Akamai Zero Trust Client includes various capabilities that enable advanced users and IT administrators to troubleshoot problems or test different configurations and policies.

Set Log Information Level

Log Information Level lets you control how much client information gets logged for troubleshooting purposes.

How to

Left-click the ZTC icon on the Windows desktop tray bar or the macOS menu bar.
Akamai Zero Trust Client opens.
Click Settings.
In Log Information Level, select the verbosity level of the logs depending on how much information is required:

Debug. Generates debug information about ZTC and connectivity to native applications. This option can slow down the performance of the client due to the length of generated logs. It is intended for troubleshooting purposes for Akamai support and engineering.
Verbose. Logs the health of the client and other more detailed information in the Diagnostics > Alerts tab.
Default. Only error logs are reported for troubleshooting purposes. It can be errors in the ZTC itself or connectivity issues between the native applications and the ZTC on the computer.

Run client diagnostics

The Diagnostics tab lets you run a Quick Test or perform a Full Diagnostic of the client.

Quick Test

The Quick Test functionality examines the status of the Access and Threat Protection components, their connectivity, and configuration downloads from Enterprise Center. Green icon (✓) indicates success and red icon (✗) indicates failure. Orange icon (!) indicates that at least one of the components is disabled and couldn’t be tested or the client cannot perform the test at the moment.

How to

Left-click the ZTC icon on the Windows desktop tray bar or the macOS menu bar.
Akamai Zero Trust Client opens.
Click Diagnostics > Quick Test.
Click Run Quick Test.

If the installation is in good health, the configurations are successfully completed, and components are verified, green icons (✓) appear next to each check.

If any of the diagnostic results are unsuccessful, or marked with a red icon (✗) do the following:

For only a configuration failure, perform a sync operation.
If this doesn't fix the issue or if all checks fail, continue to troubleshoot.
For a connectivity failure, contact your Zero Trust Client administrator to have them confirm that client services are allowed in your organization’s firewall.
Take a screenshot and provide it to your Akamai Zero Trust Client administrator.
Capture logs, device ID, ZTC version and send them to Akamai. Contact support.

Full Diagnostic

The Full Diagnostic performs an in-depth analysis of the client and generates logs for further troubleshooting.
ZTC logs are useful to troubleshoot issues and provide information to the help desk. You can access logs generated by the client and send a zipped version of the logs to your ZTC administrator. This is useful when the administrator contacts Akamai support.

How to

Left-click the ZTC icon on the Windows desktop tray bar or the macOS menu bar.
Akamai Zero Trust Client opens.
Click Diagnostics > Full Diagnostic.
Click Run Full Diagnostic.
Wait for the Full Diagnostic to complete.
Click Save Logs so save the logs on your computer. This creates a zip file that includes all the log files necessary for troubleshooting.
Select the folder or directory where the zipped logs should be saved.
The Activity tab opens.
In the Activity tab, you can see the filename and the location of the newly created logs.
Click Open containing folder to find the zip file with your client logs.
You can now view the logs in a text editor of your choice or share the zip file with your IT administrator for troubleshooting.

Send ZTC logs to administrator

Once you’ve run full diagnostics, you can send the logs directly to Akamai support. To do this, click Send Logs to Admin in the Diagnostics > Full Diagnostic tab.

Check client posture and runtime environment

The Info tab displays device posture information, and lets you verify and monitor the security of your machine. This information is particularly useful when setting up or troubleshooting access control policies (ACL).

📘
Identity Provider is more commonly referred to by its abbreviated name, IDP or IdP.

Information	Description
IDP	Your identity provider creates, maintains, and manages identity information for users, services, or systems. You can check your currently configured IdP hostname here.
Authenticated as	Displays the currently logged in username that you use to authenticate with the IdP.
Network Type	The type of network you are connected to. The following network types are available: On-premises. User is inside a trusted network, like a corporate IT network. This network type is available when you enable trusted network in the identity provider (IdP), and the user satisfies the trusted network policy. The user can override the trusted network settings on their computer inside ZTC. On-premises (using Proxy). User is inside a trusted network, like a corporate IT network and a proxy server is used. This network type is available when you enable trusted network in the IdP, the user satisfies the trusted network policy, and has authenticated with the proxy server (with the correct proxy credentials). The user can override the trusted network settings on their computer inside ZTC. Public. User is outside a trusted network, in a public network (like a cafe, or a hotel network). This network type is available when you enable trusted network in the IdP, and the user does not satisfy the trusted network policy. Also, you can see this network type indication when the trusted network feature is disabled in the IdP. Public (using Proxy). When you enable a proxy server and authentication is done with the correct proxy credentials, ZTC sends the traffic though the proxy server to reach the application server. Captive portal. User is in a public network (like a cafe, or a hotel network) and connected to the captive portal page, but has not authenticated with the credentials. User is not connected to the Internet. Not Connected. User has no Internet connection.
Signal Last Update	Timestamp of the last Info tab update. To force an update, click the Refresh icon.
Device Local User	Your Windows or macOS account username.
OS	Your operating system. Either macOS or Windows.
Version	Version number of your operating system.
Installed Browser(s)	Names and versions of the browsers installed on your computer.
Client (device) ID	Unique client ID generated by ZTC.
Client version	ZTC version currently installed on your computer.
Anti-malware	Informs whether your operating system is protected by anti-malware software.
Firewall	Informs whether your network traffic is secured by a firewall.
Disk Encryption	Informs whether your system disk is encrypted.
Threat Protection	Informs about traffic protected by Threat Protection, if available.
DNS Transport	Indicates how DNS traffic is transported to SIA. This field may show one of these values: DNS over TLS DNS over HTTPS DNS over UDP
HTTP Protection	Transparent traffic interception status. To learn more, see SIA documentation.
Threat Capture	Displays the current ETP mode set in Enterprise Center.
Segmentation Agent Version	Version number of the Segmentation Agent currently running within ZTC.
Segmentation Agent ID	ID used to identify the Agent in Centra.
Segmentation Aggregator IP	IP addresses or hostnames of the Aggregator(s) to which ZTC is associated.

Copy ZTC status and device posture information

The Info tab provides useful information that you can share with your administrator to troubleshoot issues. Follow this procedure to copy your Info to clipboard.

How to

Left-click the ZTC icon on the Windows desktop tray bar or the macOS menu bar.
Akamai Zero Trust Client opens.
Click Info.
In the top right-hand corner, click copy info.
The content of the Info tab is now available in your clipboard. You can paste it in an email or chat window and share it with your administrator.

Force Sync the Client

You can perform an explicit sync to force the configuration information from Enterprise Application Access to the Akamai Zero Trust Client.
The Akamai Zero Trust Client synchronizes to the EAA Login Portal every five minutes for any configuration changes in an application or identity provider. To immediately synchronize the Akamai Zero Trust Client with Enterprise Application Access, you can force an explicit synchronization. If you have any issues with running diagnostics, try to sync.

How to

Left-click the ZTC icon on the Windows desktop tray bar or the macOS menu bar.
Akamai Zero Trust Client opens.
Click Settings.
Click Force Synchronization.

Check Alerts

You can check for different types of alerts in ZTC and use this information to troubleshoot any problems. Increase log verbosity in Set Log Information Level to receive more alerts. Multiple occurrences of the same event are aggregated into a single entry and their total count is displayed.

How to

Left-click the ZTC icon on the Windows desktop tray bar or the macOS menu bar.
Akamai Zero Trust Client opens.
Click Diagnostics.
Click Alerts.

Example:
You add an IP address while configuring tunnel applications to access a local IP within your organization. If it is already present in the routing table, there is a route collision. You get a message:

IP based access may not be working,
reason: Existing specific route: 172.16.0.0 IP gw On-link
Contact Administrator

Here, 172.16.0.0 IP address is already present in the routing table of the gateway and cannot be used for IP based access by 172.16.0.0 IP.

Remote Proxy

Configure ZTC when you have a forward proxy within your organization. Some organizations use a forward proxy server within the corporate network to connect to the Internet. The user's computer connects to the forward proxy server to perform operations like authentication, web filtering, and then the traffic is routed to the Internet.
If ZTC is installed on these machines, organizations require ZTC to forward all Access traffic to the forward proxy before reaching the Enterprise Application Access Cloud.

Before you begin

Specify your secure web proxy (HTTPS) in your OS:

How to

Left-click the ZTC icon on the Windows desktop toolbar or the macOS menu bar.
Click Settings.
Enable Remote Proxy.
Enter your proxy credentials: Username, Password and Domain.
Click OK.
The details of your proxy connection are now displayed in the client.

To learn more about remote proxy, refer to the EAA Client proxy documentation.

On-premises network

An on-premises network is a network within your organization that can be securely accessed and only by the employees. If you are connected to an on-premises network and your IdP is configured to support it, you can enable On-premises to directly access your enterprise applications, bypassing the EAA Cloud and reducing connection delays. Disabling On-premises while connected to a corporate network forces ZTC to route your traffic via EAA Cloud, just as if you were connected to a public network.

How to

Left-click the ZTC icon on the Windows desktop tray bar or the macOS menu bar.
Akamai Zero Trust Client opens.
Click Options.
Enable or disable On-premises.
To learn more about the On-premises functionality, refer to the Enterprise Center for EAA documentation.

Segmentation Agent administration

To control the Segmentation Agent in Zero Trust Client, refer to the available CLI commands in the Guardicore Segmentation documentation (requires Akamai Control Center login):