About ETP Client

​ETP Client​ is a client agent that directs DNS and web traffic to ​Secure Internet Access Enterprise​ for analysis. With ​ETP Client​, you can apply ​SIA​ policy to requests that are made inside and outside the corporate network.

Depending on the policy and client configuration in ​SIA​, as well as your organization's product license, ​ETP Client​ can:

  • Forward DNS traffic. ​ETP Client​ forwards DNS traffic when this configuration applies:

    • ​SIA​ Proxy is not enabled. In this situation, ​ETP Client​ forwards only DNS traffic to ​SIA​.

    • ​SIA​ Proxy is enabled as a selective proxy.

    This behavior is supported when a user is on or off the corporate network. It's also available with all supported versions of the client that you can download in ​SIA​. For more information, see ​ETP Client​ for DNS only.

  • Forward all web traffic. You can configure ​ETP Client​ to forward all web traffic to ​SIA​ Proxy for analysis. This occurs when you set ​ETP Client​ as the local web proxy on the user's device, you use ​ETP Client​ with an existing enterprise proxy, or you enable transparent traffic interception.

    This functionality is supported when a user is on or off the corporate network. Your organization needs to be licensed for ​SIA​ Advanced Threat to forward all traffic to ​SIA​ Proxy. Transparent traffic interception is supported with ​ETP Client​ 4.1 or later. For more information, see ​ETP Client​ for web traffic.

​Akamai​ offers both a desktop and mobile version of the client to protect enterprise devices. For more information, see Desktop client and ETP mobile client distribution. You can also use ​ETP Client​ to protect a user's personal device. For more information, see Bring your own device (BYOD) support.


In the future, all new features and enhancements for the client will be added to Zero Trust Client instead of ​ETP Client​. Zero Trust Client combines and improves upon the functionality of EAA Client and ​ETP Client​ to provide a one-stop solution where you can secure access to enterprise applications and protect your network from threats. To learn more about this client and how you can set it up for threat protection, see Zero Trust Client

​ETP Client​:

  • Detects an end user's network conditions.

  • Sends DNS requests to ​SIA​. With version 3.2.0 or later, you can protect user privacy by using TLS to encrypt connections. To learn more about DoT, see DNS over TLS.

  • Applies an ​SIA​ policy and other configuration settings to requests.

  • Logs user information. In ​SIA​, user information appears on the event reporting pages when a policy is violated and an event is logged. ​ETP Client​ also includes its own logs. By default, ​ETP Client​ is set with the Info Only log type. This log type records system errors, while the Debug and Verbose log types record additional information, such as DNS lookup queries. For more information, see ​ETP Client​ logs.

  • Identifies clients by device name. This information also means an enterprise may not need to deploy a security connector in their network to discover the machine name of an infected machine. When the Trust XFF header is enabled, ​ETP Client​ identifies the internal client IP address of web traffic. It also identifies the client request ID.


When set up to direct web traffic to ​SIA​ Proxy, ​ETP Client​ currently does not support IPv6-only networks.