support them.
The EAA Client should not be installed on shared devices like lab or kiosk computers or multi-user servers.
The EAA Client can run the following computer operating systems:
- Microsoft Windows 7 Home/Enterprise edition
- Microsoft Windows 10 Home/Pro/Enterprise edition
- Microsoft Windows 11 Home/Pro/Enterprise edition
- Apple macOS
- Ubuntu 20.04 LTS.
The EAA Client is not supported with ARM processor (ARM64) on Windows.
Also, see Release Notes for the latest EAA Client versions supported on different OS and platforms.
If your computer has any endpoint protection software installed, you need to allow Enterprise Application Access executables based on your operating system. See Configure endpoint protection software for a list of these executables.
EAA Client on mobile devices only allows you to check the device posture and does not support tunneling capability. The supported versions are:
- iOS 11 and above (iPad, iPhone, iPod Touch)
- Android 6 and above (phones and tablets)
The following IP addresses and ports must be available in your network:
127.50.100.1:9078(TCP). For control traffic. Sends Enterprise Application Access (EAA) configuration information to EAA Client.
100.64.0.1:53(TCP/UDP). For DNS interception.
443. Your testing environment must allow traffic on this port.
The connector used with the EAA Client needs to have the minimum requirements specified in the Connector installation requirements.
The FQDNs and IP addresses used by both EAA Client and Device Posture.
You may need to configure these FQDN (fully qualified domain names) and IP addresses into your corporate proxy, secure web gateway or similar equipment.
Local system endpoint:
Akamai authentication portal endpoints. FQDN is the URL of the Akamai EAA IdP. IP address depends on where the EAA IdP cloud zone is. To have proper connectivity from Enterprise Application Access Cloud to the connector, you should allow certain IPs. Please contact support for this task.
Third-party IdP endpoint. Check with your vendor. For Azure AD, FQDN it is
EAA Cloud log collector service endpoint
External application endpoints. FQDN is the application external hostname as configured in Akamai Control Center.
Local FQDN: application internal hostname.
Local IP ranges that EAA Client uses to intercept traffic for tunnel applications/wildcard domains:
Local IP ranges that EAA Client uses to intercept traffic for TCP applications:
EAA Client network interface works with
Device Posture. Allow the following static URLs if you use Device Posture with EAA Client:
You have the option to override the existing EAA Client version on computer.
- Open the file you downloaded when you first installed EAA Client. If you have the package on your system you get the message:
EAAClient is already present. Do you want to continue with the install of version 220.127.116.110fc3b-64x?
Click Yes to continue the installation, or click No to keep your existing installation.
If you continue the installation, your IdP page appears when it completes.
Enter your username and password.
The authentication success message appears.
To check the EAA Client version open EAA Client and click the diagnostics. Version format is the following:
xxxxxxxx is a sequential based build-number. In earlier releases the build-number was a non-sequential hash number.
If you’re using EAA Client 1.x.x, please refer to release note, Oct 15, 2020 — Enterprise Application Access, EAA Client for the upgrade to EAA Client 2.1.0 or later version and impact on
The EAA Client software installed on the user's computer needs to communicate with the Enterprise Center. Endpoint protection software can block this communication. If you have any endpoint protection software installed on your computer, like Symantec Cloud Endpoint Protection you need to:
Whitelist EAA Client executables.
Create bypasses for the firewall.
Configure your endpoint protection software.
Allow certain IPs to ensure connectivity to EAA connectors.
If your computer has any endpoint protection software installed, you need to allow these EAA Client executables (based on your operating system):
For a Windows 7 or Windows 10 OS, when EAA Client software is installed under
C:\Program Files\EAAClient\directory, then allow:
The path for these executables changes based on your installation directory.
For a macOS allow:
A firewall can block traffic to and from your computer. You can configure bypass rules to allow communication between the EAA Client and the Enterprise Center. Set up the following rules in your firewall:
|Inbound or Outbound||Source or Destination||Protocol/Port|
The below table shows an example of the firewall rules setting for Symantec Cloud Endpoint Protection software to let the EAA Client communicate with the Enterprise Center.
To have proper connectivity from Enterprise Application Access Cloud to the connector, you should allow certain IPs. Please contact support for this task.
Updated 5 months ago