Prepare for ETP Client setup

Whether you plan to set up the desktop or mobile version of ETP Client or use the client on a user’s personal device, initial configuration tasks are required for ETP Client. Before you set up ETP Client, complete these tasks.

How to

  1. Make sure your enterprise firewall allows traffic for endpoints that are required by ETP Client. For more information, see Update enterprise firewall, on-premise proxy, and allowlists.
  2. Assign a policy to the Off-Network ETP Clients location. For more information, see Assign a policy to the off-network location.
  3. To use ETP Client with the full web proxy, enable the proxy in your policies. Depending on whether your deployment includes an on-premises proxy, you can also configure ETP Client 3.0.4 or later as a proxy on the client computer. For more information, see Enable full web proxy.
    Note: If you do not install version 3.0.4 or later of the client, you cannot direct web traffic from ETP Client to the proxy. In this situation, the full web proxy is only available if you have an on-premises proxy that directs traffic from ETP Client to the proxy.
  4. To secure connections from ETP Client to ETP with DNS over TLS (DoT), select the DoT mode in the policy settings. By default, the mode is Always Attempt. You can change this setting and select the port that’s used. For instructions, see Configure DNS-over-TLS settings.
    Note: Make sure you enable DoT in policies that are associated with the mobile client.
  5. Configure the behavior of ETP Client. For more information, see Configure ETP Client.
  6. Configure the internal IP addresses and DNS suffixes that end users can access in the corporate network. If you plan to let users activate ETP Client on their device, you must also specify the corporate email domains that are associated with the users who will activate the client. For more information, see Configure internal IP addresses, DNS suffixes, and email domains.
  7. To use ETP Proxy, you must distribute the MITM TLS certificate to your devices. For more information, see Certificate distribution and Distribute MITM certificates to ETP mobile devices.

Next steps