Set up ETP desktop client

Before you begin

Prepare for ‚ÄčETP Client‚Äč setup.

To set up, download, and distribute the desktop version of ‚ÄčETP Client‚Äč:

  1. Download ‚ÄčETP Client‚Äč. For more information, see Download ‚ÄčETP Client‚Äč.

  2. If you or an IT administrator are installing ‚ÄčETP Client‚Äč for the first time:

    1. Verify that the installation file is digitally signed by ‚ÄčAkamai‚Äč.

    2. Validate the SHA-256 checksum value. For more information, see Validate the SHA-256 checksum.

    3. Test the client software in a testing environment to confirm its behavior. Make sure you test the client in an environment that contains the same network configuration, VPN, and security applications as production.

    4. Distribute and install ‚ÄčETP Client‚Äč on corporate machines. For more information, see Install ‚ÄčETP Client‚Äč.

  3. If you or an IT administrator are upgrading ‚ÄčETP Client‚Äč:

    1. Verify that the installation file is digitally signed by ‚ÄčAkamai‚Äč.

    2. Validate the SHA-256 checksum value. For more information, see Validate the SHA-256 checksum.

    3. Test the ‚ÄčETP Client‚Äč software in a testing environment to confirm its behavior. Make sure you test the client in an environment that contains the same network configuration, VPN, and security applications as production.

    4. Approve ‚ÄčETP Client‚Äč. For more information, see Approve ‚ÄčSIA‚Äč Client.

    5. Configure how ‚ÄčETP Client‚Äč is upgraded. For more information, see Configure ‚ÄčSIA‚Äč Client upgrade type.

Next steps

Add the email addresses of those you want notified about upgrades to ‚ÄčETP Client‚Äč. For more information, see Add email addresses for notifications and Assign email notifications.

Download ‚ÄčETP Client‚Äč

Before you begin

Review Prepare for ‚ÄčETP Client‚Äč setup and Set up the desktop client.

An ‚ÄčSecure Internet Access Enterprise‚Äč (‚ÄčSIA‚Äč) administrator or a delegated administrator can download ‚ÄčETP Client‚Äč. ‚ÄčSIA‚Äč also allows you to access and download all previously released versions of the client.

Depending on your operating system, these files are downloaded to your computer:

  • On Windows: etpclient_<versionNumber>_win.msi

  • On Mac: etpclient_<versionNumber>_osx.pkg

    where <versionNumber> is the version number of ‚ÄčETP Client‚Äč.

To download ‚ÄčETP Client‚Äč:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ‚ÄčETP Client‚Äčs.

  2. In the Versions Management tab, locate the file for your operating system. Depending on your operating system, you can also click the Win or Mac tabs to filter ‚ÄčETP Client‚Äč versions.

  3. Hover over the latest version of the client for your operating system and click the download icon.

ūüďė

If the browser's pop-up blocker prevents ‚ÄčETP Client‚Äč from downloading, make sure you allow pop-ups from ‚ÄčAkamai Control Center‚Äč.

Next steps

  1. Click the Configuration tab and copy the entitlement code to a secure location.

  2. Securely communicate the entitlement code, customer identifier, and SHA-256 checksum value to the IT administrator. To view the checksum value, hover over the client and the icon that contains the hash and check mark.

  3. Validate the SHA-256 checksum.

  4. The IT administrator tests the ‚ÄčETP Client‚Äč software in a local testing environment.

  5. After testing is complete and ‚ÄčETP Client‚Äč is ready for distribution, approve ‚ÄčETP Client‚Äč. For more information, see Approve ‚ÄčETP Client‚Äč.

Validate the SHA-256 checksum

Before you begin

  • Verify that the ‚ÄčETP Client‚Äč file is digitally signed by ‚ÄčAkamai‚Äč.

  • Make sure that the ‚ÄčSIA‚Äč administrator provided the SHA-256 checksum value that is visible in ‚ÄčSIA‚Äč.

After the client file is downloaded, an IT administrator should validate the SHA-256 checksum. Depending on your operating system, use these instructions to compare the SHA-256 value provided in ‚ÄčSIA‚Äč with the value you get when completing this procedure for your operating system.

On Windows

To validate the SHA-256 checksum on Windows:

  1. Open a command prompt.

  2. Change directories to the location where the client file is located. For example, if the file is located in your Downloads folder, you can enter this command and press Enter:

    cd c:\users\<name>\downloads

    where <name> is the name of your user folder.

  3. Type this command to generate the checksum value and press Enter:

    certutil -hashfile <filename> SHA256

    where <filename> is the name of the .msi file

  4. Verify that the returned checksum value matches the SHA-256 value in ‚ÄčSIA‚Äč. If the values do not match, contact the ‚ÄčSIA‚Äč administrator to download the client file again and repeat this procedure.

Next steps

The IT administrator tests ‚ÄčETP Client‚Äč software in a testing environment. Make sure ‚ÄčETP Client‚Äč is tested in an environment that contains the same network configuration, VPN, and security applications as production.

On Mac

To validate the SHA-256 checksum on Mac:

  1. Open a terminal window.

  2. Enter this command:

    shasum -a 256 <fileLocation>

    where <fileLocation> is the full path of the .pkg file on your computer.

    You can also drag and drop the file to the terminal window. The full path appears.

  3. Press Enter. The SHA-256 checksum appears.

  4. Verify that the returned checksum value matches the SHA-256 value in ‚ÄčSIA‚Äč. If the values do not match, contact the ‚ÄčSIA‚Äč administrator to download the client file again and repeat this procedure.

Next steps

The IT administrator tests ‚ÄčETP Client‚Äč software in a testing environment. Make sure ‚ÄčETP Client‚Äč is tested in an environment that contains the same network configuration, VPN, and security applications as production.

Approve ‚ÄčETP Client‚Äč

Before you begin

Download and test ‚ÄčETP Client‚Äč. See Download ‚ÄčETP Client‚Äč.

You need to approve ‚ÄčETP Client‚Äč before it is installed on end user machines or eligible for upgrade. An IT administrator needs to test the client software before it is approved.

To undo ‚ÄčETP Client‚Äč approval, see Undo ‚ÄčETP Client‚Äč approval.

You need to be an ‚ÄčSIA‚Äč administrator to perform this task.

To approve ‚ÄčETP Client‚Äč:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ‚ÄčETP Client‚Äčs.

  2. In the Versions Management tab, locate the file for your operating system. Depending on your operating system, you can also click the Win or Mac tabs to filter client versions.

  3. Hover over the client and click the Approve icon.

Next steps

After the client is approved, you can configure how end users are upgraded when a new version of the client is available. For more information, see Configure ‚ÄčETP Client‚Äč upgrade type.

Configure ‚ÄčETP Client‚Äč upgrade type

Before you begin

Approve ‚ÄčETP Client‚Äč.

After approving ‚ÄčETP Client‚Äč, you can select how the client is upgraded on end user machines. You can select from these upgrade options:

  • On Demand: Selected by default. End users are notified when an upgrade is available. End users can select to upgrade or they can select to be reminded about the upgrade in 1, 3, or 7 days.

  • Force Upgrade: ‚ÄčETP Client‚Äč is automatically upgraded. This option does not require that an end user start the upgrade process.

To configure ‚ÄčETP Client‚Äč upgrade type:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ‚ÄčETP Client‚Äčs.

  2. Go to the approved ‚ÄčETP Client‚Äč, in the Status column, select one of these options:

    • On Demand
    • Force Upgrade

Install ‚ÄčETP Client‚Äč

After ‚ÄčETP Client‚Äč is approved in ‚ÄčSIA‚Äč, an IT administrator distributes the client files to corporate machines with a networked device management solution, such as KACE. You can install ‚ÄčETP Client‚Äč on Windows or Mac with a setup wizard or with the command line.

You activate the client on enterprise machines with an entitlement code. If you plan to let users activate the client on their personal computer, make sure the user has the required activation code. To view the entitlement code, see View the entitlement code. For more information on the activation code, see Bring your own device (BYOD) support.

ūüďė

If you use pip and your organization has enabled ‚ÄčSIA‚Äč Proxy, make sure you also add the ‚ÄčSIA‚Äč Proxy TLS MITM certificate to the pip configuration file. In the pip.conf file, add this entry:

[global]
cert = /path/certificate.pem

where:
- path is the path to the certificate
- certificate is the name of the certificate

Install with the setup wizard

Before you begin

  • Make sure that you have a downloaded Windows or Mac installation file for ‚ÄčETP Client‚Äč. For more information, see Download ‚ÄčETP Client‚Äč.

  • Make sure that you verified the SHA-256 checksum value. For more information, see Validate the SHA-256 checksum.

  • Make sure that you have an entitlement code or activation code. To view the entitlement code, see View the entitlement code. For more information on the activation code, see Bring your own device (BYOD) support.

  • If you are installing ‚ÄčETP Client‚Äč 3.2.0 or later on Windows and Microsoft Visual C++ is not on the machine, install the redistributable package of Visual Studio (vc_redist.x86.exe). To download this package, see Microsoft documentation on the latest supported versions of Visual C++.

  • Make sure Web Proxy Auto-Discovery (WPAD) for WinHTTP is running on Windows computers. For more information, see Web Proxy Auto-Discovery (WPAD) on Windows.

These steps describe the installation process with the ‚ÄčETP Client‚Äč setup wizard. You can perform these steps on a Mac or Windows machine. Test ‚ÄčETP Client‚Äč in a local environment before installing it on end-user machines.

To install ‚ÄčETP Client‚Äč on an end-user laptop:

Note that after completing this installation process, you can enter an entitlement code or an activation code.

  1. Open the installation file:

    • On Windows: etpclient_<versionNumber>_win.msi

    • On Mac: etpclient_<versionNumber>_osx.pkg

      where <versionNumber> is the version number of ‚ÄčETP Client‚Äč.

      The client setup wizard appears.

  2. Click Next or Continue.

    The Setup Wizard installs ‚ÄčETP Client‚Äč.

  3. When the installation is complete, click Next and then click Finish.

    ‚ÄčETP Client‚Äč is now installed on the end user's machine.

Next steps

  • After installation, you are prompted for an activation or entitlement code. Enter the code and click Next.

  • If you install version 4.3 or later on macOS, enable ‚ÄčETP Client‚Äč network extensions. Do the following:

    1. After installation, a message indicates you must enable the ‚ÄčETP Client‚Äč network extensions. From the prompt, click Open Security Preferences. Otherwise, in the Apple menu, you can select System Preferences, and then select Security & Privacy.

    2. If the settings are locked, click the lock icon and enter the system password to unlock the settings.

    3. In the General tab, a message states that the extensions were blocked from loading. Next to this message, click Allow.

Install with a command line

Before you begin

  • Make sure that you have a downloaded Windows or Mac installation file for ‚ÄčETP Client‚Äč. For more information, see Download ‚ÄčETP Client‚Äč.

  • Make sure that you have an entitlement code or activation code. To view the entitlement code, see View the entitlement code. For more information on the activation code, see Bring your own device (BYOD) support.

  • If you are installing ‚ÄčETP Client‚Äč on a Mac with the command line, you need to create a bootstrap.txt file that contains the entitlement code only. Save the bootstrap.txt file in the same file location as the package.

  • If you are installing ‚ÄčETP Client‚Äč 3.2.0 or later on Windows and Microsoft Visual C++ is not on the machine, install the redistributable package of Visual Studio (vc_redist.x86.exe). To download this package, see Microsoft documentation on the latest supported versions of Visual C++.

  • Make sure Web Proxy Auto-Discovery (WPAD) for WinHTTP is running on Windows computers. For more information, see Web Proxy Auto-Discovery (WPAD) on Windows.

Perform this procedure to install ‚ÄčETP Client‚Äč with a command line. Select the steps that apply to your operating system.

On Windows

To install ‚ÄčETP Client‚Äč with the command line on Windows:

  1. Open Command Prompt as an administrator.

  2. If necessary, change directories to the location where the installation files are located.

  3. Enter the following command and press Enter:

    msiexec /i etpclient_<versionNumber>.msi CODE="<entitlement_code>" /q

    where:

    • <versionNumber> is the version number of ‚ÄčETP Client‚Äč

    • <code> is the entitlement code or activation code. If you're using the command line to distribute the ‚ÄčETP Client‚Äč across many computers with device management software, enter the entitlement code. If you're activating the client on a user's personal computer, you can enter an entitlement code or an activation code.

On Mac

ūüďė

Make sure that you create a bootstrap.txt file that contains the entitlement code only. Save the bootstrap.txt file in the same file location as the package.

To install ‚ÄčETP Client‚Äč with command line on Mac:

  1. Open a terminal window.

  2. If necessary, change directories to the location where the installation files are located.

  3. Enter the following command and press Enter:

    sudo launchctl setenv activation_code <code> && sudo installer -pkg <path_installation_file> -target /

    where

    • <code> is the entitlement code or activation code. If you're using the command line to distribute the ‚ÄčETP Client‚Äč across many computers with device management software, enter the entitlement code. If you're activating the client on a user's personal computer, you can enter an entitlement code or an activation code.

    • <path_installation_file> is the path to the installation file.

Next steps:

If you install version 4.3 or later on macOS, enable ‚ÄčETP Client‚Äč network extensions. Do the following:

  1. After installation, a message indicates you must enable the ‚ÄčETP Client‚Äč network extensions. From the prompt, click Open Security Preferences. Otherwise, in the Apple menu, you can select System Preferences, and then select Security & Privacy.

  2. If the settings are locked, click the lock icon and enter the system password to unlock the settings.

  3. In the General tab, a message states that the extensions were blocked from loading. Next to this message, click Allow.