How to install & run Ziti Desktop Edge on Windows


This article builds on the OpenZiti Windows documentation with a visual walkthrough of the console.


NetFoundry Ziti Desktop Edge on Windows supports x86/x64 for Windows 8 (currently on Microsoft Extended Support until 2023), Windows 10, Windows 11. We are testing WDE on Windows Server 2012/2016/2019 and it is in beta stage for windows servers.

These instructions apply to Windows operating systems only.


Before you begin:

If your administrator has created an endpoint and you have your registration token, pls proceed to the endpoint installation step.

From the NetFoundry Dashboard with web console click the in the Endpoints tile and then the + in the upper right corner to add a new Endpoint.






Fill out the CREATE A NEW ENDPOINT form with the ENDPOINT NAME and click CREATE




User is presented the “Your Endpoint has been created” screen.  In this example we will be using the Windows Desktop Edge so the user should download the Registration Key.   This is a .jwt (JSON Web Token) file.  Then click on the SELECT AN INSTALLER to be directed to the endpoints downloads page.  NOTE: The QR code is provided only for NetFoundry Mobile Edge endpoints.




Download ZDE endpoint software:

Download your CloudZiti  Ziti desktop edge for windows from 



Select windows

This brings the user to the NetFoundry Ziti GitHub repository.  There are a list of releases, select the top release and the .exe package from the list of files.


Typical windows user will now have 2 files in the downloads folder (unless you chose to download to another location) the .jwt file and the desktop edge .exe.  NOTE: Installer requires elevated permissions. Right click on  Ziti.Desktop Edge Client installer file and select Run as Administrator.




This will launch the installation on the user Windows Machine.  Click Next>




Keep the default file location unless you have a reason to move to another location.  Select Next>




Click Install to execute the installation of the Windows Desktop Edge.  Select to install WinTun driver if prompted. Select YES when prompted in the next screen to allow the application to make changes.




Click Run Ziti Desktop Edge when installation completes.





The Windows Desktop Edge will display and the user will need to click ADD IDENTITY.




You will be brought to your file manager and should navigate to the directory where you saved the .jwt file that was downloaded in the previous steps. Click Open




Once the identity has been enrolled and registered you will see any services you have been granted from the AppWAN definitions. Status = Active and the IP/Hostname/Port of rendered services.





Scheduled updates for ZITI WDE

From the ZITI WDE version 2.1.4, NetFoundry has built the option to notify users about the new WDE version available along with the scheduled time of 1-week for the auto-update to happen.

If the users need to update the ZITI WDE before the scheduled time, they can click on the "Update Now" button to update the ZITI WDE to the latest available version instantly.

ZITI WDE will auto-update by the end of the scheduled time.




Disable ZITI WDE Automatic updates

NetFoundry has built the option for users to disable automatic updates on the Ziti WDE application on version

All endpoints with versions starting “” will have the option to disable automatic software updates on WDE. The user will still be notified if new updates exist.

NetFoundry recommends that the automatic update option is always turned on.




  • Re-enabling auto-update in the future will let WDE be updated to the latest version available. 
  • It is recommended that the users update their WDE software regularly.
  • Any breaking changes in the controller version will require a WDE software upgrade to the latest version in use

Impact of Antivirus and Windows Defender

The Ziti Desktop Edge for Windows provides a local DNS server in order to provide the ability to resolve DNS names that are not recognized outside of Ziti. This is powerful functionality and is how the Ziti Desktop Edge for Windows provides a seamless user experience. If this functionality fails it can be a disruptive experience for those who are not well-versed in DNS and Windows networking in general. In order to rule out external issues to the Ziti Desktop Edge for Windows please consider the following:

  • If any anti-virus (AV) software is running - disable it. After the Ziti Desktop Edge is working properly re-enable the AV software and see if your network connectivity is impacted. If it is - disable the AV again and verify the network works again. You will need to figure out what and how the AV is getting in the way and update the AV to allow the Ziti Desktop Edge for Windows functionality to function properly.

  • Check Windows Defender and ensure it is not blocking port 53 on your TUN IP. There is no easy way to do this at this time but you can perform the following steps:

    • open a command window as administrator (if possible)
    • ensure the correct services are started by running: net start. At the end of the list you should see these two services listed: "Ziti Desktop Edge Service" and "Ziti Desktop Monitor Service".
      • If they are not listed start them by typing net start ziti and net start ziti-montitor (if you could not run as administrator this command will likely result in an error response)
  • find the DNS server by typing ipconfig /all and finding the "DNS Servers". You should see a section similar to this:


  • Use the FIRST ip address listed (shown above as: and run nslookup to probe the DNS: nslookup you should see a response that looks like this:


  • If you do not see this or you get an error response - stop the Ziti data service by issuing: net stop ziti (again this command will fail if you are not an administrator)

The troubleshooting guide for Windows Desktop Edge can be found here.

If you still have a problem, please open a ticket with

Was this article helpful?
7 out of 10 found this helpful



Please sign in to leave a comment.