Guide

ETP Client configuration settings

Suggest Edits

🚧

Zero Trust Client replaces ​ETP Client​ and contains the latest threat protection features. Your version of ​ETP Client​ is supported for 15 months after its release. To download and set up Zero Trust Client, go to Client & Connectors > Manage & Download Clients. For instructions, see the Zero Trust Client documentation.

An ​SIA​ administrator defines the behavior of ​ETP Client​ on the Client Configuration tab. When the administrator makes changes to the settings on this tab, the changes are applied to all installed clients in approximately 10 minutes.

The Client Configuration tab provides these fields:

  • Entitlement Code. Contains the entitlement code required to install ​SIA​ mobile client on enterprise computers and activate the client app on mobile devices.

  • Enable ​ETP Client​. This option enables ​ETP Client​ and allows you to forward traffic to ​SIA​.

  • Allow users to disable the client. Allows end users to disable the client.

  • Allow disable action with an entitlement code. Requires that users enter an entitlement code to disable ​ETP Client​. You or another administrator must securely provide this code to users. This setting is available only if you enable the Allow users to disable the client setting.

  • Allow Uninstall on Windows. If enabled, this setting allows end users to uninstall ​ETP Client​ on their Windows machine. When this setting is disabled, an end user cannot uninstall ​ETP Client​ unless they have the entitlement code.

  • Roll Back ​ETP Client​. Rolls back ​ETP Client​ to the previous approved version. If you enable this setting to undo an upgrade, you need to also approve the previous ​ETP Client​ version. For more information about rollback, see Software rollback.

  • Automatic Upgrades for Critical Patches. Upgrades ​ETP Client​ with security patches to fix security vulnerabilities, support OS updates, and resolve critical issues to ​ETP Client​ features. You can select to automatically apply these updates when they are available, or you can download, test, and approve the patch like any ​ETP Client​ software upgrade. For more information, see Security patches.

  • Log Traffic. Enable or disable ​ETP Client​ logging so that the URLs and IP addresses accessed by the end user are not revealed.

  • Transparent Traffic Interception. Allows ​ETP Client​ to intercept and capture traffic without modifying browser or operating system settings. DNS traffic is directed to ​SIA​ resolvers, while web traffic is directed to ​SIA​ Proxy. For more information, see Transparent traffic interception.

  • Block QUIC. If transparent traffic interception is enabled, you can enable this setting to block traffic that uses the QUIC protocol or HTTP/3. If QUIC traffic is not blocked, it bypasses the client and is directed to the origin. It is not scanned by the proxy.

    📘

    This setting applies to Zero Trust Client 5.1 or later when it’s enabled for Threat Protection. It does not apply to supported versions of ETP Client. For more information on Zero Trust Client, see the Zero Trust Client documentation.

  • Bypass Non-HTTP Traffic. Allows non-HTTP traffic to bypass the proxy through any of the origin ports. This traffic is directed to the origin. You configure origin ports in the policy. For more information about origin ports, see Policy settings.

  • Configure client as local computer web proxy. If enabled to do so, this setting configures ​ETP Client​ as the local web proxy on the user's machine. You can choose to overwrite an existing local computer web proxy, overwrite settings when there's no proxy configured on the machine, or never modify these settings.

    • If you choose Yes to overwrite settings, ​ETP Client​ is configured as the local web proxy. This setting is useful when your network does not have an on-premises proxy. This setting also removes any PAC file configuration that was set in the browser or operating system proxy settings. If you configure ​ETP Client​ as a local proxy, you cannot restore PAC file or proxy settings by changing this setting to No or Only if there’s no local proxy.

    • If you choose Only if there's no local proxy, ​ETP Client​ is configured as the local web proxy only when there's no local proxy already configured. You may want to select this option if you manage the on-premises proxy setting on some computers in your network.

    • If you choose No, ​ETP Client​ is not configured as the local web proxy on the user's machine. You may want to select this option if you manage on-premises proxy settings on all computers in your network.

📘

The policy setting Overwrite Device Proxy Settings functions the same as the Configure client as local computer web proxy setting. However, the Overwrite Device Proxy Settings policy setting takes precedence over the Configure client as local computer web proxy client setting.

  • Proxy Port. If ​ETP Client​ is configured as the local web proxy, the user's computer listens for traffic on this port. By default, the proxy listens for traffic on port 8080. Even if ​ETP Client​ is not configured as the local web proxy, this configuration still applies and may conflict with other applications that try to use this port.

📘

Make sure you don’t configure the same port number that ​SIA​ proxy uses for outbound traffic (the proxy origin port). The proxy origin port is configured in the policy.

If an ​SIA​ administrator makes changes to these behavior settings, the changes are applied to all installed clients in approximately 10 minutes.

Updated over 1 year ago