NetFoundry Ziti Desktop Edge on Windows supports x86/x64 for Windows 8 (currently on Microsoft Extended Support until 2023), Windows 10, Windows 11. We are testing WDE on Windows Server 2012/2016/2019 and it is in beta stage for windows servers.
These instructions apply to Windows operating systems only.
Before you begin:
If your administrator has created an endpoint and you have your registration token, pls proceed to the endpoint installation step.
From the NetFoundry Dashboard with web console click the in the Endpoints tile and then the + in the upper right corner to add a new Endpoint.
Fill out the CREATE A NEW ENDPOINT form with the ENDPOINT NAME and click CREATE
User is presented the “Your Endpoint has been created” screen. In this example we will be using the Windows Desktop Edge so the user should download the Registration Key. This is a .jwt (JSON Web Token) file. Then click on the SELECT AN INSTALLER to be directed to the endpoints downloads page. NOTE: The QR code is provided only for NetFoundry Mobile Edge endpoints.
Download ZDE endpoint software:
Download your CloudZiti Ziti desktop edge for windows from https://netfoundry.io/resources/support/downloads/networkversion7/
This brings the user to the NetFoundry Ziti GitHub repository. There are a list of releases, select the top release and the .exe package from the list of files.
Typical windows user will now have 2 files in the downloads folder (unless you chose to download to another location) the .jwt file and the desktop edge .exe. NOTE: Installer requires elevated permissions. Right click on Ziti.Desktop Edge Client installer file and select Run as Administrator.
This will launch the installation on the user Windows Machine. Click Next>
Keep the default file location unless you have a reason to move to another location. Select Next>
Click Install to execute the installation of the Windows Desktop Edge. Select to install WinTun driver if prompted. Select YES when prompted in the next screen to allow the application to make changes.
Click Run Ziti Desktop Edge when installation completes.
The Windows Desktop Edge will display and the user will need to click ADD IDENTITY.
You will be brought to your file manager and should navigate to the directory where you saved the .jwt file that was downloaded in the previous steps. Click Open
Once the identity has been enrolled and registered you will see any services you have been granted from the AppWAN definitions. Status = Active and the IP/Hostname/Port of rendered services.
Scheduled updates for ZITI WDE
From the ZITI WDE version 2.1.4, NetFoundry has built the option to notify users about the new WDE version available along with the scheduled time of 1-week for the auto-update to happen.
If the users need to update the ZITI WDE before the scheduled time, they can click on the "Update Now" button to update the ZITI WDE to the latest available version instantly.
ZITI WDE will auto-update by the end of the scheduled time.
Disable ZITI WDE Automatic updates
NetFoundry has built the option for users to disable automatic updates on the Ziti WDE application on version 184.108.40.206
All endpoints with versions starting “220.127.116.11” will have the option to disable automatic software updates on WDE. The user will still be notified if new updates exist.
NetFoundry recommends that the automatic update option is always turned on.
- Re-enabling auto-update in the future will let WDE be updated to the latest version available.
- It is recommended that the users update their WDE software regularly.
- Any breaking changes in the controller version will require a WDE software upgrade to the latest version in use
Impact of Antivirus and Windows Defender
The Ziti Desktop Edge for Windows provides a local DNS server in order to provide the ability to resolve DNS names that are not recognized outside of Ziti. This is powerful functionality and is how the Ziti Desktop Edge for Windows provides a seamless user experience. If this functionality fails it can be a disruptive experience for those who are not well-versed in DNS and Windows networking in general. In order to rule out external issues to the Ziti Desktop Edge for Windows please consider the following:
If any anti-virus (AV) software is running - disable it. After the Ziti Desktop Edge is working properly re-enable the AV software and see if your network connectivity is impacted. If it is - disable the AV again and verify the network works again. You will need to figure out what and how the AV is getting in the way and update the AV to allow the Ziti Desktop Edge for Windows functionality to function properly.
Check Windows Defender and ensure it is not blocking port 53 on your TUN IP. There is no easy way to do this at this time but you can perform the following steps:
- open a command window as administrator (if possible)
- ensure the correct services are started by running:
net start. At the end of the list you should see these two services listed: "Ziti Desktop Edge Service" and "Ziti Desktop Monitor Service".
- If they are not listed start them by typing
net start zitiand
net start ziti-montitor(if you could not run as administrator this command will likely result in an error response)
- If they are not listed start them by typing
find the DNS server by typing
ipconfig /alland finding the "DNS Servers". You should see a section similar to this:
- Use the FIRST ip address listed (shown above as: 100.64.0.1) and run nslookup to probe the DNS:
nslookup github.com 100.64.0.1you should see a response that looks like this:
- If you do not see this or you get an error response - stop the Ziti data service by issuing:
net stop ziti(again this command will fail if you are not an administrator)
The troubleshooting guide for Windows Desktop Edge can be found here
If you still have a problem please open a ticket with firstname.lastname@example.org.