About ETP Client


All new features and improvements for the client are now exclusive to Zero Trust Client. ‚ÄčAkamai‚Äč does not plan to release a new version of ‚ÄčETP Client‚Äč.

‚ÄčETP Client‚Äč versions are supported for 15 months after its release. Note the following:

  • ‚ÄčETP Client‚Äč 4.4.1 on Windows is supported until September 30, 2024.
  • ‚ÄčETP Client‚Äč 3.8 on macOS is supported until September 30, 2024.

After September, you will not be able to download ‚ÄčETP Client‚Äč. All pages for ‚ÄčETP Client‚Äč and the ETP Client menu item (Clients & Connectors > ETP Clients) will be removed from Enterprise Center at this time.

Zero Trust Client combines and improves upon the functionality of EAA Client and ‚Äč‚ÄčETP Client‚Äč to provide a one-stop solution where you can secure access to enterprise applications and protect your network from threats. To use the latest client features, download and set up Zero Trust Client. Go to Client & Connectors > Manage & Download Clients > Version Control. To learn more about this client and how to set it up for threat protection, see Zero Trust Client.

‚ÄčETP Client‚Äč is a client agent that directs DNS and web traffic to ‚ÄčSecure Internet Access Enterprise‚Äč for analysis. With ‚ÄčETP Client‚Äč, you can apply ‚ÄčSIA‚Äč policy to requests that are made inside and outside the corporate network.

Depending on the policy and client configuration in ‚ÄčSIA‚Äč, as well as your organization's product license, ‚ÄčETP Client‚Äč can:

  • Forward DNS traffic. ‚ÄčETP Client‚Äč forwards DNS traffic when this configuration applies:

    • ‚ÄčSIA‚Äč Proxy is not enabled. In this situation, ‚ÄčETP Client‚Äč forwards only DNS traffic to ‚ÄčSIA‚Äč.

    • ‚ÄčSIA‚Äč Proxy is enabled as a selective proxy.

      This behavior is supported when a user is on or off the corporate network. It's also available with all supported versions of the client that you can download in ‚ÄčSIA‚Äč. For more information, see ‚ÄčETP Client‚Äč for DNS only.

  • Forward all web traffic. You can configure ‚ÄčETP Client‚Äč to forward all web traffic to ‚ÄčSIA‚Äč Proxy for analysis. This occurs when you set ‚ÄčETP Client‚Äč as the local web proxy on the user's device, you use ‚ÄčETP Client‚Äč with an existing enterprise proxy, or you enable transparent traffic interception.

    This functionality is supported when a user is on or off the corporate network. Your organization needs to be licensed for ‚ÄčSIA‚Äč Advanced Threat to forward all traffic to ‚ÄčSIA‚Äč Proxy. Transparent traffic interception is supported with ‚ÄčETP Client‚Äč 4.1 or later. For more information, see ‚ÄčETP Client‚Äč for web traffic.

‚ÄčAkamai‚Äč offers both a desktop and mobile version of the client to protect enterprise devices. For more information, see Desktop client and ETP mobile client distribution. You can also use ‚ÄčETP Client‚Äč to protect a user's personal device. For more information, see Bring your own device (BYOD) support.

‚ÄčETP Client‚Äč:

  • Detects an end user's network conditions.

  • Sends DNS requests to ‚ÄčSIA‚Äč. With version 3.2.0 or later, you can protect user privacy by using TLS to encrypt connections. To learn more about DoT, see DNS over TLS.

  • Applies an ‚ÄčSIA‚Äč policy and other configuration settings to requests.

  • Logs user information. In ‚ÄčSIA‚Äč, user information appears on the event reporting pages when a policy is violated and an event is logged. ‚ÄčETP Client‚Äč also includes its own logs. By default, ‚ÄčETP Client‚Äč is set with the Info Only log type. This log type records system errors, while the Debug and Verbose log types record additional information, such as DNS lookup queries. For more information, see ‚ÄčETP Client‚Äč logs.

  • Identifies clients by device name. This information also means an enterprise may not need to deploy a security connector in their network to discover the machine name of an infected machine. When the Trust XFF header is enabled, ‚ÄčETP Client‚Äč identifies the internal client IP address of web traffic. It also identifies the client request ID.


When set up to direct web traffic to ‚ÄčSIA‚Äč Proxy, ‚ÄčETP Client‚Äč currently does not support IPv6-only networks.