Guide

Set up ETP desktop client

Suggest Edits

Before you begin

Prepare for ​ETP Client​ setup.

This high-level task and the procedures on this page describe how to set up, download, and distribute the desktop version of ​ETP Client​. If you want to set up Zero Trust Client, see Zero Trust Client.

To set up, download, and distribute the desktop version of ​ETP Client​:

  1. Download ​ETP Client​. For more information, see Download ​ETP Client​.

  2. If you or an IT administrator are installing ​ETP Client​ for the first time:

    1. Verify that the installation file is digitally signed by ​Akamai​.

    2. Validate the SHA-256 checksum value. For more information, see Validate the SHA-256 checksum.

    3. Test the client software in a testing environment to confirm its behavior. Make sure you test the client in an environment that contains the same network configuration, VPN, and security applications as production.

    4. Distribute and install ​ETP Client​ on corporate machines. For more information, see Install ​ETP Client​.

  3. If you or an IT administrator are upgrading ​ETP Client​:

    1. Verify that the installation file is digitally signed by ​Akamai​.

    2. Validate the SHA-256 checksum value. For more information, see Validate the SHA-256 checksum.

    3. Test the ​ETP Client​ software in a testing environment to confirm its behavior. Make sure you test the client in an environment that contains the same network configuration, VPN, and security applications as production.

    4. Approve ​ETP Client​. For more information, see Approve ​SIA​ Client.

    5. Configure how ​ETP Client​ is upgraded. For more information, see Configure ​SIA​ Client upgrade type.

Download ​ETP Client​

Before you begin

Review Prepare for ​ETP Client​ setup and Set up the desktop client.

An ​Secure Internet Access Enterprise​ (​SIA​) administrator or a delegated administrator can download ​ETP Client​. ​SIA​ also allows you to access and download all previously released versions of the client.

Depending on your operating system, these files are downloaded to your computer:

  • On Windows: etpclient_<versionNumber>_win.msi

  • On Mac: etpclient_<versionNumber>_osx.pkg

    where <versionNumber> is the version number of ​ETP Client​.

To download ​ETP Client​:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ​ETP Client​s.

  2. In the Versions Management tab, locate the file for your operating system. Depending on your operating system, you can also click the Win or Mac tabs to filter ​ETP Client​ versions.

  3. Hover over the latest version of the client for your operating system and click the download icon.

📘

If the browser's pop-up blocker prevents ​ETP Client​ from downloading, make sure you allow pop-ups from ​Akamai Control Center​.

Next steps

  1. Click the Configuration tab and copy the entitlement code to a secure location.

  2. Securely communicate the entitlement code, customer identifier, and SHA-256 checksum value to the IT administrator. To view the checksum value, hover over the client and the icon that contains the hash and check mark.

  3. Validate the SHA-256 checksum.

  4. The IT administrator tests the ​ETP Client​ software in a local testing environment.

  5. After testing is complete and ​ETP Client​ is ready for distribution, approve ​ETP Client​. For more information, see Approve ​ETP Client​.

Validate the SHA-256 checksum

Before you begin

  • Verify that the ​ETP Client​ file is digitally signed by ​Akamai​.

  • Make sure that the ​SIA​ administrator provided the SHA-256 checksum value that is visible in ​SIA​.

After the client file is downloaded, an IT administrator should validate the SHA-256 checksum. Depending on your operating system, use these instructions to compare the SHA-256 value provided in ​SIA​ with the value you get when completing this procedure for your operating system.

On Windows

To validate the SHA-256 checksum on Windows:

  1. Open a command prompt.

  2. Change directories to the location where the client file is located. For example, if the file is located in your Downloads folder, you can enter this command and press Enter:

    cd c:\users\<name>\downloads

    where <name> is the name of your user folder.

  3. Type this command to generate the checksum value and press Enter:

    certutil -hashfile <filename> SHA256

    where <filename> is the name of the .msi file

  4. Verify that the returned checksum value matches the SHA-256 value in ​SIA​. If the values do not match, contact the ​SIA​ administrator to download the client file again and repeat this procedure.

Next steps

The IT administrator tests ​ETP Client​ software in a testing environment. Make sure ​ETP Client​ is tested in an environment that contains the same network configuration, VPN, and security applications as production.

On Mac

To validate the SHA-256 checksum on Mac:

  1. Open a terminal window.

  2. Enter this command:

    shasum -a 256 <fileLocation>

    where <fileLocation> is the full path of the .pkg file on your computer.

    You can also drag and drop the file to the terminal window. The full path appears.

  3. Press Enter. The SHA-256 checksum appears.

  4. Verify that the returned checksum value matches the SHA-256 value in ​SIA​. If the values do not match, contact the ​SIA​ administrator to download the client file again and repeat this procedure.

Next steps

The IT administrator tests ​ETP Client​ software in a testing environment. Make sure ​ETP Client​ is tested in an environment that contains the same network configuration, VPN, and security applications as production.

Approve ​ETP Client​

Before you begin

Download and test ​ETP Client​. See Download ​ETP Client​.

You need to approve ​ETP Client​ before it is installed on end user machines or eligible for upgrade. An IT administrator needs to test the client software before it is approved.

To undo ​ETP Client​ approval, see Undo ​ETP Client​ approval.

You need to be an ​SIA​ administrator to perform this task.

To approve ​ETP Client​:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ​ETP Client​s.

  2. In the Versions Management tab, locate the file for your operating system. Depending on your operating system, you can also click the Win or Mac tabs to filter client versions.

  3. Hover over the client and click the Approve icon.

Next steps

After the client is approved, you can configure how end users are upgraded when a new version of the client is available. For more information, see Configure ​ETP Client​ upgrade type.

Configure ​ETP Client​ upgrade type

Before you begin

Approve ​ETP Client​.

After approving ​ETP Client​, you can select how the client is upgraded on end user machines. You can select from these upgrade options:

  • On Demand: Selected by default. End users are notified when an upgrade is available. End users can select to upgrade or they can select to be reminded about the upgrade in 1, 3, or 7 days.

  • Force Upgrade: ​ETP Client​ is automatically upgraded without user interaction After you select this option, the upgrade occurs at any time within a three-hour window. During this three-hour window, the client indicates that it’s updating.

To configure ​ETP Client​ upgrade type:

  1. In the Threat Protection menu of Enterprise Center, select Clients & Connectors > ​ETP Client​s.

  2. Go to the approved ​ETP Client​, in the Status column, select one of these options:

    • On Demand
    • Force Upgrade

Install ​ETP Client​

After ​ETP Client​ is approved in ​SIA​, an IT administrator distributes the client files to corporate machines with a networked device management solution, such as KACE. You can install ​ETP Client​ on Windows or Mac with a setup wizard or with the command line.

You activate the client on enterprise machines with an entitlement code. If you plan to let users activate the client on their personal computer, make sure the user has the required activation code. To view the entitlement code, see View the entitlement code. For more information on the activation code, see Bring your own device (BYOD) support.

📘

If you use pip and your organization has enabled ​SIA​ Proxy, make sure you also add the ​SIA​ Proxy TLS MITM certificate to the pip configuration file. In the pip.conf file, add this entry:

[global]
cert = /path/certificate.pem

where:
- path _is the path to the certificate
- _certificate is the name of the certificate

Install with the setup wizard

Before you begin

  • Make sure that you have a downloaded Windows or Mac installation file for ​ETP Client​. For more information, see Download ​ETP Client​.

  • Make sure that you verified the SHA-256 checksum value. For more information, see Validate the SHA-256 checksum.

  • Make sure that you have an entitlement code or activation code. To view the entitlement code, see View the entitlement code. For more information on the activation code, see Bring your own device (BYOD) support.

  • If you are installing ​ETP Client​ 3.2.0 or later on Windows and Microsoft Visual C++ is not on the machine, install the redistributable package of Visual Studio (vc_redist.x86.exe). To download this package, see Microsoft documentation on the latest supported versions of Visual C++.

  • Make sure Web Proxy Auto-Discovery (WPAD) for WinHTTP is running on Windows computers. For more information, see Web Proxy Auto-Discovery (WPAD) on Windows.

These steps describe the installation process with the ​ETP Client​ setup wizard. You can perform these steps on a Mac or Windows machine. Test ​ETP Client​ in a local environment before installing it on end-user machines.

To install ​ETP Client​ on an end-user laptop:

Note that after completing this installation process, you can enter an entitlement code or an activation code.

  1. Open the installation file:

    • On Windows: etpclient_<versionNumber>_win.msi

    • On Mac: etpclient_<versionNumber>_osx.pkg

      where <versionNumber> is the version number of ​ETP Client​.

      The client setup wizard appears.

  2. Click Next or Continue.

    The Setup Wizard installs ​ETP Client​.

  3. When the installation is complete, click Next and then click Finish.

    ​ETP Client​ is now installed on the end user's machine.

Next steps

  • After installation, you are prompted for an activation or entitlement code. Enter the code and click Next.

  • If you install version 4.3 or later on macOS, enable ​ETP Client​ network extensions. Do the following:

    1. After installation, a message indicates you must enable the ​ETP Client​ network extensions. From the prompt, click Open Security Preferences. Otherwise, in the Apple menu, you can select System Preferences, and then select Security & Privacy.

    2. If the settings are locked, click the lock icon and enter the system password to unlock the settings.

    3. In the General tab, a message states that the extensions were blocked from loading. Next to this message, click Allow.

Install with a command line

Before you begin

  • Make sure that you have a downloaded Windows or Mac installation file for ​ETP Client​. For more information, see Download ​ETP Client​.

  • Make sure that you have an entitlement code or activation code. To view the entitlement code, see View the entitlement code. For more information on the activation code, see Bring your own device (BYOD) support.

  • If you are installing ​ETP Client​ on a Mac with the command line, you need to create a bootstrap.txt file that contains the entitlement code only. Save the bootstrap.txt file in the same file location as the package.

  • If you are installing ​ETP Client​ 3.2.0 or later on Windows and Microsoft Visual C++ is not on the machine, install the redistributable package of Visual Studio (vc_redist.x86.exe). To download this package, see Microsoft documentation on the latest supported versions of Visual C++.

  • Make sure Web Proxy Auto-Discovery (WPAD) for WinHTTP is running on Windows computers. For more information, see Web Proxy Auto-Discovery (WPAD) on Windows.

Perform this procedure to install ​ETP Client​ with a command line. Select the steps that apply to your operating system.

On Windows

To install ​ETP Client​ with the command line on Windows:

  1. Open Command Prompt as an administrator.

  2. If necessary, change directories to the location where the installation files are located.

  3. Enter the following command and press Enter:

    msiexec /i etpclient_<versionNumber>.msi CODE="<entitlement_code>" /q

    where:

    • <versionNumber> is the version number of ​ETP Client​

    • <code> is the entitlement code or activation code. If you're using the command line to distribute the ​ETP Client​ across many computers with device management software, enter the entitlement code. If you're activating the client on a user's personal computer, you can enter an entitlement code or an activation code.

On Mac

📘

Make sure that you create a bootstrap.txt file that contains the entitlement code only. Save the bootstrap.txt file in the same file location as the package.

To install ​ETP Client​ with command line on Mac:

  1. Open a terminal window.

  2. If necessary, change directories to the location where the installation files are located.

  3. Enter the following command and press Enter:

    sudo launchctl setenv activation_code <code> && sudo installer -pkg <path_installation_file> -target /

    where

    • <code> is the entitlement code or activation code. If you're using the command line to distribute the ​ETP Client​ across many computers with device management software, enter the entitlement code. If you're activating the client on a user's personal computer, you can enter an entitlement code or an activation code.

    • <path_installation_file> is the path to the installation file.

Next steps:

If you install version 4.3 or later on macOS, enable ​ETP Client​ network extensions. Do the following:

  1. After installation, a message indicates you must enable the ​ETP Client​ network extensions. From the prompt, click Open Security Preferences. Otherwise, in the Apple menu, you can select System Preferences, and then select Security & Privacy.

  2. If the settings are locked, click the lock icon and enter the system password to unlock the settings.

  3. In the General tab, a message states that the extensions were blocked from loading. Next to this message, click Allow.

Updated about 2 months ago