Transparent traffic interception
For the Threat Protection service, you can enable the Transparent Traffic Interception setting to have the client intercept and capture traffic without modifying browser or operating system settings. This setting allows the client to act as a transparent proxy that forwards DNS traffic to SIA and web traffic to SIA Proxy.
On Windows, Zero Trust Client automatically installs a driver that allows the client to securely capture traffic. The client then forwards DNS traffic to SIA resolvers and web traffic to SIA Proxy.
On macOS, Zero Trust Client 6.0 uses the Apple Network Extension framework to intercept traffic. As you install or upgrade the client, you must allow ETP Client Extensions to use the client and intercept traffic. For more information, see Allow client network extensions on macOS.
This feature is currently in beta on macOS. You must contact Akamai Support to enable it on macOS devices.
If the client was previously set to modify the local web proxy settings, enabling transparent traffic interception will revert the local web proxy to its previous state where no local web proxy is configured.
When using the client with transparent traffic interception, note the following:
- If there is a system crash on a Windows machine (blue screen error), Zero Trust Client disables itself for three minutes.
- You can specify Windows applications that have traffic you don’t want directed to Zero Trust Client. For more information, see Configure local bypass settings in the SIA documentation.
- You can specify the hardware IDs of network interfaces that have traffic you don’t want directed to Zero Trust Client. For more information, see Configure local bypass in the SIA documentation.
When using the client with the Threat Protection service and SIA proxy, review the additional requirements and the network flow that applies to ETP Client. Zero Trust Client with the Threat Protection service and the SIA proxy functions the same as ETP Client with the proxy. For more information, see ETP Client for web traffic.
Enable transparent traffic interception
Transparent traffic interception allows Zero Trust Client to forward DNS traffic to SIA resolvers and web traffic to SIA Proxy without modifying the device operating system or the browser settings.
You must contact Akamai Support to enable transparent traffic interception on macOS devices. On macOS, this feature is currently in beta and supported with version 6.0 only.
Complete these steps to enable transparent traffic interception on Windows.
To enable transparent traffic interception:
- In the Threat Protection menu of Enterprise Center, select Clients & Connectors > Akamai Zero Trust Clients.
- Click the Configuration tab and enable Transparent Traffic Interception.
- Click Save. To save and deploy the settings, click Save and Deploy.
Next steps:
- If you haven’t deployed these settings, make sure you deploy them to the SIA network.
- Click Pending Changes.
- In the list of pending changes, expand the Client Configuration section.
- Select the changes that you want to deploy.
- Click Deploy. A window appears where you can describe the changes.
- Click Deploy.
- If you’ve contacted Support to enable this feature on macOS devices, make sure you allow AZTC extensions. For more information, see Allow client network extensions on macOS.
Allow client network extensions on macOS
Zero Trust Client 6.0 uses the Apple Network Extension framework for transparent traffic interception. If you’ve enabled transparent traffic interception, as you install or upgrade the client, you must allow AZTC extensions.
- Allow client extensions on an individual computer
- Allow client extensions on a device management solution
Allow client extensions on an individual computer
Complete this procedure to allow client extensions on an individual computer.
To allow client network extensions:
-
When transparent mode is enabled, a message appears indicating that you must allow AZTC Extensions. Click Open System Settings.
You can also access these settings from the Zero Trust Client. In the Activity tab where it indicates network extensions are blocked, click Show preferences. This action opens the system settings on the computer.If you want to open these settings from the Apple menu:
- On macOS Monterey, in the Apple menu, select System Preferences.
- On macOS Ventura or macOS Sonoma, in the Apple menu, select System Settings.
-
On macOS Monterey:
- Click the lock icon to unlock these settings. You are prompted to enter your system password.
- Click Use Password and enter your password to unlock these settings.
- Where it indicates that AZTC Extensions were blocked, click Allow. A notification appears that indicates AZTC extensions would like to add a proxy configuration.
- Click Allow.
-
On macOS Ventura or macOS Sonoma:
- In the Privacy & Security settings, navigate to the Security section. A message appears that indicates AZTC Extensions were blocked.
- Click Allow. This update requires system administrator privileges. If prompted, enter the password for your computer.
- A notification appears that indicates AZTC Extensions would like to add a proxy configuration. Click Allow.
Allow client extensions on a device management solution
If you use a device management solution to distribute the client, create a rule that allows the following system extension on macOS.
- Team ID: 6B676QFWFA
- Bundle ID: com.akamai.etpclient.extensions
Updated 8 months ago