How can we help?

Discover Timus features and configurations through quick and easy-to-follow video tutorials. Perfect for a visual walkthrough of our capabilities.

Welcome to the Timus Explainer Videos page!

Explore our comprehensive library of video guides that simplify the essential features and configurations of Timus Networks. Designed for both beginners and advanced users, these quick and engaging tutorials will help you:

• Optimize your setup
• Enhance security
• Leverage advanced tools—all at your own pace.

Setting up Zero Trust Access, The Timus Way

Learn how to configure Zero Trust policies with context-aware access control to protect your network and ensure only the right users have access to the right resources.

Configuring Firewall Rules

Master the creation and management of firewall rules to secure your network, prevent threats, and streamline network traffic.

Web Filtering and Content Blocking 

Learn how to block unwanted content and enforce web filtering policies, ensuring a safe and productive network environment.

Segmenting Traffic With Split Tunneling 

Explore how to segment network traffic effectively, optimizing performance while maintaining security and control.

Timus Connect Installation Walk Through 

Follow this step-by-step installation guide for Timus Connect to get your network running securely and efficiently in no time.

As security threats grow increasingly sophisticated, adopting a Zero Trust framework has become a necessity. Built on the principle of “Never trust, always verify”, Zero Trust ensures that every access request is meticulously validated, protecting your network and confirming user identities.

What Is Zero Trust Access? 🔒

Zero Trust Access is a cutting-edge security approach designed to:

• Authenticate and authorize every access request, whether it's from inside or outside your network.
• Continuously monitor user behavior and device posture during active sessions.
• Protect against unauthorized access, regardless of the user's location or the device they use.

By implementing Zero Trust, organizations reduce vulnerabilities and strengthen their defenses against breaches.

🎬 Learn the Timus Way

Timus Networks Conditional Access the Timus Way 

In this video you'll learn: 

• How Timus continuously monitors and verifies user behavior.
• The step-by-step process to configure and enforce Zero Trust Access policies.
• Real-life use cases demonstrating how Zero Trust prevents potential security breaches.

The Timus Gateway is more than just a security measure; it’s the key to seamless connectivity. By hosting a cloud firewall, it enables secure communication between your network environments. With IPsec tunneling, you can connect your Timus Gateway to an on-premise firewall, ensuring secure and reliable access to data—no matter where it resides.

🎬 Learn the Timus Way

Timus Networks Connecting Branch Offices with IPSec 

In this video you'll explore: 

• How to set up an IPsec tunnel on your Timus Gateway.
• Configuring secure communication with your on-premise firewall.
• Real-world benefits of IPsec tunneling for hybrid network environments.

Timus Adaptive Cloud Firewall: Securing Users Anywhere

In today’s dynamic work environment, where users can connect from virtually anywhere, static security rules are no longer sufficient. The Timus Adaptive Cloud Firewall ensures your security perimeter moves with the user—aligning with their identity rather than just their device or location. This innovative approach enables true secure access at the edge, providing robust protection and seamless connectivity.

Why Choose Adaptive Cloud Firewall Rules?

• User-Centric Security: Policies follow the user, adapting dynamically to their behavior and identity.
• Device and Location Independence: Protect access regardless of the user’s device or connection location.
• Edge Security: Enable secure resource access with real-time, context-aware rules.

🎬 Learn the Timus Way

Timus Networks Granularity within the Timus Firewall 

In this video you'll discover: 

• How to create user-centric firewall rules.
• Real-world examples of adaptive firewall configurations.
• The benefits of aligning security policies with user identity.

A static IP address is more than just a number—it’s the foundation of complete network control. Every Timus Gateway is equipped with a private, static IP address, providing unparalleled visibility, enhanced security, and total control over your network.

🎬 Learn the Timus Way

Timus Networks Locking Down Saas with Static IP

In this video you'll explore: 

• The key advantages of using a static IP address.
• How it enhances network visibility and strengthens security.
• Real-life use cases for SaaS app management and conditional access.

Real-World Applications

1. Secure SaaS Access
   • Scenario: Your team relies on critical SaaS tools like CRM or ERP systems.
   • Solution: Whitelist your static IP to ensure only authorized users on your network can access these tools, reducing unauthorized logins.
2. Remote Workforce Management
   • Scenario: Employees need to connect remotely to access corporate resources.
   • Solution: Use the static IP as the single point of entry to enforce conditional access policies, ensuring secure and monitored connectivity.
3. Improved Threat Detection
   • Scenario: You require better visibility into network traffic to identify potential risks.
   • Solution: Route all incoming traffic through your static IP, enabling streamlined analytics, faster threat detection, and efficient mitigation.

The Timus Secure Web Gateway provides your organization with cutting-edge tools to manage web access, block harmful content, and bolster network security. By utilizing robust web filtering, content blocking, and anti-virus protection at the network layer, you can ensure that users only access safe applications and websites—whether working in the office or remotely.

🎬 Learn the Timus Way

Timus Networks Conent and Category Blocking

In this video you'll learn: 

• How Timus filters malicious websites and risky applications.
• Step-by-step guidance to block inappropriate or harmful content.
• How anti-virus protection safeguards browsing experiences.

Core Features of Timus Web Filtering

🔍 Web Filtering

• Benefit: Protect users from accessing malicious or non-work-related websites.
• How It Works: Apply access policies for specific domains or categories like "Social Media," "Adult Content," or "Phishing Sites."

🚫 Content Blocking

• Benefit: Restrict harmful or distracting content with customizable rules.
• How It Works: Block specific URLs to prevent unauthorized content from entering or leaving the network.

Why Choose Timus Secure Web Gateway?

• Enhanced Productivity: Ensure users stay focused on work-related activities.
• Advanced Protection: Safeguard the network from cyber threats like phishing and malware.
• Centralized Management: Simplify policy management and monitoring through a single interface.

As part of recent improvements to the Partner and Manager portal, access to your tenant via SSO (Single Sign-On) has been restricted. By default, Support teams no longer have access to any tenant. If you would like to grant the Timus Support team access to your tenant, follow the steps below.

Steps to Enable Support Access:

• Log in to the Timus Manager.
• Navigate to the Organization tab.
• Locate the Support Access option.
• Click Create New.

On the opening page, configure the following:

• Set the Expires At field to your desired expiration date. 

• Click Save to apply the changes.

  

Note:

• Enabling this setting grants the Timus Support team permission to access your tenant.
• If you do not enable this setting, the Timus Support team will not be able to assist with tenant related issues.
• Regularly review and update the expiration date to ensure continued access as needed.

For further assistance, please contact the Timus Support team.

This article explains an overview of the primary dashboard within the Timus Manager. Including key indicators, actionable items & insights

The Timus Dashboard is part of Timus Manager. It allows the administrator a comprehensive view of the network, including active users, devices, sites, and events occurring on the client network.

Dashboard components include:

• Users Online: displays the number of users currently connected to the network, providing the administrator with real-time information.
• Devices Online: informs the administrator about the number of devices connected to the network at any given time.
• Sites Online: displays the number of gateways online.
• Traffic: provides the administrator with live and historical data on network traffic, including average upload and download information over the past 4/12/24 hours.

By clicking one of these areas, such as Users Online, you will be redirected to the Users screen. On this screen, the status of the online users within your network is displayed as Active.

Similarly, for Devices Online or Sites Online, you can view the devices and sites listed as Online in the Status section on the respective Devices or Sites screens that will open after clicking.

Most Active Devices: displays the devices that frequently login and out of the network. A maximum of 30 devices can be displayed in the widget.

Most Active Users: displays in order of the users who frequently login and out of the network. A maximum of 30 users can be displayed in the widget.

Events: displays the login and out of users on the network. A maximum of 30 events can be displayed in the widget.

Customizing Widget Display
The Most Active Devices, Most Active Users, and Events widgets allow for further customization to tailor data visibility. Clicking on the three dots in the top-right corner of any of these widgets opens a Configure option. Selecting Configure brings up a modal, where you can specify the number of data to display within the respective widget, providing flexibility to suit your monitoring preferences.

Alerts: shows the total number of events in the upper right corner of the Dashboard as shown in the image below.

These alerts are generated in response to the user/admin sign-in policies under the  Zero Trust Security section.

When you click on the icon, you will be directed to the Alerts page, where you can get more detailed information about the alert.

Profile: Located in the upper right corner of the Dashboard allows you to edit your Account information, Change Password, and change the Session Expiration Time.

Additionally, you can access the Setup Guide or Log out of the interface here.

The partner portal dashboard will provide visibility into customers' relevant information & all data pertaining to your partnership with Timus Networks.

MSPs will leverage the Timus Networks partner portal as their primary dashboard for day to day management of the Timus solution. Within the portal, you will be able to add, remove & manage all clients for both billing and technical management.

Link to - partner portal​

• Administrator permission is not required for version updates.

Open the application. You will see the Timus Connect App End User License Agreement on the screen.

• Read and agree to the EULA.

The e-mail address screen will appear. Enter the e-mail address of your Timus account.

• In the next screen, Select a Network and enter your Password to login. If there is only one network, that network will be selected automatically.If this account is synchronized from a directory service like Microsoft Entra ID(Azure AD), Okta, or Google Workspace, at this moment the login screen will be forwarded to the login screen of that directory service.
• If you check the Keep me logged in option on this screen, the app keeps your login information for your next login.

If you trigger a user sign-in policy of Timus Manager with a behavior when you try to login, you may encounter a different authentication method like two-factor authorization.

The screen that opens is the application's main screen. On this screen, you will see the following menu items:

• Connection
• Account
• Settings
• Support

Connection

Follow the steps below to establish a connection by using the Timus Connect Windows application:

• Enter the login information provided by your company to connect you to the screen.
• The Gateway/Connection screen will appear.
• Here, you will need to select the Gateway. In the gateway selection list, the active sites to which the user is allowed to access will be available.

The round-trip traffic duration to each active gateway will be displayed next to the gateway. The lower the duration, the faster the connection.

• If you want the application to select the gateway for the fastest connection by default, choose Select Fastest.
• If you want to connect via a specific gateway, select this gateway from the drop-down list.
• Click Connect and wait for the connection to be established. Connection information will be updated as Connected in a short time.
• On the connection status screen, you can view the connection status, Private IP Address, and Public IP Address information.
• Click on Disconnect to disconnect.

 

 

 

Account

On the Account menu, you can

• View your account name,
• Manage account,
• End your login session using the Sign Out feature.

 

To change your password:

1. Click Manage account.
2. Enter your current password and then enter your new password and click Confirm.

Settings

On the Settings menu,

• You can select one of the VPN protocols we offer, WireGuard or OpenVPN.
• By enabling the Start on Boot feature, you can ensure that the Timus Connect App is always running without needing to be manually launched every time your device is turned on.
• If you are unable to modify or turn features on or off, it indicates that the administrator has closed that feature to user selection based on their preference.

Split tunnel configuration works on Windows when the tunnel protocol is WireGuard.

Support

On the Support menu, you can

• Install SSL certificates.
• Share your feedback with us.
• Collect logs: When you click this button, a file containing application and system logs will be created in the file patch you specified. This file will mainly be used for support purposes when necessary.
• About: This page will give you some information regarding Timus Connect Version, Device Model, OS Type, OS Name, OS Version, OS Architecture.

Once you have any issues with the Timus Connect Application, you click on Collect log. it will want you to select a folder to create a log file, which will have all the .log files needed for troubleshooting. You can send the file to one of our technical support specialists to have it analyzed.

 

You will get a notification message as shown in the image below once you click on Collect log. This process can take up to 10 seconds.

Once the log file has been successfully created, you will see the pop-up message as shown in the image below.

 

NOTE:

Powershell Script - Windows
To run on a local machine without RMM, you may have to bypass the machine’s execution policy with:
powershell.exe -noprofile -executionpolicy bypass -file '.\Timus Silent Install.ps1'

Windows:

<#
Timus Connect Windows Installation Script
***Always review to make sure you know what a script is doing.***


* DISCLAIMER OF WARRANTIES:
*
* THE SOFTWARE PROVIDED HEREUNDER IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
* ANY WARRANTIES OR REPRESENTATIONS EXPRESS, IMPLIED OR STATUTORY; INCLUDING,
* WITHOUT LIMITATION, WARRANTIES OF QUALITY, PERFORMANCE, NONINFRINGEMENT,
* MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NOR ARE THERE ANY
* WARRANTIES CREATED BY A COURSE OR DEALING, COURSE OF PERFORMANCE OR TRADE
* USAGE. FURTHERMORE, THERE ARE NO WARRANTIES THAT THE SOFTWARE WILL MEET
* YOUR NEEDS OR BE FREE FROM ERRORS, OR THAT THE OPERATION OF THE SOFTWARE
* WILL BE UNINTERRUPTED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#####################################################################################
<#
1. Check to see if the application is already installed
If already installed, exits the script. Otherwise proceeds with section 2.
#>

$appName = 'Timus Connect'
$RegUninstallKey = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*'
$installedApplication = Get-ItemProperty -Path $RegUninstallKey | Where-Object {$_.DisplayName -like "*$appName*"}

if ($installedApplication) {
Write-Host "Application is already installed, exiting script"
} 
else {
Write-Host "Application is not installed." 
}

#####################################################################################
<#
2. Check to see if this is a desktop or laptop by looking for a battery

#!#! Delete this whole line if you want to disable this section #!#! #>

$systemType = "Unknown"
$BatteryStatus = (Get-WmiObject -Class Win32_Battery -EA SilentlyContinue).Status

if ($BatteryStatus) {
$systemType = "Laptop"
} else {
$systemType = "Desktop"
}
Write-Output "This device is a" $systemType

#2.1 At this time I am only automating the Timus installation on laptops

if ($systemType -eq "Desktop") {
Write-Output "The device is a desktop, exiting script."

}
else {
Write-Output "This is a laptop, proceeding with download."
}
#>

#####################################################################################
<#
3. Does the download destination exist?
If not, create download directory
Default download directory is "C:\temp\Timus Networks"
#>

$dlFolder = "C:\temp\Timus Networks"
$dlFolderTest = Test-Path -Path $dlFolder
$dlDest = "$dlFolder\Timus-Connect.exe"
$dlUrl = "https://repo.timuscloud.com/connect/Timus-Connect.exe"
$tempFolderExists = Test-Path -Path "C:\Temp"

if ($dlFolderTest -eq $true) {
Write-Output "Download directory exists, continuing with download."
}
else {
Write-Output "Download directory does not exist, creating directory"
New-Item -ItemType Directory -Path $dlFolder -Verbose -ErrorAction Stop
}

#####################################################################################
<#
4. Starting download to destination
Will try three different methods to download the file: Invoke-WebRequest, WebClient, and finally Start-BitsTransfer.
If all three fail, the script will exit with a failure.
#>

try {
Write-Output "Trying to download..."
Invoke-WebRequest -Uri $dlUrl -OutFile $dlDest
Write-Output "Invoke-WebRequest download was successful, moving on to installation..."
}
catch {
Write-Output "Invoke-Webrequest failed, trying webclient download..."
try {
$webClient = New-Object System.Net.WebClient
$webClient.DownloadFile($dlUrl, $dlDest)
Write-Output "WebClient download was successful, moving on to installation"
} 
catch {
Write-Output "WebClient download failed, starting BitsTransfer..."

try {
Start-BitsTransfer -Source $dlUrl -Destination $dlDest
Write-Output "Downloaded successfully with BitsTransfer, moving on to installation..."
}
catch {
Write-Host "All methods failed. Unable to download the file. Exiting."
Exit 1

}
}
}

#####################################################################################
<#
5. Starts Installation of the Timus Connect App.
Upon error, the script will exit.
Checks registry for uninstall key for Timus Connect.

#>
Start-Process -Wait -FilePath $dlDest -ArgumentList "/S" -PassThru -ErrorAction Stop

#Check for successful install
$appName = 'Timus Connect'
$RegUninstallKey = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*'
$installedApplication = Get-ItemProperty -Path $RegUninstallKey | Where-Object {$_.DisplayName -like "*$appName*"}

if ($installedApplication) {
Write-Host "Application is installed."
} else {
Write-Host "Application is not installed."

}

#####################################################################################
<#
6. Performs cleanup of created files/folders
If download root existed prior to script, will only remove newly created folder.
For example, if C:\temp already existed, the script will only remove C:\temp\Timus Networks
and not C:\temp as a whole.

If download root did not exist, it will delete the whole folder

#>

if ($tempFolderExists -eq $true) {
Write-Output "Temp folder existed prior to download, only removing" $dlFolder
Remove-Item -Path $dlFolder -Recurse -Force
Write-Output "Cleanup complete, exiting..."
Exit 0
}
else {
Write-Output "Temp folder did not exist prior to script, deleting Temp folder..."
Remove-Item -Path "C:\Temp" -Recurse -Force
Write-Output "Cleanup complete, exiting..."
Exit 0

}

This script is designed to automate the installation of a digital certificate into the "Trusted Root Certification Authorities" store on a local machine. It can be distributed and executed via Remote Monitoring and Management (RMM) tools, making it ideal for deploying trusted certificates across multiple systems in a managed environment.
 

# Path to the certificate file
$certPath = "C:\Users\username\Downloads\DESKTOP_CERTIFICATE.der"# Check if the file exists
if (Test-Path $certPath) {
# Import the certificate into the Trusted Root Certification Authorities store
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($certPath) # Add the certificate to the local machine Trusted Root store
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine"
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close() Write-Host "Certificate installed successfully."
} else {
Write-Host "Certificate file not found at $certPath. Exiting."
}        

Note:

Bash Script - Mac
Ensure the script has execute permissions by using the following terminal command:
chmod +x /path/to/script.sh

Mac:

#!/bin/bash

# Check if the machine is a MacBook (laptop)
MODEL_IDENTIFIER=$(system_profiler SPHardwareDataType | awk '/Model Identifier/ {print $3}')
if [[ ! "$MODEL_IDENTIFIER" =~ "MacBook" ]]; then
echo "This script is intended for MacBook models only."
exit 1
else
echo "Thank you for using Timus ZTNA. Your secure remote access will be enabled shortly."
fi

# Specify the name of the app to check if it's installed
APP_NAME="Timus Connect.app"
APP_PATH="/Applications/$APP_NAME"

# Specify the URL and local directory and path for the .pkg
PKG_URL="https://repo.timuscloud.com/connect/Timus-Connect.pkg"
PKG_DIR="/tmp/Timus-Connect"
PKG_LOCAL_PATH="$PKG_DIR/Timus-Connect.pkg"

# Check if the app is already installed
if [ -d "$APP_PATH" ]; then
echo "$APP_NAME is already installed."
else
echo "$APP_NAME is not installed."

# Create the directory if it doesn't exist
[ ! -d "$PKG_DIR" ] && mkdir -p "$PKG_DIR"

# Download the .pkg file from the specified URL
echo "Downloading $PKG_NAME..."
curl -o "$PKG_LOCAL_PATH" "$PKG_URL"
if [ $? -eq 0 ]; then
echo "Download successful!"

# Install the .pkg
echo "Installing $PKG_NAME..."
installer -pkg "$PKG_LOCAL_PATH" -target /
if [ $? -eq 0 ]; then
echo "Installation successful!"

# Open the app
echo "Opening $APP_NAME..."
open "$APP_PATH"

# Optionally, you can clean up by removing the downloaded .pkg
rm "$PKG_LOCAL_PATH"
rmdir "$PKG_DIR" # This will only remove the directory if it's empty

else
echo "Error during installation."
fi

else
echo "Error downloading $PKG_NAME."
fi
fi

exit 0

To handle cases where the initial script does not work for certain Mac models, you can use the alternative script with adjustments below:

MacOS:

#!/bin/bash

# Define variables
DOWNLOAD_URL="https://repo.timuscloud.com/connect/Timus-Connect.pkg"
DESTINATION="$HOME/Downloads/TimusConnect.pkg"
LOG_FILE="/tmp/timus_install.log"

# Ensure the log file is writable
if [[ ! -w $(dirname "$LOG_FILE") ]]; then
    echo "Error: Cannot write to log file at $LOG_FILE. Check permissions or use a different path."
    exit 1
fi

# Redirect script output to log file
exec > >(tee -a "$LOG_FILE") 2>&1
echo "Starting Timus Connect installation: $(date)"

# Ensure the Downloads directory exists
mkdir -p "$HOME/Downloads"

# Download the package
echo "Downloading the package from $DOWNLOAD_URL..."
curl -L -o "$DESTINATION" "$DOWNLOAD_URL"

if [[ $? -ne 0 ]]; then
    echo "Error: Failed to download the package from $DOWNLOAD_URL. Exiting."
    exit 1
fi
echo "Download completed: $DESTINATION"

# Install the package silently
echo "Installing the package..."
sudo installer -pkg "$DESTINATION" -target /

if [[ $? -ne 0 ]]; then
    echo "Error: Installation failed. Exiting."
    exit 1
fi
echo "Installation completed successfully."

# Optional cleanup
echo "Cleaning up downloaded file..."
rm -f "$DESTINATION"
echo "Cleaned up downloaded file: $DESTINATION"

echo "Timus Connect installation completed successfully: $(date)"
exit 0

This guide will walk you through the process of integrating JumpCloud with Timus using SAML 2.0 for secure Single Sign-On (SSO). Follow these steps to configure your JumpCloud application and complete the setup within Timus Manager.

1. Creating an JumpCloud Application

1. Navigate to Applications

   • Log into https://console.jumpcloud.com/login/admin with your credentials.
   • On the left menu, go to SSO Applications.
   

2. Create a New Application

   • If this is your first application, click Get Started. Otherwise, click Add New Application.
   • Search for SAML 2.0 in the application search bar and select it.

   

   • Click Next and give your application a name in the Display Label field.
   • You can also upload a custom logo for the app if necessary.
   • Click Save Application.

   

2. Configuring SAML Settings

After saving, you will be directed to the configuration screen.

1. IdP Entity ID and SP Entity ID: Paste JumpCloud’s provided IDP URL (visible in the SSO tab).

   

   

2. ACS URLs: Default URL: https://auth.timuscloud.com/user/external/saml

• Subject NameID: Set NameID to email

• NameID Format: Select urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified

• Signature Algorithm: Set to RSA-SHA256

• Signing Option: Choose “Assertion and Response”.

  

3. Adding User Attributes

• Click Add Attribute to add required user attributes like firstname and lastname.

4. Assigning User Groups

• Navigate to the User Groups tab and select the user groups that will have access to this SAML application.
• Click Save.

3. Configuring Timus Manager for SAML

1. Access Timus Manager:

   • Sign in to Timus Manager.
   • Go to Settings -> Integrations.

2. Manage SAML 2.0 Integration:

   • Click Manage under SAML 2.0.
   • Fill in the fields according to the mapping provided in the table below.

   JumpCloud Name	Timus Equivalent
   IDP URL	Identifier
   IDP URL	Service URL
   IDP Certificate	X.509 Certificate

   

   Note: The IDP Certificate can be downloaded under the SAML Certificate section in JumpCloud. Make sure to use the Hex format certificate.

This completes the SAML configuration for JumpCloud with Timus. Your users can now authenticate securely through JumpCloud to access Timus applications.

4. Test the Application

• Once the configuration is complete, navigate to console.jumpcloud.com/userconsole with a test user.
• Log in using the assigned user credentials.
• Click on the SAML application you just created.
• Ensure that the user is redirected to Timus, and the sign-in process completes without requiring separate credentials.
• If everything works as expected, the user will be successfully created in Timus, and subsequent logins can be done directly from Timus.

Note: Initial login must happen through JumpCloud’s application to create the user in Timus.

Timus SASE integrates with your favorite tools, including EPPs and ConnectWise PSA, streamlining workflows, boosting security across endpoints and the network, and offering robust data analysis for informed decisions.

1. Identity Providers & Authentication

• Active Directory (on-prem)
  Synchronizes users and groups from Active Directory, enabling users to log in using their AD credentials. Centralizes user management for seamless access with AD-based authentication.
• Google Workspace
  Syncs Google Workspace users and groups with Timus, supporting login through Google Workspace credentials. Simplifies user management for organizations using Google Workspace, ensuring consistent access controls.
• Microsoft Entra ID (cloud)
  Integrates Microsoft Entra ID users and groups with Timus, allowing Entra ID credential sign-in. Suitable for enterprises using Microsoft’s identity solutions to enable secure access.
• Okta
  Syncs users and groups from Okta, permitting sign-in using Okta credentials. Provides robust identity management and access control for organizations with Okta as their primary identity provider.
• SAML 2.0
  Supports secure single sign-on (SSO) integration, allowing users to authenticate using external identity providers once and access their cloud network on Timus. Enhances security and user convenience through centralized authentication. For example, integrating Timus with JumpCloud via SAML 2.0 allows JumpCloud-managed users to log into Timus with their JumpCloud credentials, streamlining access and enhancing security with centralized identity management.

2. Endpoint Protection Platforms

• BitDefender
  Synchronizes BitDefender endpoint protection data with Timus to analyze device posture and security compliance. Monitors endpoint security status, critical for enterprises needing endpoint-level protection insights.
• Heimdal
  Syncs Heimdal endpoint protection status with Timus, enabling device posture analysis across connected endpoints. Ensures devices meet security standards, aiding in endpoint compliance.
• Microsoft Defender
  Integrates with Microsoft Defender to monitor and analyze device posture for each endpoint connected to Timus. Essential for businesses with Microsoft Defender, allowing continuous device health and posture assessment.
• SentinelOne
  Connects SentinelOne endpoint protection to Timus, providing detailed analysis of device posture and security status. Suitable for organizations using SentinelOne, enabling real-time device compliance and risk monitoring.

3. Notifications

• Slack
  Allows Timus to push notifications to a specified Slack channel about user, device, or network threat events. Ideal for teams using Slack for real-time communication, providing visibility into security and user activity alerts.
• Telegram
  Enables a bot to send notifications on network activity, device events, or threat alerts directly to a Telegram channel. Ensures rapid dissemination of critical security updates for organizations using Telegram.

4. Data Synchronization

• Google Sheets
  Provides the ability to export network user data or device sign-in/sign-out logs into Google Sheets for analysis. Facilitates data tracking and reporting by consolidating user activity logs and device information into an accessible format.

5. Billing Integration

• Connectwise PSA
  Streamlines invoicing and billing processes for MSPs, ensuring accuracy by syncing product catalogs and usage data directly with ConnectWise agreements. This reduces manual input, saving time and reducing the risk of errors. With the integration, MSPs can anticipate smoother billing operations, thanks to automated syncing of product and usage data. This integration provides seamless invoicing management, allowing partners to focus on customer success rather than manual billing tasks.

This guide outlines the steps required to establish a secure IPsec connection between Timus and Meter. Follow the configurations below to ensure a successful connection.

Timus Configuration:

Follow the guide below for an example setup. Configure the following settings:

Phase 1 (Parameters):
 

Here is how you can configure Parameters for Phase 1 configurations on Timus
 

• Local Peer Identifier: Timus_Gateway_Public_IP
• Remote Peer Identifier: Meter_Public_IP
• Key Exchange Type: IKEv2
• Preshared Key: Your Preshared Key
• Authentication Algorithm: SHA256
• Encryption Algorithm: AES256
• DH Group: modp2048(14)
• Mode: Main
   

Phase 1 (Miscellaneous):

Here is how you can configure Miscellaneous for Phase 1 configurations on Timus


 

• Responder Only: False
• Margin Time: 60 seconds
• Lifetime: 28800 seconds
• Dead Peer Detection (DPD): Disabled
  • DPD Delay: 10 seconds
  • DPD Max Failure: 5
• NAT Traversal: Disabled

Phase 2 for Timus:

Refer to to the below image for Phase 2 setup. Use these configurations:

• Authentication Algorithm: SHA256
• Encryption Algorithm: AES256
• Protocol: ESP
• Perfect Forward Secrecy (PFS): Enabled
  • PFS Group: modp2048(14)
• Lifetime: 3600 seconds
• Tunnel Protocol: ALL

Meter Configuration:

To add an IPsec VPN tunnel, log into the Dashboard and click Secure Tunnels > IPSec > ‘Add IPSec Tunnel’.
 

Meter provides Phase 1 and Phase 2 configurations into a single panel.

• Local IP or FQDN: Meter WAN Public IP
• Remote IP or FQDN: Timus Gateway Public IP
• Initiator: Timus Gateway Public IP
• Authentication Algorithm: SHA2_256_128 HMAC (128 bit)
• Encryption Algorithm: 256 bit AES-COUNTER
• DH Group: 14
• Preshared Key: Your Preshared Key
• Remote Networks: Add the subnets from Timus. (In this case, 192.168.249.0/24)
• Local Networks: Specify the Meter local subnets.
• Bound WAN Port: Your ISP

Once all configurations are applied, the IPsec connection between Timus and Meter should be successfully established. Follow this guide step by step, referencing the provided images as needed.

Note on Static Routing and Firewall Rules

Static routing rules and firewall access rules are automatically configured by default. However, if this option is not enabled or does not occur automatically, these rules must be created manually to ensure proper communication between Timus and Meter.

• To view the site details, go to Timus Manager and click on the Sites page.
• Find the site whose details you want to view and click on the ellipsis icon in the corresponding row.
• Select "View" to access the page with site details.
• This page contains a summary table titled "Connectivity." The table provides information on three parameters: Connection Health: indicates the overall status and reliability of the connections Throughput: refers to the amount of data that can be transmitted through the network within a given time frame, indicating the network's capacity. Efficiency: measures how effectively the network utilizes its resources to transmit data.

This Connectivity section helps you make informed decisions or take necessary actions to optimize network connectivity.

• The Network Statistics graph shows the Health or Throughput data for the Primary WAN over the Last 7/15 Days, Last Month, or Custom date range.

• List of the networks of the site.
• Site information widget shows the most important details about the site and has the ability to configure the site with the Edit feature at the upper right of the widget.

• Action can be Allow or Deny.
• Status is selected as Enabled by default. Yet, you can select Disabled while creating a rule to make it enabled later.
• The Source can be Network, Site, IP, Location(GeoIP), User, Team, Device, Tag and you are allowed to add multiple sources.
• The Destination can be Network, Site, IP, User, Team, Device, Tag, Category, Website, Keywords and you are allowed to add multiple destinations.
• The service can be selected from the pre-defined list as shown in the image below or you can select Custom to customize the rule. If you would like to define a rule for both TCP and UDP, you can select TCP/UDP as shown in the image below. You are allowed to define multiple services.
• You can block/allow any countries by using the option Location on both Source and Destination.

Services

Service Category
HTTP
Web Access
HTTPS
VoIp
SIP
Database Access
MSSQL_SERVER
MSSQL_MONITOR
MYSQL
POSTGRESQL
Remote Access
RDP
SSH
TELNET
VNC-RFB
RPC
DCE-RPC
File Access
FTP_DATA
FTP_CONTROL
TFTP
SMB
Network Services
DNS
DNS_MULTICAST
DNS_OVER_TLS
DNS_OVER_QUIC
DHCP_SERVER
DHCP_CLIENT
NTP
SNMP
SYSLOG
SSDP_UDP
SSDP_TCP
Email
IMAP
IMAPS
POP3
POP3S
SMTP
SMTPS
Authentication
LDAP
LDAPS
RADIUS
KERBEROS_AUTH
KERBEROS_PWD
KERBEROS_ADMIN
Protocol
HOPOPT
ICMP
IGMP
GGP
IPv4
ST
TCP
CBT
EGP
IGP
BBN-RCC-MON
NVP-II
PUP
ARGUS
EMCON
XNET
CHAOS
UDP
MUX
DCN-MEAS
HMP
PRM
XNS-IDP
TRUNK-1
TRUNK-2
LEAF-1
LEAF-2
RDP
IRTP
ISO-TP4
NETBLT
MFE-NSP
MERIT-INP
DCCP
3PC
IDPR
XTP
DDP
IDPR-CMTP
TP++
IL
IPV6
SDRP
IPV6-ROUTE
IPV6_FRAG
IDRP
RSVP
GRE
DSR
BNA
ESP
AH
I-NLSP
SWIPE
NARP
MIN-IPV4
TLSP
SKIP
IPV6-ICMP
IPV6_NONXT
IPV6_OPTS
CFTP
SAT-EXPAK
KRYPTOLAN
RVD
IPPC
SAT-MON
VISA
IPCV
CPNX
CPHB
WSN
PVP
BR-SAT-MON
SUN-ND
WB-MON
WB-EXPAK
ISO-IP
VMTP
SECURE-VMTP
VINES
IPTM
NSFNET-IGP
DGP
TCF
EIGRP
OSPFIGP
SPRITE-RPC
LARP
MTP
AX.25
IPIP
MICP
SCC-SP
ETHERIP
ENCAP
GMTP
IFMP
PNNI
PIM
ARIS
SCPS
QNX
A/N
IPCOMP
SNP
COMPAQ-PEER
IPX-IN-IP
VRRP
PGM
L2TP
DDX
IATP
STP
SRP
UTI
SMP
SM
PTP
ISIS_OVER_IPV4
FIRE
CRTP
CRUDP
SSCOPMCE
IPLT
SPS
PIPE
SCTP
FC
RSVP-E2E-IGNORE
MOBILITY_HEADER
UDPLITE
MPLS-IN-IP
MANET
HIP
SHIM6
WESP
ROHC
ETHERNET
AGGFRAG
NSH

• Create a Forwarding rule by going to Timus Manager -> Rules -> Forwarding page.

• Once you click on Create New, you will be able to see the page as shown in the image below:

• You can define a range for both source and destination ports like 1000-2000.
• Once you extend the Schedule, you can decide if the forwarding will be active Everyday (all the time) or it will be active for a specific period of time. It has been selected as Everyday by default.

• Map to Port: When enabled, destination ports loop sequentially for source ports.

The Map to Port feature allows you to specify a range of ports on both protocols, TCP or UDP, for instance, 70-75, and map them to a destination range, such as 80-85. Ports are forwarded sequentially: port 70 maps to port 80, port 71 maps to port 81, and so on. This feature is useful for port forwarding in a one-to-one manner."

• View all the traffic in your network with details on Timus Manager -> Insights -> Traffic Logs page,
• Search the list using Time, Source, Action, Destination, Factor parameters on the Logs tab.
• Clear the filters you have created by clicking on Clear All Filters.
• You can gather more information by clicking the icon in the Details section to identify if there's been an issue.

• You are able to check the Rule IDs of the traffic logs to detect which rule allows or denies the traffic.
• If you have previously enabled SSL Inspection for a user or device, you can access detailed data by going to the User or Device tabs.

In the Traffic Logs page, where you can access comprehensive data presented through tables and graphics organized into various tabs. Here's an overview of what you'll find in each tab:

You can download the csv file to get a report for your traffic by clicking on Export at the top right of the screen as shown in the image above.

Only the last 10.000 records will be exported when you have created it.

When you have clicked on the Export button, you will see the pop-up above when the Export process is completed successfully. You can click on Download to get your report.

• User Tab: User Information Top Most Active Users Detailed User Logs Most Active Devices per User Traffic Analysis Most Frequently Accessed Resources Time Spent by Users
• Team Tab: Top Most Active Teams Team-specific Activity Data Most Active Devices within Teams Most Used Resources by Teams Time Spent by Teams
• Device Tab: Device Information Most Active Devices Device-specific Activity Data Most Used Resources by Devices Time Spent on Devices
• Applications Tab: Most Used Applications Application-specific Usage Data
• Website Tab: Most Accessed Resources on Websites
• Network Tab: Most Active Networks

This organized approach allows you to analyze user behavior, team activities, device usage, application preferences, website interactions, and network engagement.

Dive into detailed insights to make informed decisions about your product usage and optimize your resources effectively.

1. Go to Timus Manager -> Insights -> Traffic Logs page.
2. You can view all traffic on the Logs tab without navigating to other tabs.
3. To configure the list, utilize the search bar. To view a specific user's traffic, navigate to the Source heading.
4. Click on "Select" here.
5. Click on "User".
6. Click on "Start typing..." Select a user or scroll down the dropdown menu to find a user and view their traffic logs.

Click on the "Search" button.

By clicking the Search button, you can access a list displaying all the traffic generated by this user on your network.

To access the details of the traffic logs listed, click on the blue info icon located at the far right of the respective line.

You can use the Search bar to display more specific information about the logs you want to see.

Simply insert the desired columns with the appropriate command:

Time: Select the Start and End date of the traffic logs you want to display on the list.

Action: Choose between Drop or Allow.

Destination: Specify Team, Device, IP, Network, Site, or Any.

Factor: Specify Application, Category, Website, Keywords, or Any.

1. Similarly, to see a user's traffic logs and in general, to view all user's traffic logs Click the User tab on this page.
2. To view detailed user traffic, select a user from the Select section at the top of the page.

After selecting the user, you display the following information on the page.

• Most Active Users,
• Users Logs,
• The user's Most Active Devices,
• Traffic,

• Applications and Websites as the user's Most Used Resources,

• Time Spent as applications and websites where the user spends the most time,

• The user's Events on your network.

You can also view traffic details for the following components by going to the Insights dropdown > Traffic Logs page:

• Logs
• User
• Team
• Device
• Application
• Website
• Network

Manage Templates

1. Go to Timus Manager -> Insights -> Automated Reports page.
2. To manage templates, click on the "Manage Templates" button located in the upper right corner of the Reports page.
3. From here, you can view the available templates, which are divided into two categories:
   Predefined and Custom.

Before creating a report, it is important to first manage the templates. This will allow you to choose analytics and insights you want to include in your report, using either predefined or custom templates.

To view the template or create a report using Timus's default Predefined Weekly Template, click the ellipsis icon next to it.

You also have the option to use the template as a basis for a new one:

Create Custom Template

To create a custom template,

1. Click the "Create Custom Template" button in the Manage Templates screen and enter the title of the new template.
2. After entering a title for the new template and clicking the Create Custom Template button, the page for your newly created template will be displayed on your screen.
    
3. To add widgets to the template's screen, click the "Add Widget" button. This will open the
   "Add Widget" pop-up window where you can select the widgets you want to display.
4. After you click the "Add" button, use the drag-and-drop method to move widgets around the page and arrange the template as desired.
5. If you want to view different data ranges or components, you can add the same widget multiple times.
6. Click "Configure" to adjust the number of components displayed in the tables and view data in the widgets with different Data Range Types.
7. 
8. You can choose between Relative or Fixed data range types and select Daily, Weekly, Monthly, or Yearly parameters for the Data Range.

Create Report

1. Next, go to the Reports page and then, either click the "Create Report" button or select
   "Create Report" from the ellipsis icon of the template row on the Manage Templates pop-up screen.
2. On the Create Report screen, enter a title for the report.
3. Select the Type of report and Template.
4. Add recipients from the Recipients section by entering their information and selecting their email language.
   
   
5. Click "Save" and wait for the Successfully Created notification to appear.
6. To view the report, click the ellipsis icon in the row of the report you created, then click "View".
7. To generate the report, click the Actions button in the upper-right corner of the Reports page and select "Generate Report".
8. You will see a notification that says "Report Result successfully created. Click here to see the result in your browser".
9. Click "Here" to view your on-demand report in your browser.
10. When you add a Recipient, your report will be sent to their e-mail address.
11. If you've scheduled a report, the system will automatically generate and send it to the recipient of your choice.
    • The automated report you created for Daily events is scheduled to run every day without any issues.
    • For Weekly events, the report is set to run every Monday.
    • Monthly reports are generated on the 1st day of each month, such as November 1st and December 1st.
    • Yearly reports are generated on January 1st of every year.

Once your report is created, you can view the results by clicking on the Actions button and selecting the Go to Results page option on the report's page.

The generated reports will be saved on the report's page. You can access and view all reports generated on different dates by using the Displayed Report filter.

To configure the widgets, click on the "Show Template" option located on the report page. This is the same process as when you access it from the "Manage Templates" -> "Edit" page.

How does a Timus Partner get support? get help?

We have a wealth of ways to answer your questions or solve your issues. You can use our brand-new help center, submit a ticket in the help portal, email your issues, or chat with us.

Support Hours

Regular Support: Mon - Friday, 8:00 am EST - 5 pm EST

Chat Support: Mon - Friday, 9:00 am EST - 5 pm EST

Severity 1 Support: 24/7 

Submitting a request to Timus Support

Chat:

• Go to support.timusnetworks.com/hc/en-us and click on the chat icon in the bottom right to chat with support during our support hours

Web Form:

• Submit a request by going to www.timus.zendesk.com and clicking on "Submit a request" on the top menu bar. Or you can click on the this link to submit a request.

Email: 

• Send an email to support@timusnetworks.com with as much details as possible for us to solve your issues. Include logs, topology, steps to reproduce, etc., if applicable.

Updating an existing request

Support Portal

• Go to www.timus.zendesk.com and click on your profile icon drop down. Select the option "Request" and navigate to the ticket thats needed an update. Scroll to the bottom and and click on the section called "Add to conversation". 

Email

• Please find the correspondent ticket number messages in your inbox and reply to those emails.

Support Workflow process

Waiting on Partner 

• After our support team communicates and needs additional information from the partner or believes we have solved the issue, we will put the ticket in a "Waiting on Partner" status. The ticket will stay in this status unless you respond. If you do not respond within 3 business days, the status will switch to "Still Issue".

Still Issue 

• If the ticket workflow puts the ticket in "Still Issue" status, and you respond, the ticket will be updated. However, if you do not respond, the ticket will switch to "No Partner Response" status and be considered closed. You can reply to the ticket, and it will be reopened.

Overview:

This article provides troubleshooting steps to resolve common issues related to high CPU and RAM usage, as well as functionality disruptions in the Timus Connect application. It aims to assist in identifying and addressing problems that may arise due to antivirus or endpoint protection software blocking key executables or interfering with the application's native operations. By following these guidelines, users can ensure smooth performance and prevent potential conflicts that could lead to prolonged processes or system slowdowns.

To ensure full compatibility and performance of the Timus Connect application, it is critical that all related executable files are properly whitelisted in both Antivirus (AV) and Endpoint Protection Platform (EPP) tools.

Failing to whitelist these files may cause:

• High CPU and memory usage
• Stuck or unresponsive processes
• VPN connection failures
• Performance degradation due to blocked native API calls or memory hooks

Modern AV/EPP solutions may block more than just the executable file. They often inspect runtime behavior, command-line parameters and system-level API calls. Therefore, it is essential to allow not only the executables but also their full runtime behavior.

✅ Required Executables for Whitelisting

The following files must be excluded from scanning, behavioral analysis, and execution restrictions:

C:\Program Files\Timus Connect\Timus Connect.exe
C:\Program Files\Timus Connect\Uninstall Timus Connect.exe
C:\Program Files\Timus Connect\resources\elevate.exe
C:\Program Files\Timus Connect\resources\service\timus-connect-service.exe
C:\Program Files\Timus Connect\resources\service\timus-helper-service.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\certutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\modutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\pk12util.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\shlibsign.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\certutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\modutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\pk12util.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\shlibsign.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\openssl.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\openvpn.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\openvpn_2.4.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\tapctl.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\tuntap_win\tapctl.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\tuntap_win\tapinstall.exe
C:\Program Files\Timus Connect\resources\service\lib\win\telemetry\timus-telemetry.exe
C:\Program Files\Timus Connect\resources\service\lib\win\wireguard\amd64\timus-wireguard-tunnel-service.exe
C:\Program Files\Timus Connect\resources\service\lib\win\wireguard\amd64\wg.exe

🔐 General Whitelisting Guidelines

To ensure full functionality, perform whitelisting at two levels:

1. Client-Side Agent – Exclude paths directly on the endpoint
2. Central Console – Apply policy-wide exclusions for consistency and scale

For maximum compatibility:

• Exclude by exact file path
• Exclude entire Timus Connect folder to cover future updates

🔧 Configuration by Vendor (Antivirus + EPP)

1. Windows Defender (Microsoft Defender for Endpoint)

Client UI:

• Go to Windows Security → Virus & threat protection → Manage settings → Add exclusions
• Add both individual .exe files and the full folder path

PowerShell (for bulk deployment):

Add-MpPreference -ExclusionPath "C:\Program Files\Timus Connect"

Microsoft Defender for Endpoint (MDE Console):

• Go to Device Configuration → Endpoint Security → Antivirus → Policy
• Add exclusions under Microsoft Defender Antivirus settings

2. BitDefender GravityZone

Control Center:

• Navigate to Policies → Antimalware → Settings → Exclusions
• Add file paths for all relevant executables and their subfolders
• If “Advanced Threat Control” flags the app, add a Process Exception

Client:

• Open local agent settings → Go to Protection → Manage Exclusions
• Add relevant paths manually

3. SentinelOne

Management Console:

• Navigate to Threat Protection → Exclusions
• Add executables by path
• Create Behavioral AI exclusions to allow elevated processes and tunneling apps (OpenVPN/WireGuard)

Note: SentinelOne client does not support local UI configuration—central management only.

4. CrowdStrike Falcon

Cloud Console:

• Go to Configuration → Prevention Policies
• Add to “Allow List” using exact path
• Confirm that the process is excluded from behavioral blocking policies (e.g., “Process Injection” or “Credential Access” rules)

5. Trend Micro Apex One

Control Manager:

• Navigate to Policy Management → Agent Settings → Exceptions
• Add both file and folder exclusions
• Include all child .exe under Timus Connect path

Client:

• Right-click agent icon → Go to Settings → Scan Exceptions

6. Symantec Endpoint Protection

SEPM Console:

• Go to Policies → Exception Policies → Windows Exceptions
• Add by File, Folder, and optionally by File Type (.exe)

Client:

• Open SEP UI → Settings → Configure Exceptions

7. McAfee Trellix Endpoint Security

ePolicy Orchestrator (ePO):

• Go to Policy Catalog → Endpoint Security Threat Prevention → Access Protection → Exclusions
• Add by path and allow for:
  • Read/Write Access
  • Memory Access

Client Console:

• Open ENS client → Go to Threat Prevention → Show Advanced Settings → Exclusions

8. ESET Endpoint Security

ESET PROTECT Console:

• Go to Policies → Detection Engine → Exclusions
• Add all Timus .exe files and folders

Client Interface:

• Open ESET UI → Setup → Detection Engine → Manage Exclusions

9. ThreatLocker

Portal:

• Navigate to Application Control → Policies → Add Policy
• Create a custom group for Timus Connect
• Approve each executable manually
• Ensure compatibility with Ring0 operations (driver/low-level calls)

⚠️ Additional Notes on Runtime Behavior

• Some Timus components use privilege elevation (elevate.exe), create or manage services, and perform tunneling operations using OpenVPN and WireGuard.
• EPPs with behavioral engines may falsely classify this behavior as malicious.
• We strongly recommend creating behavioral exclusions where applicable to allow full functionality.
• Monitor the application’s performance post-deployment and check for flagged events in your EPP logs.

⚠️Additional Step: Run System File Checker (SFC) and DISM

If you continue to experience high CPU, RAM usage, or functionality issues after whitelisting the executables, it may be helpful to run the System File Checker (SFC) and DISM commands to repair potential system file corruption. Follow these steps:

1. Open Command Prompt as Administrator.
2. Run the following command to check for and repair corrupted system files:

   sfc /scannow

3. Once SFC completes, run the following DISM command to repair the Windows image:

   DISM /Online /Cleanup-Image /RestoreHealth

These steps can help resolve underlying system issues that might be contributing to performance problems or functionality disruptions.

Summary of Actions

Overview

This article provides a step-by-step guide for resolving JavaScript errors when installing or launching the Timus Connect application on Windows. These errors are commonly caused by missing permissions or interference from endpoint security tools like BitDefender, Windows Defender, SentinelOne, and ThreatLocker. You’ll also learn how to properly configure exclusions and allowlisting to ensure smooth installation and operation.

Uncaught Exception: Error: EPERM: operation not permitted, mkdir ‘C:\ProgramData\Timus Connect’

This error indicates that the installer was unable to create a required folder due to permission issues or security software interference.
A similar error may also occur when attempting to create:

• C:\Program Files\Timus Connect

✅ Pre-Installation Checklist

Before proceeding, ensure the following:

• Administrator Rights
  The installer (Timus-Connect.exe) must be run with elevated privileges.
• Disable Conflicting Tools
  Close any VPN or network security tools (e.g., Todyl, other VPN clients) that may interfere with the network stack.
• Stable Internet Access
  Ensure the machine can access Timus services—see allowlisting requirements below.

🛠 Step-by-Step Resolution

1. Run the Installer as Administrator

• Right-click on Timus-Connect.exe → Select Run as administrator
• If deploying via RMM, ensure it's executed in the Local System or Admin context
• ⚠️ Do not run the installer from a network share—copy it to a local folder first

2. Manually Create Required Folders (Optional Workaround)

To prevent EPERM errors:

• Open File Explorer or Command Prompt as Administrator
• Create required folders:

  mkdir "C:\ProgramData\Timus Connect"
  mkdir "C:\Program Files\Timus Connect"
  

• Set folder permissions:
  • Right-click folder → Properties → Security → Edit
  • Add the Users group with at least Modify rights
  • Ensure Administrators and SYSTEM have Full Control

⚠️ Only grant the minimum permissions required. Avoid giving "Everyone" access.

3. Configure Security Software

🔒 Bitdefender (Endpoint or GravityZone)

• Policy → Antimalware → Exclusions
  Add:
  • C:\ProgramData\Timus Connect
  • C:\Program Files\Timus Connect
  • Timus-Connect.exe
• Firewall: Allow outbound HTTPS over port 443 (TCP/UDP)

🛡 SentinelOne

• Local Agent:
  • Add exclusions for Timus-Connect.exe, C:\ProgramData\Timus Connect, and C:\Program Files\Timus Connect
  • Add app to Controlled Folder Access
• Managed Environment:
  • Ask your security admin to allowlist the hash of Timus-Connect.exe
• Optionally, temporarily disable protection during installation

🔰 Windows Defender

• Add the following under:
  Windows Security → Virus & Threat Protection → Exclusions
  • Folder: C:\ProgramData\Timus Connect
  • Folder: C:\Program Files\Timus Connect
  • File: Timus-Connect.exe
• If Controlled Folder Access is enabled:
  • Allow Timus-Connect.exe via:
    Manage ransomware protection → Allow an app through Controlled folder access

⚙️ ThreatLocker

• Allow Timus-Connect.exe in Application Control policies
• Whitelist paths:
  • C:\ProgramData\Timus Connect
  • C:\Program Files\Timus Connect
• If issues persist, temporarily switch to Audit Mode during install

⚠️ Re-enable protection immediately after installation

4. Allowlist Required Domains & Ports

🔗 Domains

If wildcard rules are supported, allow:

• *.timusnetworks.com
• *.timuscloud.com

Otherwise, allow:

• auth.timuscloud.com
• user.timuscloud.com
• device.timuscloud.com
• config.timuscloud.com
• my.timusnetworks.com

🌐 Ports

Ensure the following are allowed:

If behind a proxy, configure it to allow Timus-Connect.exe access to these domains over port 443.

5. Re-run the Installer

• Reboot the machine (recommended)
• Try to install Timus Connect Application again.

This article explains how to troubleshoot IPsec tunnel issues and interpret related error codes for effective diagnosis and resolution.

Start by reviewing the View IPsec Logs article to locate IPsec logs within the Timus Manager.

Here are the IPsec error codes for both Initiators and Responders, along with their corresponding fixes.

Certain Endpoint Protection (EPP) and network security solutions can interfere with Timus Connect by modifying the system’s routing table. This interference disrupts VPN functionality, particularly for users relying on IPsec tunnels, split tunneling, and other VPN-related configurations. Additionally, kindly review the routing table to confirm there are no unusual entries that could be contributing to the issue.

Symptoms:

• Users are unable to access resources through Timus Connect.
• Network traffic is improperly routed due to altered routing tables.
• The connection appears active but fails to transmit data correctly.

Example: Todyl (SGN Connect) Interference on Windows

When Todyl (SGN Connect) is installed and actively running, it overrides routing tables to establish its own connection priorities. This can conflict with the routes set by Timus Connect.

Example of Routing Table Showing Interference (Windows):

Network Destination        Netmask          Gateway                Interface            Metric
0.0.0.0                    0.0.0.0          192.0.x.x (Todyl)      192.168.1.x           x

Cause:

EPP and network security software, such as Todyl (SGN Connect) and similar tools, manipulate routing tables to enforce security policies. These modifications may unintentionally disrupt Timus Connect’s intended network routes.

Workaround / Solution:

1. Disable or Uninstall Todyl (SGN Connect):

   • If the issue persists, temporarily disable the interfering software while using Timus Connect or uninstall it entirely:
   • Windows: Go to Control Panel > Programs and Features > Uninstall a program and remove the conflicting application.
   • MacOS: Use the application manager or terminal commands to remove it.

    

   Restart Timus Connect Application:

   • Restart the Timus Connect application to ensure it can properly update its routes.
   • Alternatively, you can restart the service from the system icon by right-clicking the Timus app and selecting the restart option (Windows & MacOS).

   

2. Routing Table:
   • Adjust routing tables to restore Timus Connect’s intended routes. To do this:
     • Windows: Run ipconfig /all to check active adapters, then use route print to view routing tables.
     • MacOS: Use netstat -nr to check routing tables.
     • Identify your SGN Connect gateway and compare it to the intended Timus Connect route.

Example of Correct Routing Table for Wireguard (Windows):

Network Destination        Netmask              Gateway             Interface        Metric
0.0.0.0                    128.0.0.0          192.168.249.x         192.168.249.3       x
128.0.0.0                  128.0.0.0          192.168.249.x         192.168.249.3       x

Recommendation:

If you encounter this issue, consider reviewing your routing table configurations using your terminal. First, check the active adapters by running ipconfig /all (Windows) or ifconfig (MacOS). Then, inspect the routing table using:

• Windows: route print
• MacOS: netstat -nr

Check for any entries inserted by security software. If another VPN or EPP is overriding the routing table, Timus Connect may not function as expected. Ensuring that only one VPN solution is managing network routes is crucial for maintaining proper connectivity.

Are you experiencing slower speeds than expected after connecting to the Timus Network? 

Several factors can contribute to this, but don't worry! This guide will help you troubleshoot the issue and get your connection back up to speed.

Initial Steps:

1. Application Updates: Ensure you're using the latest version of the Timus Network client application. Outdated software can sometimes lead to performance issues. You can set automatic updates within the Timus Network client application by accessing your device settings within manage.timusnetworks.com.
2. Conflicting Software: Uninstall any other VPN or network software running in the background. Even unused software might consume resources and affect your bandwidth.

If your client is up-to-date and there are no other programs running that could impact your connectivity. Please check the following troubleshooting steps:

• Check Maximum Transmission Unit (MTU)
• Ping Test with Varying Packet Sizes
• Identify Network Issues (Traceroute & MTR)
• Check Endpoint Configuration
• Performance Testing (Optional)
• Quality of Service (QoS) and ISP Throttling
• Firewall and Security Software

1. Identify Current MTU Setting

macOS:

1. Open Terminal.
2. List network services:

   networksetup -listallnetworkservices
   

3. Check current MTU:

   networksetup -getMTU <network_service>
   

Windows:

1. Open Command Prompt.
2. Check current MTU:

   netsh interface ipv4 show interfaces
   

2. Ping with Specific Packet Sizes

macOS:

1. Open Terminal.
2. Ping with a specific packet size:

   ping -D -s 1472 <gateway_public_ip>
   

Windows:

1. Open Command Prompt.
2. Ping with a specific packet size:

   ping -f -l 1472 <gateway_public_ip>
   

3. Adjust Packet Size Incrementally:
   • Start with 1472 bytes.
   • Reduce the packet size by small increments if you encounter packet loss or errors.
   • Find the largest packet size that does not result in fragmentation or packet loss.

3. Use Traceroute and MTR

Traceroute:

macOS:

1. Open Terminal.
2. Install traceroute (if not already installed):

   brew install traceroute
   

3. Run traceroute:

   traceroute <gateway_public_ip>
   

Windows:

1. Open Command Prompt.
2. Run tracert:

   tracert <gateway_public_ip>
   

MTR:

macOS:

1. Open Terminal.
2. Install mtr (if not already installed):

   brew install mtr
   

3. Run mtr:

   mtr -rw <gateway_public_ip>
   

Windows:

1. Open Command Prompt.
2. Install WinMTR (if not already installed) from https://sourceforge.net/projects/winmtr/.
3. Run WinMTR and enter the gateway IP to start the test.

4. Check Endpoint Configuration

ipconfig /all

macOS:

1. Open Activity Monitor.
2. Monitor CPU and memory usage to ensure they are not maxed out during the VPN connection.
3. Check network interface for errors:

   ifconfig
   

Windows:

1. Open Task Manager.
2. Monitor CPU and memory usage to ensure they are not maxed out during the VPN connection.
3. Check network interface for errors:

   ipconfig /all
   

5. Performance Testing

macOS and Windows:

1. Download and install iPerf3 from https://iperf.fr/.

2. Run iPerf tests to measure raw throughput with and without VPN:

   Download Test:

   iperf3 -c ash.speedtest.clouvider.net -p 5200-5209 -t 10 -P8 -R

   Upload Test:

   iperf3 -c ash.speedtest.clouvider.net -p 5200-5209 -t 10 -P8

During both the Download Test and Upload Test, please wait for the [SUM] result. The [SUM] values should be checked and considered carefully when reviewing the results.

6. Quality of Service (QoS) and ISP Throttling

macOS and Windows:

1. Check network QoS settings on your router or network management interface to ensure no QoS rules are throttling VPN traffic.
2. Confirm with the ISP that there is no throttling of VPN traffic.

7. Firewall and Security Software

macOS:

1. Open System Preferences.
2. Review firewall settings to ensure they are not limiting VPN throughput.
3. Check any installed security software for settings that might affect VPN performance.

Windows:

1. Open Control Panel.
2. Review Windows Defender Firewall settings to ensure they are not limiting VPN throughput.
3. Check any installed security software for settings that might affect VPN performance.

Additional Notes:

• If you're using macOS and don't have Homebrew installed, use the following command in Terminal: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" to install it.  

If none of these steps resolve your bandwidth issue, please contact Timus Network support for further assistance at Support@timusnetworks.com 

What no gateways available mean and possible scenarios

This information message means that if the user is not allowed to connect to any gateway, a specific message will appear in the Timus Connect application.

The administrator must select the remote site for the user in the manager.

But there can be another root cause to show this error when;

• User might not access the Timus Cloud services or doesn’t have internet access.

To verify that, please run:

ping user.timuscloud.com
ping device.timuscloud.com

Also, try to go to user.timuscloud.com or device.timuscloud.com from the browser. If user can not reach connect application will not able to connect.

• timus-connect-background service is not running

  Go to Activity Monitor (Mac) or Task Manager (Windows) on your device and find timus-connect-service.

  Alternatively, you can go to http://localhost:49202 in your browser. If you see the output, it means the service is running.

  

  If you validate that the service is not running, please follow these steps:

  • [MacOS] Validate if service is running

    • Check if the plist file exists

      • Run the commands below to check if they exist:

        #for connect service
        cat /Library/LaunchDaemons/timus-connect-service.plist
        
        #for helper service
        cat /Library/LaunchDaemons/timus-helper-service.plist
        

      • After running the commands, if they exist, please run this command to load the service. After running, please check if the service has started.

        # Avoid if error occurs after running these commands. This is just a make sure none of instance exist on device
        sudo launchctl unload /Library/LaunchDaemons/timus*
        sudo launchctl load /Library/LaunchDaemons/timus*
        

  • [Windows] Validate if service is running

    Find services from search

    

    Make sure this 2 services are exist

    

    If they are not exist and running state try to install them manually see if any error occurs. For clean service install run these commands

    sc.exe stop timus-helper-service
    sc.exe stop timus-connect-service
    
    taskkill /F /IM "timus-connect-service.exe"
    taskkill /F /IM "timus-helper-service.exe"
    
    sc.exe delete timus-connect-service
    sc.exe delete timus-helper-service
    
    cd C:\\Program Files\\Timus Connect\\resources\\service
    
    timus-connect-service.exe -service install && timus-connect-service -service start
    timus-helper-service.exe -service install && timus-helper-service -service start
    

  After validation, if you see that the services are still not running and nothing works, try to start the service manually and check if any crashes occur.

  • [MacOS] Validate if service crash

    Run this command and see if service works

    #for connect service
    sudo /Applications/Timus\\ Connect.app/Contents/Resources/service/timus-connect-service
    
    #for helper service
    sudo /Applications/Timus\\ Connect.app/Contents/Resources/service/timus-helper-service
    

  • [Windows] Validate if service crash

    Run these commands

    cd C:\\Program Files\\Timus Connect\\resources\\service
    timus-connect-service.exe
    

  Let’s assume that a crash happened, which in most cases (99%) is a permission issue.

  At this point, it is better to perform a clean setup by removing all files we have and reinstalling Timus Connect. Please find the section with the clean setup steps for Timus Connect.

  Sometimes, SentinelOne, Bitdefender, or other security tools can prevent Timus Connect from working. We can confirm this by checking the task manager or asking the customer.