Before you begin

This high-level task and the procedures on this page describe how to set up, download, and distribute the desktop version of ETP Client. If you want to set up Zero Trust Client, see Zero Trust Client.

To set up, download, and distribute the desktop version of ETP Client:

Download ETP Client. For more information, see Download ETP Client.
If you or an IT administrator are installing ETP Client for the first time:
1. Verify that the installation file is digitally signed by Akamai.
2. Validate the SHA-256 checksum value. For more information, see Validate the SHA-256 checksum.
3. Test the client software in a testing environment to confirm its behavior. Make sure you test the client in an environment that contains the same network configuration, VPN, and security applications as production.
4. Distribute and install ETP Client on corporate machines. For more information, see Install ETP Client.
If you or an IT administrator are upgrading ETP Client:
1. Verify that the installation file is digitally signed by Akamai.
2. Validate the SHA-256 checksum value. For more information, see Validate the SHA-256 checksum.
3. Test the ETP Client software in a testing environment to confirm its behavior. Make sure you test the client in an environment that contains the same network configuration, VPN, and security applications as production.
4. Approve ETP Client. For more information, see Approve SIA Client.
5. Configure how ETP Client is upgraded. For more information, see Configure SIA Client upgrade type.

Download ETP Client

Before you begin

Review Prepare for ETP Client setup and Set up the desktop client.

An Secure Internet Access Enterprise (SIA) administrator or a delegated administrator can download ETP Client. SIA also allows you to access and download all previously released versions of the client.

Depending on your operating system, these files are downloaded to your computer:

On Windows: etpclient_<versionNumber>_win.msi
On Mac: etpclient_<versionNumber>_osx.pkg

where <versionNumber> is the version number of ETP Client.

To download ETP Client:

In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ETP Clients.
In the Versions Management tab, locate the file for your operating system. Depending on your operating system, you can also click the Win or Mac tabs to filter ETP Client versions.
Hover over the latest version of the client for your operating system and click the download icon.

📘
If the browser's pop-up blocker prevents ETP Client from downloading, make sure you allow pop-ups from Akamai Control Center.

Next steps

Click the Configuration tab and copy the entitlement code to a secure location.
Securely communicate the entitlement code, customer identifier, and SHA-256 checksum value to the IT administrator. To view the checksum value, hover over the client and the icon that contains the hash and check mark.
Validate the SHA-256 checksum.
The IT administrator tests the ETP Client software in a local testing environment.
After testing is complete and ETP Client is ready for distribution, approve ETP Client. For more information, see Approve ETP Client.

Validate the SHA-256 checksum

Before you begin

Verify that the ETP Client file is digitally signed by Akamai.
Make sure that the SIA administrator provided the SHA-256 checksum value that is visible in SIA.

After the client file is downloaded, an IT administrator should validate the SHA-256 checksum. Depending on your operating system, use these instructions to compare the SHA-256 value provided in SIA with the value you get when completing this procedure for your operating system.

On Windows

To validate the SHA-256 checksum on Windows:

Open a command prompt.
Change directories to the location where the client file is located. For example, if the file is located in your Downloads folder, you can enter this command and press Enter:

cd c:\users\<name>\downloads

where <name> is the name of your user folder.
Type this command to generate the checksum value and press Enter:

certutil -hashfile <filename> SHA256

where <filename> is the name of the .msi file
Verify that the returned checksum value matches the SHA-256 value in SIA. If the values do not match, contact the SIA administrator to download the client file again and repeat this procedure.

Next steps

The IT administrator tests ETP Client software in a testing environment. Make sure ETP Client is tested in an environment that contains the same network configuration, VPN, and security applications as production.

On Mac

To validate the SHA-256 checksum on Mac:

Open a terminal window.
Enter this command:

shasum -a 256 <fileLocation>

where <fileLocation> is the full path of the .pkg file on your computer.

You can also drag and drop the file to the terminal window. The full path appears.
Press Enter. The SHA-256 checksum appears.
Verify that the returned checksum value matches the SHA-256 value in SIA. If the values do not match, contact the SIA administrator to download the client file again and repeat this procedure.

Next steps

Approve ETP Client

Before you begin

Download and test ETP Client. See Download ETP Client.

You need to approve ETP Client before it is installed on end user machines or eligible for upgrade. An IT administrator needs to test the client software before it is approved.

To undo ETP Client approval, see Undo ETP Client approval.

You need to be an SIA administrator to perform this task.

To approve ETP Client:

In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ETP Clients.
In the Versions Management tab, locate the file for your operating system. Depending on your operating system, you can also click the Win or Mac tabs to filter client versions.
Hover over the client and click the Approve icon.

Next steps

After the client is approved, you can configure how end users are upgraded when a new version of the client is available. For more information, see Configure ETP Client upgrade type.

Configure ETP Client upgrade type

Before you begin

Approve ETP Client.

After approving ETP Client, you can select how the client is upgraded on end user machines. You can select from these upgrade options:

On Demand: Selected by default. End users are notified when an upgrade is available. End users can select to upgrade or they can select to be reminded about the upgrade in 1, 3, or 7 days.
Force Upgrade: ETP Client is automatically upgraded without user interaction After you select this option, the upgrade occurs at any time within a three-hour window. During this three-hour window, the client indicates that it’s updating.

To configure ETP Client upgrade type:

In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ETP Clients.
Go to the approved ETP Client, in the Status column, select one of these options:
- On Demand
- Force Upgrade

Install ETP Client

After ETP Client is approved in SIA, an IT administrator distributes the client files to corporate machines with a networked device management solution, such as KACE. You can install ETP Client on Windows or Mac with a setup wizard or with the command line.

You activate the client on enterprise machines with an entitlement code. If you plan to let users activate the client on their personal computer, make sure the user has the required activation code. To view the entitlement code, see View the entitlement code. For more information on the activation code, see Bring your own device (BYOD) support.

📘
If you use pip and your organization has enabled SIA Proxy, make sure you also add the SIA Proxy TLS MITM certificate to the pip configuration file. In the pip.conf file, add this entry:
[global]
cert = /path/certificate.pem
where:
- path _is the path to the certificate
- _certificate is the name of the certificate

Install with the setup wizard

Before you begin

Make sure that you have a downloaded Windows or Mac installation file for ETP Client. For more information, see Download ETP Client.
Make sure that you verified the SHA-256 checksum value. For more information, see Validate the SHA-256 checksum.
Make sure that you have an entitlement code or activation code. To view the entitlement code, see View the entitlement code. For more information on the activation code, see Bring your own device (BYOD) support.
If you are installing ETP Client 3.2.0 or later on Windows and Microsoft Visual C++ is not on the machine, install the redistributable package of Visual Studio (vc_redist.x86.exe). To download this package, see Microsoft documentation on the latest supported versions of Visual C++.
Make sure Web Proxy Auto-Discovery (WPAD) for WinHTTP is running on Windows computers. For more information, see Web Proxy Auto-Discovery (WPAD) on Windows.

These steps describe the installation process with the ETP Client setup wizard. You can perform these steps on a Mac or Windows machine. Test ETP Client in a local environment before installing it on end-user machines.

To install ETP Client on an end-user laptop:

Note that after completing this installation process, you can enter an entitlement code or an activation code.

Open the installation file:
- On Windows: etpclient_<versionNumber>_win.msi
- On Mac: etpclient_<versionNumber>_osx.pkg
  
  where <versionNumber> is the version number of ETP Client.
  
  The client setup wizard appears.
Click Next or Continue.

The Setup Wizard installs ETP Client.
When the installation is complete, click Next and then click Finish.

ETP Client is now installed on the end user's machine.

Next steps

After installation, you are prompted for an activation or entitlement code. Enter the code and click Next.
If you install version 4.3 or later on macOS, enable ETP Client network extensions. Do the following:
1. After installation, a message indicates you must enable the ETP Client network extensions. From the prompt, click Open Security Preferences. Otherwise, in the Apple menu, you can select System Preferences, and then select Security & Privacy.
2. If the settings are locked, click the lock icon and enter the system password to unlock the settings.
3. In the General tab, a message states that the extensions were blocked from loading. Next to this message, click Allow.

Install with a command line

Before you begin

Make sure that you have a downloaded Windows or Mac installation file for ETP Client. For more information, see Download ETP Client.
Make sure that you have an entitlement code or activation code. To view the entitlement code, see View the entitlement code. For more information on the activation code, see Bring your own device (BYOD) support.
If you are installing ETP Client on a Mac with the command line, you need to create a bootstrap.txt file that contains the entitlement code only. Save the bootstrap.txt file in the same file location as the package.
If you are installing ETP Client 3.2.0 or later on Windows and Microsoft Visual C++ is not on the machine, install the redistributable package of Visual Studio (vc_redist.x86.exe). To download this package, see Microsoft documentation on the latest supported versions of Visual C++.
Make sure Web Proxy Auto-Discovery (WPAD) for WinHTTP is running on Windows computers. For more information, see Web Proxy Auto-Discovery (WPAD) on Windows.

Perform this procedure to install ETP Client with a command line. Select the steps that apply to your operating system.

On Windows

To install ETP Client with the command line on Windows:

Open Command Prompt as an administrator.
If necessary, change directories to the location where the installation files are located.
Enter the following command and press Enter:

msiexec /i etpclient_<versionNumber>.msi CODE="<entitlement_code>" /q

where:
- <versionNumber> is the version number of ETP Client
- <code> is the entitlement code or activation code. If you're using the command line to distribute the ETP Client across many computers with device management software, enter the entitlement code. If you're activating the client on a user's personal computer, you can enter an entitlement code or an activation code.

On Mac

📘
Make sure that you create a bootstrap.txt file that contains the entitlement code only. Save the bootstrap.txt file in the same file location as the package.

To install ETP Client with command line on Mac:

Open a terminal window.
If necessary, change directories to the location where the installation files are located.
Enter the following command and press Enter:

sudo launchctl setenv activation_code <code> && sudo installer -pkg <path_installation_file> -target /

where
- <code> is the entitlement code or activation code. If you're using the command line to distribute the ETP Client across many computers with device management software, enter the entitlement code. If you're activating the client on a user's personal computer, you can enter an entitlement code or an activation code.
- <path_installation_file> is the path to the installation file.

Next steps:

If you install version 4.3 or later on macOS, enable ETP Client network extensions. Do the following:

After installation, a message indicates you must enable the ETP Client network extensions. From the prompt, click Open Security Preferences. Otherwise, in the Apple menu, you can select System Preferences, and then select Security & Privacy.
If the settings are locked, click the lock icon and enter the system password to unlock the settings.
In the General tab, a message states that the extensions were blocked from loading. Next to this message, click Allow.

Download ​ETP Client​

Validate the SHA-256 checksum

On Windows

On Mac

Approve ​ETP Client​

Configure ​ETP Client​ upgrade type

Install ​ETP Client​

Install with the setup wizard

Install with a command line

On Windows

On Mac

Download ETP Client

Approve ETP Client

Configure ETP Client upgrade type

Install ETP Client