ETP Client on corporate machines

After the client is distributed to corporate laptops or computers, users are protected by ETP. An end user can access the ETP client on their machine. The figure "ETP Client" shows how the client (versions later than 1.2.2) appears when end users access it as an application.

ETP Client

Depending on the connection, end users see one of these statuses:

  • Your device is protected. Indicates DNS requests are monitored and protected as a result of the ETP policy settings. The end user's machine may be on or off the corporate network. However, if the end user's machine is off the corporate network, the Off Network ETP Clients policy applies.

    If ETP Proxy and the forward proxy setting is enabled in a policy, this status also means that web traffic is protected by ETP Client. In this case, you or an administrator configured ETP Client as the local web proxy on the end user’s machine. As a result, ETP Client can forward traffic to ETP Proxy. For more information, see ETP Client for web traffic

    Depending on your configuration, ETP Client may show what type of traffic is protected by the client. If your enterprise includes a local proxy or a local DNS server, the client may also specify what type of traffic is protected by the local network. In addition to the “Your device is protected” status, one of these statuses appear on version 3.0.4 or later of the client:
    • DNS traffic is protected by ETP Client. Web traffic is protected by local network. Indicates that ETP Client forwards DNS traffic to ETP. It also forwards web traffic to the enterprise (on-premises) proxy. ETP Client detected that the on-premises proxy is chained to ETP Proxy. In this scenario, ETP Proxy and the forward proxy setting is enabled in a policy. For more information, see ETP Client for web traffic.
    • DNS traffic is protected by ETP Client. Indicates that ETP Client forwards DNS traffic to ETP. If you or an administrator enabled ETP Proxy to scan only risky web traffic, the client forwards this traffic to the proxy. In this scenario, the forward proxy setting is not enabled in a policy. For more information, see ETP Client for DNS and risky web traffic.
    • DNS traffic is protected by local network. This status appears if ETP Client cannot send requests to ETP because outbound UDP port 53 is blocked in your firewall. This means the end user’s machine is protected only when it’s on the corporate network with a DNS resolver that’s configured to forward DNS requests to ETP. In this case, the local DNS server handles requests.

      If you or an administrator enabled ETP Proxy, ETP Client directs traffic to an on-premises proxy. The on-premises proxy forwards this traffic to ETP Proxy. In this scenario, the forward proxy setting is not enabled in a policy.

    Note: If DNS over TLS (DoT) is enabled for ETP Client, the client shows a locked padlock icon to indicate that traffic is private and encrypted with TLS. For more information, see DNS over TLS.
  • Your device is NOT protected. Indicates that ETP Client is disabled or disconnected, or that the connection is interrupted. This status indicates that ETP client cannot reach Akamai infrastructure, including ETP configuration, ETP DNS, or ETP Proxy. When this status appears, ETP Client changes device DNS and proxy settings to remove itself from traffic interception. The local DNS resolver handles DNS requests and proxy settings are reverted. Since Corporate DNS resolvers should be configured to forward DNS queries to ETP, the resolvers protect an enterprise when the client is disabled or disconnected. This connection status also usually appears temporarily while ETP Client authenticates and connects with ETP.

    If there is an on-premises proxy in the corporate network, this status indicates that the on-premises proxy does not forward web traffic to ETP Proxy.

    An application icon is available for ETP Client on the end user’s Windows desktop toolbar or Mac menu bar. If ETP Client is not protected, this icon appears:

    Note: If your organization uses Windows Server 2012 as a local DNS resolver and all requests are directed to the local DNS resolver before they are directed to ETP, ETP Client shows the “Your device is NOT protected” status. In this situation, Window Server 2012 is not supported with the client.