ETP Client on desktop computers and machines

After the desktop client is distributed to corporate machines, users are protected by ‚ÄčSIA‚Äč. An end user can access the ‚ÄčETP Client‚Äč on their machine. This example of the ‚ÄčETP Client‚Äč shows how the client appears when end users access it as an application.

IMAGE_STUB

Depending on the connection, end users see one of these statuses:

  • Your device is protected. Indicates that DNS requests are monitored and protected as a result of the ‚ÄčSIA‚Äč policy settings. The end user's machine may be on or off the corporate network. However, if the end user's machine is off the corporate network, the Off Network ‚ÄčETP Client‚Äčs policy applies.

    If the full web proxy setting is enabled, this status also means that web traffic is protected by ‚ÄčETP Client‚Äč. In this case, you or an administrator configured ‚ÄčETP Client‚Äč as the local web proxy on the end user‚Äôs machine or you enabled transparent traffic interception. If transparent traffic interception is enabled, the status indicates that transparent mode is active. Whether ‚ÄčETP Client‚Äč acts as a local web proxy or a transparent proxy, ‚ÄčETP Client‚Äč forwards traffic to ‚ÄčSIA‚Äč Proxy for malware scanning. For more information, see ‚ÄčETP Client‚Äč for web traffic.

    Depending on your configuration, ‚ÄčETP Client‚Äč may show what type of traffic is protected by the client. If your enterprise includes a local proxy or a local DNS server, the client may also specify what type of traffic is protected by the local network. In addition to the ‚ÄúYour device is protected‚ÄĚ status, one of these statuses appear:

    • DNS traffic is protected by ‚ÄčETP Client‚Äč. Web traffic is protected by local network. Indicates that ‚ÄčETP Client‚Äč forwards DNS traffic to ‚ÄčSIA‚Äč. It also forwards web traffic to the enterprise (on-premises) proxy. ‚ÄčETP Client‚Äč detected that the on-premises proxy is chained to ‚ÄčSIA‚Äč Proxy. In this scenario, ‚ÄčSIA‚Äč Proxy and the forward proxy setting is enabled in a policy. For more information, see ‚ÄčETP Client‚Äč for web traffic.

    • DNS traffic is protected by ‚ÄčETP Client‚Äč. Indicates that ‚ÄčETP Client‚Äč forwards DNS traffic to ‚ÄčSIA‚Äč. If you or an administrator enabled ‚ÄčSIA‚Äč Proxy to scan only risky web traffic, the client forwards this traffic to the proxy. In this scenario, the forward proxy setting is not enabled in a policy. For more information, see ‚ÄčETP Client‚Äč for DNS only.

    • DNS traffic is protected by local network. This status appears if ‚ÄčETP Client‚Äč cannot send requests to ‚ÄčSIA‚Äč because outbound UDP port 53 is blocked in your firewall. This means the end user‚Äôs machine is protected only when it‚Äôs on the corporate network with a DNS resolver that‚Äôs configured to forward DNS requests to ‚ÄčSIA‚Äč. In this case, the local DNS server handles requests.

      If you or an administrator enabled ‚ÄčSIA‚Äč Proxy, ‚ÄčETP Client‚Äč directs traffic to an on-premises proxy. The on-premises proxy forwards this traffic to ‚ÄčSIA‚Äč Proxy. In this scenario, the forward proxy setting is not enabled in a policy.

ūüďė

If DoT is enabled for ‚ÄčETP Client‚Äč, the client shows a locked padlock icon to indicate that traffic is private and encrypted with TLS. For more information, see DNS over TLS.

  • Your device is NOT protected. Indicates that ‚ÄčETP Client‚Äč is disabled or disconnected, or that the connection is interrupted. The client cannot reach ‚ÄčAkamai‚Äč infrastructure, including ‚ÄčSIA‚Äč configuration, ‚ÄčSIA‚Äč DNS, or ‚ÄčSIA‚Äč Proxy. In this situation, ‚ÄčETP Client‚Äč intercepts DNS traffic and uses a local DNS resolver to resolve DNS requests. This status may also appear temporarily while ‚ÄčETP Client‚Äč authenticates and connects with ‚ÄčSIA‚Äč.

    If there is an on-premises proxy in the corporate network, this status indicates that the on-premises proxy does not forward web traffic to ‚ÄčSIA‚Äč Proxy.

    An application icon is available for ‚ÄčETP Client‚Äč on the end user‚Äôs Windows desktop toolbar or Mac menu bar. If ‚ÄčETP Client‚Äč is not protected, this icon appears:

    IMAGE_STUB

If the proxy is enabled, you can enforce a walled garden configuration that‚Äôs applied when‚ÄčETP Client‚Äč is in an unprotected state. This policy configuration allows you to block all traffic except for the domains and IP addresses that are configured as exceptions in the Local Bypass Settings. For instructions on configuring exceptions and walled garden, see Configure walled garden exceptions and Enable walled garden.

ūüďė

If your organization uses Windows Server 2012 as a local DNS resolver and all requests are directed to the local DNS resolver before they are directed to ‚ÄčSIA‚Äč, ‚ÄčETP Client‚Äč shows the ‚ÄúYour device is NOT protected‚ÄĚ status. In this situation, Window Server 2012 is not supported with the client.