How can we help?

Find help articles, troubleshooting guides, and tutorials

Search

image
Explainer Videos

Video tutorials explaining how to set up various aspect of Timus tutorials listed on this Knowledge Base page

image
Quick Set-Up

A quick guide to setup Timus and be up and running in no time

image
Use Cases

Learn how others use Timus to secure their clients

image
FAQ

Browse the frequently asked questions when using Timus

image
YouTube Videos

Explore our YouTube channel for how-to videos, partner use, and insights on Timus and the MSP space.

image
Certified Specialist Exam

This exam assesses your proficiency and understanding of some of the key functionalities of the Timus’ Zero Trust Network Security Solution.

logo

Documentation

Here, you'll find comprehensive guides, tutorials, and references to help you seamlessly navigate our products and services.

Read More
logo

Feature Request

Looking for a feature? Share your suggestion and get the community to vote, helping us improve our products and services.

Read More

Popular articles

Explainer Videos

Welcome to our explainer videos page! Here, you'll find a variety of guides that walk you through essential features and configurations of Timus Networks. These quick, easy-to-follow videos are designed to help you with everything from setup and configuration to more advanced topics, making your experience with Timus smoother and more efficient. Whether you're a beginner or looking for advanced tips, these videos will guide you every step of the way.

Setting up Zero Trust Access, The Timus Way

Configuring Firewall Rules

Web Filtering and Content Blocking 

Segmenting Traffic With Split Tunneling 

Timus Connect Installation Walk Through 

See more
Setting up Zero Trust Access, The Timus Way

The Zero trust framework is build around the mindset where you never trust, always verify. See the two minute video below showing how Timus verifies key user behaviors to ensure you are who you say you are.

See more
Configuring an IPsec Tunnel

The Timus Gateway hosts a cloud firewall that performs various functions. See below video showing configuration of an IPsec tunnel from the gateway to an on-premise firewall, giving users connectivity to data no matter where it lives.

 

See more
Configuring Firewall Rules

With users working from anywhere, the security perimeter is wherever the user is. The Timus adaptive cloud firewall rules follow the user and their identity, not just their device or location, enabling true secure access at the edge.

 

See more
How a Static IP Address Provides Maximum Network Control

Each Timus gateway comes standard with a private, static IP address. Benefits include: - Lock down SaaS apps via IP Whitelisting - Single point of entry to the network, providing deeper visibility - Further defining conditional access

 

See more
Web Filtering and Content Blocking

At the network layer, Timus' Secure Web Gateway enables web filtering, content blocking and anti-virus to ensure that users are accessing safe applications and sites while working.

 

See more
Timus Dashboard

This article explains an overview of the primary dashboard within the Timus Manager. Including key indicators, actionable items & insights

The Timus Dashboard is part of Timus Manager. It allows the administrator a comprehensive view of the network, including active users, devices, sites, and events occurring on the client network.

Dashboard components include:

  • Users Online: displays the number of users currently connected to the network, providing the administrator with real-time information.
  • Devices Online: informs the administrator about the number of devices connected to the network at any given time.
  • Sites Online: displays the number of gateways online.
  • Traffic: provides the administrator with live and historical data on network traffic, including average upload and download information over the past 4/12/24 hours.

 

By clicking one of these areas, such as Users Online, you will be redirected to the Users screen. On this screen, the status of the online users within your network is displayed as Active.

 

 

Similarly, for Devices Online or Sites Online, you can view the devices and sites listed as Online in the Status section on the respective Devices or Sites screens that will open after clicking.

 

Most Active Devices: displays the devices that frequently login and out of the network. A maximum of 30 devices can be displayed in the widget.

Most Active Users: displays in order of the users who frequently login and out of the network. A maximum of 30 users can be displayed in the widget.

Events: displays the login and out of users on the network. A maximum of 30 events can be displayed in the widget.

Alerts: shows the total number of events in the upper right corner of the Dashboard as shown in the image below.

These alerts are generated in response to the user/admin sign-in policies under the  Zero Trust Security section.

When you click on the icon, you will be directed to the Alerts page, where you can get more detailed information about the alert.

Profile: Located in the upper right corner of the Dashboard allows you to edit your Account information, Change Password, and change the Session Expiration Time.

Additionally, you can access the Setup Guide or Log out of the interface here.

 

See more
Partner Portal

The partner portal dashboard will provide visibility into customers' relevant information & all data pertaining to your partnership with Timus Networks.

MSPs will leverage the Timus Networks partner portal as their primary dashboard for day to day management of the Timus solution. Within the portal, you will be able to add, remove & manage all clients for both billing and technical management.

Link to - partner portal

 

See more
Timus Connect App Management
This article explains how to download and install versions of the Timus Connect App that are suitable for different operating systems.
To install Timus Connect App on your device:
  1. Open Timus Manager and go to Settings > Downloads page.
  2. Find the row on the Downloads page that corresponds to the name, version and icon of your device's operating system.
  3. Click the "Copy Link" button, then paste the link you copied into your browser's search bar and press Enter to begin the download.
  4. Alternatively, you can directly click the "Download" button to start the download process.

For more information on Timus Connect App versions for different operating systems, go to:

See more
Timus Connect App for Microsoft Windows® User Guide
This document is a guide explaining the use of the Timus Connect App for Microsoft Windows® application. This application secures your connection by establishing an encrypted tunnel to the Timus Platform.
Download Steps
  1. Download and install the Timus Connect App from: https://www.timusnetworks.com/resources/documents-and-downloads/.
    • Administrators can also download the app from Timus Manager > Settings > Downloads page.

When installing Timus Connect App onto desktop devices for the first time, the account must have administrator permission in order to install the application onto the device.

If Timus Connect App's background service is completely stopped for any reason, administrator permission will be required to access the application.

  • Administrator permission is not required for version updates.

Open the application. You will see the Timus Connect App End User License Agreement on the screen.

  • Read and agree to the EULA.

The e-mail address screen will appear. Enter the e-mail address of your Timus account.

  • In the next screen, Select a Network and enter your Password to login. If there is only one network, that network will be selected automatically.If this account is synchronized from a directory service like Microsoft Entra ID(Azure AD), Okta, or Google Workspace, at this moment the login screen will be forwarded to the login screen of that directory service.
  • If you check the Keep me logged in option on this screen, the app keeps your login information for your next login.

If you trigger a user sign-in policy of Timus Manager with a behavior when you try to login, you may encounter a different authentication method like two-factor authorization.

The screen that opens is the application's main screen. On this screen, you will see the following menu items:

  • Connection
  • Account
  • Settings
  • Support

Connection

Follow the steps below to establish a connection by using the Timus Connect Windows application:

  • Enter the login information provided by your company to connect you to the screen.
  • The Gateway/Connection screen will appear.
  • Here, you will need to select the Gateway. In the gateway selection list, the active sites to which the user is allowed to access will be available.

The round-trip traffic duration to each active gateway will be displayed next to the gateway. The lower the duration, the faster the connection.

  • If you want the application to select the gateway for the fastest connection by default, choose Select Fastest.
  • If you want to connect via a specific gateway, select this gateway from the drop-down list.
  • Click Connect and wait for the connection to be established. Connection information will be updated as Connected in a short time.
  • On the connection status screen, you can view the connection status, Private IP Address, and Public IP Address information.
  • Click on Disconnect to disconnect.
 
 
 

Account

On the Account menu, you can

  • View your account name,
  • Manage account,
  • End your login session using the Sign Out feature.
 

To change your password:

  1. Click Manage account.
  2. Enter your current password and then enter your new password and click Confirm.

Settings

On the Settings menu,

  • You can select one of the VPN protocols we offer, WireGuard or OpenVPN.
  • By enabling the Start on Boot feature, you can ensure that the Timus Connect App is always running without needing to be manually launched every time your device is turned on.
  • If you are unable to modify or turn features on or off, it indicates that the administrator has closed that feature to user selection based on their preference.

Split tunnel configuration works on Windows when the tunnel protocol is WireGuard.

Support

On the Support menu, you can

  • Install SSL certificates.
  • Share your feedback with us.
  • Collect logs: When you click this button, a file containing application and system logs will be created in the file patch you specified. This file will mainly be used for support purposes when necessary.
  • About: This page will give you some information regarding Timus Connect Version, Device Model, OS Type, OS Name, OS Version, OS Architecture.
Once you have any issues with the Timus Connect Application, you click on Collect log. it will want you to select a folder to create a log file, which will have all the .log files needed for troubleshooting. You can send the file to one of our technical support specialists to have it analyzed.
 

You will get a notification message as shown in the image below once you click on Collect log. This process can take up to 10 seconds.

Once the log file has been successfully created, you will see the pop-up message as shown in the image below.

 
To install an SSL Certificate, follow these steps:
  1. Open the Timus Connect app.
  2. Enter your E-mail Address and click on the Continue button.
  3. Choose your Network to connect with.
  4. Enter your Password.
  5. Click on the Sign In button.
  6. Go to Support, located at the bottom right of the application.
  7. Click on Install Certificate.
  8. Confirm the successful installation of the certificates, as shown in the image below. If you do not see the message, please contact your administrator immediately.
 
However, if you get the SSL Certificate Error while using the Timus Connect app, follow the steps below:
  • Click on the Support menu and select Install SSL Certificate.
  • If you cannot see the Certificate is Successfully Installed message, follow these steps:
 
  1. Login to my.timusnetworks.com/login with your account information,
  2. Download the SSL Certificate by clicking the Desktop icon,
  3. Open the downloaded certificate,
  4. Install the certificate,
  5. Select the Local Machine option,
  6. Click Next,
  7. Select Place All Certificates in the following store option,
  8. Select the Trusted Root Certification Authorities file as the place to store the certificate,
  9. Click OK > Next,
  10. Complete the process by clicking Finish on the screen that opens.

Silent Deployment Script

For Partners who would like to use a silent script to deploy through an RMM tool, please refer to the below article:

Timus Connect App for Microsoft Windows Silent Deployment Script

 

See more
Timus Connect App for Microsoft Windows Silent Deployment Script

NOTE:

Powershell Script - Windows
To run on a local machine without RMM, you may have to bypass the machine’s execution policy with:
powershell.exe -noprofile -executionpolicy bypass -file '.\Timus Silent Install.ps1'

 

Windows:

<#
Timus Connect Windows Installation Script
***Always review to make sure you know what a script is doing.***


* DISCLAIMER OF WARRANTIES:
*
* THE SOFTWARE PROVIDED HEREUNDER IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
* ANY WARRANTIES OR REPRESENTATIONS EXPRESS, IMPLIED OR STATUTORY; INCLUDING,
* WITHOUT LIMITATION, WARRANTIES OF QUALITY, PERFORMANCE, NONINFRINGEMENT,
* MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NOR ARE THERE ANY
* WARRANTIES CREATED BY A COURSE OR DEALING, COURSE OF PERFORMANCE OR TRADE
* USAGE. FURTHERMORE, THERE ARE NO WARRANTIES THAT THE SOFTWARE WILL MEET
* YOUR NEEDS OR BE FREE FROM ERRORS, OR THAT THE OPERATION OF THE SOFTWARE
* WILL BE UNINTERRUPTED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#####################################################################################
<#
1. Check to see if the application is already installed
If already installed, exits the script. Otherwise proceeds with section 2.
#>

$appName = 'Timus Connect'
$RegUninstallKey = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*'
$installedApplication = Get-ItemProperty -Path $RegUninstallKey | Where-Object {$_.DisplayName -like "*$appName*"}

if ($installedApplication) {
Write-Host "Application is already installed, exiting script"
}
else {
Write-Host "Application is not installed."
}

#####################################################################################
<#
2. Check to see if this is a desktop or laptop by looking for a battery

#!#! Delete this whole line if you want to disable this section #!#! #>

$systemType = "Unknown"
$BatteryStatus = (Get-WmiObject -Class Win32_Battery -EA SilentlyContinue).Status

if ($BatteryStatus) {
$systemType = "Laptop"
} else {
$systemType = "Desktop"
}
Write-Output "This device is a" $systemType

#2.1 At this time I am only automating the Timus installation on laptops

if ($systemType -eq "Desktop") {
Write-Output "The device is a desktop, exiting script."

}
else {
Write-Output "This is a laptop, proceeding with download."
}
#>

#####################################################################################
<#
3. Does the download destination exist?
If not, create download directory
Default download directory is "C:\temp\Timus Networks"
#>

$dlFolder = "C:\temp\Timus Networks"
$dlFolderTest = Test-Path -Path $dlFolder
$dlDest = "$dlFolder\Timus-Connect.exe"
$dlUrl = "https://repo.timuscloud.com/connect/Timus-Connect.exe"
$tempFolderExists = Test-Path -Path "C:\Temp"

if ($dlFolderTest -eq $true) {
Write-Output "Download directory exists, continuing with download."
}
else {
Write-Output "Download directory does not exist, creating directory"
New-Item -ItemType Directory -Path $dlFolder -Verbose -ErrorAction Stop
}

#####################################################################################
<#
4. Starting download to destination
Will try three different methods to download the file: Invoke-WebRequest, WebClient, and finally Start-BitsTransfer.
If all three fail, the script will exit with a failure.
#>

try {
Write-Output "Trying to download..."
Invoke-WebRequest -Uri $dlUrl -OutFile $dlDest
Write-Output "Invoke-WebRequest download was successful, moving on to installation..."
}
catch {
Write-Output "Invoke-Webrequest failed, trying webclient download..."
try {
$webClient = New-Object System.Net.WebClient
$webClient.DownloadFile($dlUrl, $dlDest)
Write-Output "WebClient download was successful, moving on to installation"
}
catch {
Write-Output "WebClient download failed, starting BitsTransfer..."

try {
Start-BitsTransfer -Source $dlUrl -Destination $dlDest
Write-Output "Downloaded successfully with BitsTransfer, moving on to installation..."
}
catch {
Write-Host "All methods failed. Unable to download the file. Exiting."
Exit 1

}
}
}

#####################################################################################
<#
5. Starts Installation of the Timus Connect App.
Upon error, the script will exit.
Checks registry for uninstall key for Timus Connect.

#>
Start-Process -Wait -FilePath $dlDest -ArgumentList "/S" -PassThru -ErrorAction Stop

#Check for successful install
$appName = 'Timus Connect'
$RegUninstallKey = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*'
$installedApplication = Get-ItemProperty -Path $RegUninstallKey | Where-Object {$_.DisplayName -like "*$appName*"}

if ($installedApplication) {
Write-Host "Application is installed."
} else {
Write-Host "Application is not installed."

}

#####################################################################################
<#
6. Performs cleanup of created files/folders
If download root existed prior to script, will only remove newly created folder.
For example, if C:\temp already existed, the script will only remove C:\temp\Timus Networks
and not C:\temp as a whole.

If download root did not exist, it will delete the whole folder

#>

if ($tempFolderExists -eq $true) {
Write-Output "Temp folder existed prior to download, only removing" $dlFolder
Remove-Item -Path $dlFolder -Recurse -Force
Write-Output "Cleanup complete, exiting..."
Exit 0
}
else {
Write-Output "Temp folder did not exist prior to script, deleting Temp folder..."
Remove-Item -Path "C:\Temp" -Recurse -Force
Write-Output "Cleanup complete, exiting..."
Exit 0

}
See more
Certificate Install Script for Microsoft Windows

This script is designed to automate the installation of a digital certificate into the "Trusted Root Certification Authorities" store on a local machine. It can be distributed and executed via Remote Monitoring and Management (RMM) tools, making it ideal for deploying trusted certificates across multiple systems in a managed environment.
 

# Path to the certificate file
$certPath = "C:\Users\username\Downloads\DESKTOP_CERTIFICATE.der"# Check if the file exists
if (Test-Path $certPath) {
# Import the certificate into the Trusted Root Certification Authorities store
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($certPath) # Add the certificate to the local machine Trusted Root store
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine"
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close() Write-Host "Certificate installed successfully."
} else {
Write-Host "Certificate file not found at $certPath. Exiting."
}        
See more
Timus Connect App for macOS® User Guide

This document is a guide explaining the use of the Timus Connect for macOS® application.

This application secures your connection by establishing an encrypted tunnel to the Timus Platform.

Timus Connect App supports macOS Monterey or higher versions.

Login

When installing Timus Connect App for the first time, the account must have administrator permission in order to install the application onto the device.

If Timus Connect App's background service is completely stopped for any reason, administrator permission will be required to access the application.

Administrator permission is not required for version updates.

  • Launch the application. You will see the End User License Agreement on the screen.
    end user license agreement.png
  • After reading the EULA by scrolling down, you will see I have read and agre to the EULA at the bottom of the agreement. Once you click on it, you will see the email field to sign in the Timus Connect Application on macOS
  • The login screen will appear. Enter the e-mail address of your Timus account.
  • In the next screen, Select a Network and enter your Password to login. If there is only one network, that network will be selected automatically.

If this account is synchronized from a directory service like Microsoft Entra ID(Azure AD), Okta, or Google Workspace, at this moment the login screen will be forwarded to the login screen of that directory service.

  • If you check the Keep me logged in option on this screen, the app keeps your login information for your next login.

If you trigger a user sign-in policy of Timus Manager with a behavior when you try to login, you may encounter a different authentication method like two-factor authentication.

The screen that opens is the application's main screen, you will see the following menu items:

  • Connection
  • Account
  • Settings
  • Support

Connection

Follow the steps below to establish a connection by using the Timus Connect Windows application:

  • Enter the login information provided by your company to connect you to the screen.
  • The Gateway/Connection screen will appear.
  • Here, you will need to select the Gateway. In the gateway selection list, the active sites to which the user is allowed to access will be available.

The round-trip traffic duration to each active gateway will be displayed next to the gateway. The lower the duration, the faster the connection.

  • If you want the application to select the gateway for the fastest connection by default, choose Select Fastest.
  • If you want to connect via a specific gateway, select this gateway from the drop-down list.
  • Click Connect and wait for the connection to be established. Connection information will be updated when Connected.
  • On the connection status screen, you can see the connection status, Private IP Address, and Public IP Address information.
  • To disconnect click on Disconnect.

Account

On the Account menu, you can

  • View your account name,
  • Manage Account to change your password and send a request to the admin regarding Always-on VPN disconnection,
  • Sign Out to end your login session.
    timus connect.png

Settings

On the Settings menu,

  • The Start on Boot feature allows the application to start when the operating system boots,
  • Connect on application start feature allows you to connect to your gateway automatically when you turn on your macOS,
  • With the Change tunnel mode feature, you can change the tunnel mode of VPNs such as WireGuard and OpenVPN.
    connect latest.png

If you are unable to modify or turn features on or off, it indicates that the administrator has closed that feature to user selection based on their preference.

Split tunnel configuration works on macOS when the tunnel protocol is WireGuard.

Support

On the Support menu, you can

  • Install certificate,
  • Give feedback,
  • Collect logs: When you click this button, a file containing application and system logs will be created in the file patch you specified. This file will mainly be used for support purposes when necessary.

Once you have any isues with the Timus Connect Application, you click on Collect log. it will want you to select a folder to create a log file, which will have all the .log files needed for troubleshooting. You can send the file to one of our technical support specialists to have it analyzed.

connect newest latest.png

You will get a notification message as shown in the image below once you click on Collect log. This process can take up to 10 seconds.

Once the log file has been successfully created, you will see the pop-up message as shown in the image below.

To install an SSL Certificate, follow these steps:

The SSL Certificate can be installed by clicking "Install Certificate" on the Support menu. However, in order for the SSL Certificate to function properly, its trust settings must be configured as follows.

  1. Navigate to the 'Applications' folder on your Mac. You can use Finder to find 'Application'.
  2. Inside the 'Applications' folder, find and open the 'Utilities' folder.
  3. In the 'Utilities' folder, select 'Keychain Access'.
  4. Once 'Keychain Access' is open, locate the search box at the top right corner.
  5. In the search box, enter the name of your SDN. In this example, our SDN name, which is the company name, is TimusNetworks. Please make sure that you enter your SDN name correctly into the search box.
  6. The corresponding certificate will appear in the search results. Select it.
  7. After opening the certificate, find and select the 'Trust' option. The detail page will be opened automatically. Please make sure that you have chosen the Trust on the dropmenu.
  8. In the 'Trust' settings, change the status to 'Always Trust'.


Please note that altering the trust settings of any certificate should be done with caution. Always ensure that the certificate is from a reliable source.

Silent Deployment Script

For Partners who would like to use a silent script to deploy through an RMM tool, please refer to the below article:

Timus Connect App for MacOS Silent Deployment Script
See more
Timus Connect App for MacOS Silent Deployment Script

Note:

Bash Script - Mac
Ensure the script has execute permissions by using the following terminal command:
chmod +x /path/to/script.sh

 

Mac:

#!/bin/bash

# Check if the machine is a MacBook (laptop)
MODEL_IDENTIFIER=$(system_profiler SPHardwareDataType | awk '/Model Identifier/ {print $3}')
if [[ ! "$MODEL_IDENTIFIER" =~ "MacBook" ]]; then
echo "This script is intended for MacBook models only."
exit 1
else
echo "Thank you for using Timus ZTNA. Your secure remote access will be enabled shortly."
fi

# Specify the name of the app to check if it's installed
APP_NAME="Timus Connect.app"
APP_PATH="/Applications/$APP_NAME"

# Specify the URL and local directory and path for the .pkg
PKG_URL="https://repo.timuscloud.com/connect/Timus-Connect.pkg"
PKG_DIR="/tmp/Timus-Connect"
PKG_LOCAL_PATH="$PKG_DIR/Timus-Connect.pkg"

# Check if the app is already installed
if [ -d "$APP_PATH" ]; then
echo "$APP_NAME is already installed."
else
echo "$APP_NAME is not installed."

# Create the directory if it doesn't exist
[ ! -d "$PKG_DIR" ] && mkdir -p "$PKG_DIR"

# Download the .pkg file from the specified URL
echo "Downloading $PKG_NAME..."
curl -o "$PKG_LOCAL_PATH" "$PKG_URL"
if [ $? -eq 0 ]; then
echo "Download successful!"

# Install the .pkg
echo "Installing $PKG_NAME..."
installer -pkg "$PKG_LOCAL_PATH" -target /
if [ $? -eq 0 ]; then
echo "Installation successful!"

# Open the app
echo "Opening $APP_NAME..."
open "$APP_PATH"

# Optionally, you can clean up by removing the downloaded .pkg
rm "$PKG_LOCAL_PATH"
rmdir "$PKG_DIR" # This will only remove the directory if it's empty

else
echo "Error during installation."
fi

else
echo "Error downloading $PKG_NAME."
fi
fi

exit 0
See more
Create User(s)

There are three methods for creating users: manually, through importing, or by using directory synchronization

IDP Integrations:

Follow these steps to manually add new user(s) on your network with Timus Manager:

  1. Go to Timus Manager > Users & Teams page.
  2. Click the Create User button in the upper right corner of the page.
Enter a First Name and Last Name.
  1. Enter an Email address.
  2. Select the Status as Active or Inactive.
  3. Assign the user to a Team like Sales or Unassigned if needed.
  4. Select Allowed Sites for secure remote access. You can select multiple sites for the user to connect or All to include all Allowed Sites instead of selecting them one by one.
  5. Click the "Save" button to complete the process. It is important to note that activation emails will be automatically sent to the users that are imported.
              • The created user will be notified by email.
  6. Once you click on Set Password, you will be forwarded to the page, which you can set your password.
  7. On this page, you can set your password depending on Password Policies defined by the network admin.
  8. While setting or resetting your user's password, you may see the pop-up as shown in the image below.
  9. If you have seen the pop-up above while setting or resetting your user's password, you need to check your password policies as shown in the image below. There 5 password policies, which can cause Invalid Password issue.

In this example, I have used "john" in my password. Therefore, I have seen Invalid Password pop-up on my screen.

You need to set your Password Policies, which totally depend on the network admins, for the users.

Import Users

  • Within the Users tab, you can take advantage of the convenient Import and Export functionality for users in CSV format.
  • This enables you to easily transfer multiple users in a single step, as opposed to the laborious task of manually adding them one by one.
  • This valuable Import Users feature saves you time and simplifies the management of users within your network.
    1. Click the Import button on the Users tab.
    2. You can view the Timus_Users_Sample document by clicking Download Sample text in the upper left corner of the pop-up window.
    3. To import users, you have two options. You can either drag and drop the CSV document onto the designated area on the screen, as shown in the image below, Or you can simply click on the area to browse for the document. Please note that the maximum file size allowed for import is 5MB.
Pay attention to the following points for the CSV document you will prepare:
  • First Name, Last Name, and E-mail fields must be filled.
  • Up to 70 characters can be entered in the First Name and Last Name fields.
  • Up to 120 characters can be entered in the E-mail field.
  • Remote Access Sites must be one of the sites in the system, or you can leave them empty.
  • Teams that are not in the system will be created as new teams.
  • Team fields can be empty.
  • You can upload up to 500 users at a time.
  • Users whose Remote Access Sites field is empty will not be able to establish a remote connection.
  • Multiple sites in the system can be entered in the Remote Access Sites fields by placing a comma (,) between them.
After successfully importing your users to Timus Manager, you have the option to export them as Timus Users directly from your network.
Inactive accounts are not able to login to the system, and do not consume user subscriptions.
Timus will scan the dark web for users with disclosed or breached email addresses. If scan discovers email exposure, the warning below will arise upon attempting to save.

Account Security as a part of Vulnerability Assessment

If the Account Security window appears on your screen with the Breaches tab, you can view this informational text and important data about past breaches:
"It has been determined that the e-mail address in this account has been included in the following data breaches that have occurred before. A data breach is an event in which data is accessed and exposed in an unauthorized manner, usually due to inadequate access controls or security weaknesses in software."
  • During this step, an Account Security window will appear as part of Timus's Vulnerability Assessment, presenting you with two options:
  • If you select the Cancel option, the user will not be created due to being breached, and you wil go back to the Create User screen again automatically.
  • If you choose to Continue, the user will be created. We strongly advise you to carefully review the list of Breaches, which includes details such as the Source, Domain, Data Classes, Data Count, and Date. This information will help you make an informed decision about the user's security.
The breached email address check does not include a check for breached or disclosed passwords.
See more
Timus Support : Timus Networks: How to Create Agent Profiles for Adjusting User Behaviors

 

How to Guide:

Creating and managing agent profiles in Timus Networks helps in effectively controlling and optimizing user behaviors on your network. By following these steps, you can ensure that network policies are enforced and user experiences are tailored to your organizational needs. If you need further assistance, please feel free to reach out at any time.

 

Step 1: Log in to the Timus Mange Portal


Step 2: Navigate to the “ Users and Teams “on the Left-Pane

Step 3: Click On “ Agent Profiles ”on the Middle Pane

Step 4: Click " Create New "

Step 5: Fill the Template

Step 6: Choose the Desired Operating System to Apply the User Preferences

Step 7: Select the Agent Profile Rules You Want

Step 8 : Click on “ Confirm “ to Create the Profile

Step 9: Elevate the New Profile to the Upper Section Amidst Existing Profiles by Utilizing the Directional Arrows to Ascertain Its Position within the Hierarchy.

Step 10: Make Sure That All the Changes Are Applied to the User Account

 

NOTE: Users are required to disconnect and reconnect in order to access the updated settings.

 

Conclusion:

The introduction of a new Agent Profile functionality empowers administrators with granular control over user machine configurations, facilitating seamless integration of preferred rules tailored to organizational needs. This feature encompasses a spectrum of customizable parameters including tunnel type selection, startup configurations, administrative approval requirements for user logins and logouts, and the implementation of productivity tracking mechanisms. By leveraging this advanced toolset, administrators can optimize operational efficiency, enhance security protocols, and streamline user experiences within the system.

See more
Manage Users

This article contains guidance on managing users, executing bulk actions, and resetting passwords.

 

Users and Teams Bulk Actions

  • You can select multiple users on the Users tab on the Users & Teams page and take the desired action on the users at the same time.
  • To take bulk action on multiple users, click Users & Teams in the left-side navigation.
  • The Users tab appears. From this screen, select the users you want to take action on.
  • The bulk Actions menu appears above the devices list. Select the action you wish to take (Reset Password, Reset 2FA, Ban/Unban, Delete) from the Actions drop-down menu:
     
 

Edit Settings

 

Account Status

  • Keep Existing Settings: This action will not affect the status of the selected users.
  • Activate All: The status of the selected users will be set as active.
  • Deactivate All: The status of the selected users will be set as inactive.
 

Team

  • Keep Existing Settings: In this case, you do not need to make a selection.
  • Replace All with: Select a team from the dropdown menu. This team will be assigned to all users, including unassigned users.
  • Remove These from All: You can select more than one team from the dropdown menu on the right. The selected teams will be removed from the selected users, and these users will be classified as unassigned in your network after saving the changes.

Tags

  • Keep Existing Settings: The existing tags of users in your network will not be affected by this action.
  • Add to Existing: The existing tags of users in your network will not be affected by this action. In addition to these tags, the tags you choose from the dropdown menu below will be included in the user's account.
  • Replace All with: The existing tags of the selected users will be replaced with the tag you choose. However, the automatically assigned tags of the users you synchronize with Timus using Integrations will not be changed.
  • Remove These from All: These tags will be removed from the selected users.
     

Allowed Sites

  • Keep Existing Settings: The existing sites of users in your network will not be affected by this action.
  • Add to Existing: The existing sites of users in your network will not be affected by this action. The site you select will be added alongside the current sites of the selected users.
  • Replace All with: The current sites of the selected users will be replaced with the site you select from the options provided.
  • Remove These from All: These sites will be removed from the selected users.
     

Ban/Unban

 
With the 'Ban/Unban' action, you have the ability to restrict users from accessing your network. Whether it is for a specific duration, custom or an permanent period, you can prevent individuals from entering your network.
 
This functionality can be used for both individual users and multiple users.
 

Reset Password

Selecting the 'Reset Password' action will reset the password for the selected users. An email will be sent to guide them through the process of creating a new password.

 

Reset 2FA

Selecting the 'Reset 2FA' action will reset the two-factor authentication code for the chosen users. Timus will then send an email to guide them through the process of setting up two-factor authentication.
 
The user sign-in policies in Zero Trust Security require users to use two-factor authentication.
 

Drop Connection

You can manually activate the 'Drop Connection' action if you detect any suspicious activity. This will safeguard your network's security by quickly responding to potential threats.
 

Delete

You can delete multiple users from your network all at once using the 'Delete' action.
See more
Agent Profiles
All users, all teams and all tags will be selected automatically here for you. Also, you will not be able to take any actions on any fields here but Description field, because this is a Default Agent Profile.
Once you create a new Agent Profile, you are able to change all the fields however you want

Windows and MacOS:

This article explains the process of creating and managing Agent Profiles on the Users & Teams page.

  • To manage the Agent Profiles, you can go to Users & Teams > Agent Profiles and you can click on 3 dots to edit the Default Agent Profile or you can create a new Agent Profile if needed.
 
 
  • The Agent Profile page has a drag-and-drop feature, allowing you to prioritize a profile by moving it to the top. Once you move the Agent Profile test to top as shown in the image below, you need to Apply Order to save the configurations.

  • Once you click on 3 dots to edit the Agent Profile, you will see 5 tabs, Source, Windows, MacOS, Android, iOS.

Source

  • All users, all teams and all tags will be selected automatically here for you. Also, you will not be able to take any actions on any fields here but Description field, because this is a Default Agent Profile.
  • Once you create a new Agent Profile, you are able to change all the fields however you want
 

Windows and MacOS:

  • You can decide the Tunnel Protocol, WireGuard or OpenVPN, as default here.
  • If you want to let the users decide the options such as Tunnel Protocol, you can click on User can modify. As long as User can modify has been marked, the users will be able to decide the options.
  • If you don't want to let the users decide the options, you can keep User can modify unmarked so that you will be able to force them to use whatever you have decided on the Agent Profiles
  • Start on boot: When enabled, the Timus Connect App will start when the device boots.
  • Connect on application start: When the device is turned on, it will automatically connect to the selected or last connected gateway.
  • Always-on VPN: Enabling Always-on VPN will allow admins to control users' ability to disconnect VPN in Timus Connect app. 'Users cannot disconnect' means users cannot disconnect. 'Users can disconnect with admin approval' means users must submit a request to disconnect, and admin must approve the request. 'Users can disconnect without admin approval' means users must submit a request to disconnect, and request is automatically approved, without the need for admin approval. One request is valid for one disconnect only.
  • You can see the admin approvals for Always-on VPN on the page Insights -> Alerts -> Requests.
  • Trusted Networks: When a device is connected to a trusted network, VPN will automatically disconnect as this is recognized as a secure environment.
 
  • Productivity tracker: If this is enabled, application usage tracking of the user will be enabled. Otherwise tracking will be disabled.
  • Enforce local DNS responder: When enabled, Timus Connect agent will resolve DNS queries locally. When disabled, it will disable domain-based split tunneling.
  • Auto Update: When enabled, Timus Connect application will automatically check for updates.

Start on boot, Connect on application start, Always-on VPN, Trusted Networks and Productivity tracker options are only available on Windows and MacOS.

 

Android and iOS:

  • You can decide the Tunnel Protocol, WireGuard or OpenVPN, as default here.
  • If you want to let the users decide the Tunnel Protocol, you can click on User can modify. As long as User can modify has been marked, the users will be able to decide the Tunnel Protocol. vv
     
     
 
See more
Password Policies

This article explains the process of managing Password Policies on the Users & Teams page.

  • To manage the Password Policies, you can go to Users & Teams > Password Policies and you can click on Edit button to edit both Policy for All Administrators and Policy for All Users
 

Policy for All Administrators:

This password policy applies to all administrator accounts of the management portal.

Policy for All Users:

This password policy applies to all user accounts that require a Timus password. Users that single sign-on with their third party Identity Provider accounts do not have Timus passwords, thus they are not bound by this policy.

Active Rules:

We have 11 password policies. 6 of them are active and 5 of them are inactive in default as shown in the images below. You are able to change the password policies however you want

Once you click on Edit, you will be able to configure the policies however you want.

Minimum character length

This will be active all the time. You are able to change the minimum character length, which is 8 in default, to any numbers that you want.

Minimum number of lower case letters

We recommend using at least 1 lower-case letter to make the passwords stronger.

Minimum number of upper case letters

We recommend using at least 1 upper-case letter to make the passwords stronger.

Minimum number of digits (0-9) We recommend using at least 1 digit to make the password stronger.

Minimum number of special characters

If selected, password must include special characters such as !@#$-%&*+. We recommend using at least 1 special character to make the password stronger.

Maximum number of consecutive digits

For example; if 3 is selected, up to 3 consecutive digits such as 01, 012, 123, 456, 789 can be included in the password, 4 consecutive digits like 0123 cannot.

Cannot use commonly used passwords

Commonly used passwords can be very easily detected by automated tools of bad actors, thus using them leads to a vulnerability. This check is insensitive for upper-case and lower-case letters.

Cannot contain keywords

You can add the keywords, which you don't want the users/admins to use in their passwords, into here so that the users/admins are not able to use these keywords. Maximum 10 keywords can be entered.

Cannot contain first part of user's email address

For example, the password of the user with the email address johndoe@abc.com cannot contain the text 'johndoe'.

Cannot contain user's first name

If you activate this, the users/admins will not be able to use their user's first name in their passwords. This check is insensitive for upper-case and lower-case letters.

Cannot contain user's last name

If you activate this, the users/admins will not be able to use their user's last name in their passwords. This check is insensitive for upper-case and lower-case letters.

Password expires in

Entered value will be set as the administrator's password expiration limit. Minimum value is 1 day and maximum value is 10.000 days.

See more
Productivity Tracker
This articles explain the process of using and managing Productivity Tracker on the Users & Teams page.
If Productivity Tracker is enabled, application usage tracking of the user will be enabled. Otherwise tracking will be disabled.
This feature is only available on Windows and MacOS.
  • To activate Productivity tracker, you need to go to the page Users & Teams -> Agent Profile -> Edit Default Profile or create a new Agent Profile by clicking on Create New button at the top right of the screen as shown in the image below
  • Once you click on Edit the Default Profile, you will see the pop-up as shown in the image below. You will not able to change Users, Teams and Tags here. They have already been selected as all users, teams and tags due to being the Default Profile. If you want to specify these such as selecting specific users, teams or tags, you need to create a new Agent Profile.
  • Once you select one of the tabs, Windows or MacOS, at the top of the pop-up screen, you will see the screen where you can enable/disable the Productivity tracker as shown in the image below.
This feature does not provide User can modify option. Therefore, if it is enabled by the admin, the users, selected by admin, will be tracered
  • To analyze the data belonging to the users of Productivity tracker, you need to go to the page Users & Teams -> Users -> select a user here -> click on 3 dots on the right of the user row -> View as shown in the image below.
 
  • Once you click on View, you will see the page as shown in the image below to be able to analyse the Productive, Unproductive and Neutral tabs regarding the Productivity tracker.
  • Windows: Certain security applications, such as Kaspersky and McAfee, may interfere with the functionality of the Productivity Tracker feature, specifically C:\Program Files\Timus Connect\resources\service\lib\active-win\active-win-windows.exe process. To ensure proper operation, verify that this executable is not obstructed by any Endpoint Protection Platforms (EPPs) or other security software. It is crucial to whitelist active-win.exe in your security configurations.
  • macOS: To prevent any interference with the Productivity Tracker, please ensure that the Timus Connect Application has been granted Full Disk Access, Accessibility, and Screen Recording permissions as illustrated in the accompanying image. Failure to provide these permissions may result in suboptimal performance of the Productivity Tracker. If you use Privilege Manager, please ensure that the Timus Connect Application is whitelisted.

 
See more
SAML Integration for JumpCloud

This guide will walk you through the process of integrating JumpCloud with Timus using SAML 2.0 for secure Single Sign-On (SSO). Follow these steps to configure your JumpCloud application and complete the setup within Timus Manager.

1. Creating an JumpCloud Application

  1. Navigate to Applications

  2. Create a New Application

    • If this is your first application, click Get Started. Otherwise, click Add New Application.
    • Search for SAML 2.0 in the application search bar and select it.

    • Click Next and give your application a name in the Display Label field.
    • You can also upload a custom logo for the app if necessary.
    • Click Save Application.

2. Configuring SAML Settings

After saving, you will be directed to the configuration screen.

  1. IdP Entity ID and SP Entity ID: Paste JumpCloud’s provided IDP URL (visible in the SSO tab).

    Untitled.png

    Untitled.png

  2. ACS URLs: Default URL: https://auth.timuscloud.com/user/external/saml

  • Subject NameID: Set NameID to email

  • NameID Format: Select urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
  • Signature Algorithm: Set to RSA-SHA256

  • Signing Option: Choose “Assertion and Response”.

3. Adding User Attributes

  • Click Add Attribute to add required user attributes like firstname and lastname.

Untitled.png

4. Assigning User Groups

  • Navigate to the User Groups tab and select the user groups that will have access to this SAML application.
  • Click Save.

3. Configuring Timus Manager for SAML

  1. Access Timus Manager:

    • Sign in to Timus Manager.
    • Go to Settings -> Integrations.
  2. Manage SAML 2.0 Integration:

    • Click Manage under SAML 2.0.
    • Fill in the fields according to the mapping provided in the table below.
    JumpCloud Name Timus Equivalent
    IDP URL Identifier
    IDP URL Service URL
    IDP Certificate X.509 Certificate

    Untitled.png

    Note: The IDP Certificate can be downloaded under the SAML Certificate section in JumpCloud. Make sure to use the Hex format certificate.

This completes the SAML configuration for JumpCloud with Timus. Your users can now authenticate securely through JumpCloud to access Timus applications.

4. Test the Application

  • Once the configuration is complete, navigate to console.jumpcloud.com/userconsole with a test user.
  • Log in using the assigned user credentials.
  • Click on the SAML application you just created.
  • Ensure that the user is redirected to Timus, and the sign-in process completes without requiring separate credentials.
  • If everything works as expected, the user will be successfully created in Timus, and subsequent logins can be done directly from Timus.

Note: Initial login must happen through JumpCloud’s application to create the user in Timus.

See more
Timus SASE Integrations

 

1. Identity Providers & Authentication

  • Active Directory (on-prem)
    Synchronizes users and groups from Active Directory, enabling users to log in using their AD credentials. Centralizes user management for seamless access with AD-based authentication.
  • Google Workspace
    Syncs Google Workspace users and groups with Timus, supporting login through Google Workspace credentials. Simplifies user management for organizations using Google Workspace, ensuring consistent access controls.
  • Microsoft Entra ID (cloud)
    Integrates Microsoft Entra ID users and groups with Timus, allowing Entra ID credential sign-in. Suitable for enterprises using Microsoft’s identity solutions to enable secure access.
  • Okta
    Syncs users and groups from Okta, permitting sign-in using Okta credentials. Provides robust identity management and access control for organizations with Okta as their primary identity provider.
  • SAML 2.0
    Supports secure single sign-on (SSO) integration, allowing users to authenticate using external identity providers once and access their cloud network on Timus. Enhances security and user convenience through centralized authentication. For example, integrating Timus with JumpCloud via SAML 2.0 allows JumpCloud-managed users to log into Timus with their JumpCloud credentials, streamlining access and enhancing security with centralized identity management.

2. Endpoint Protection Platforms

  • BitDefender
    Synchronizes BitDefender endpoint protection data with Timus to analyze device posture and security compliance. Monitors endpoint security status, critical for enterprises needing endpoint-level protection insights.
  • Heimdal
    Syncs Heimdal endpoint protection status with Timus, enabling device posture analysis across connected endpoints. Ensures devices meet security standards, aiding in endpoint compliance.
  • Microsoft Defender
    Integrates with Microsoft Defender to monitor and analyze device posture for each endpoint connected to Timus. Essential for businesses with Microsoft Defender, allowing continuous device health and posture assessment.
  • SentinelOne
    Connects SentinelOne endpoint protection to Timus, providing detailed analysis of device posture and security status. Suitable for organizations using SentinelOne, enabling real-time device compliance and risk monitoring.

3. Notifications

  • Slack
    Allows Timus to push notifications to a specified Slack channel about user, device, or network threat events. Ideal for teams using Slack for real-time communication, providing visibility into security and user activity alerts.
  • Telegram
    Enables a bot to send notifications on network activity, device events, or threat alerts directly to a Telegram channel. Ensures rapid dissemination of critical security updates for organizations using Telegram.

4. Data Synchronization

  • Google Sheets
    Provides the ability to export network user data or device sign-in/sign-out logs into Google Sheets for analysis. Facilitates data tracking and reporting by consolidating user activity logs and device information into an accessible format.

5. Billing Integration

  • Connectwise PSA
    Streamlines invoicing and billing processes for MSPs, ensuring accuracy by syncing product catalogs and usage data directly with ConnectWise agreements. This reduces manual input, saving time and reducing the risk of errors. With the integration, MSPs can anticipate smoother billing operations, thanks to automated syncing of product and usage data. This integration provides seamless invoicing management, allowing partners to focus on customer success rather than manual billing tasks.

 

See more
(AD) Active Directory

This article explains the process of synchronizing your Active Directory users and groups with Timus Manager

To use this integration, you must install the Directory Connector Agent to your main Active Directory server. This agent will sync your AD with your Timus Manager account.
Before initiating the synchronization process and downloading the agent, follow the steps below:
  • Create API Access by going to Timus Manager -> Settings -> Configuration -> API Access tab.
  • Click Create API Access on the top right of the page.
  • Enter a Title.
  • Choose the Application Type. (Active Directory/ Custom)
  • Click Save.
 
  1. After creating an API Access, you will view the required information to log in to Directory Connector.
  2. Copy and Save this Client ID and Client Secret you see on the screen.
  3. Go back to the Active Directory integration screen and click on Download Agent.
  4. Open Timus Directory Connector Agent.
  5. Enter the key and secret here.
  6. Click the Sign in button.
 
  1. When you open the Timus Directory Connector, you will be presented with the main screen that features two tabs: Sync and Logs.
  2. Enter the requested AD domain and admin credentials in the Synchronization tab.
  3. Click Save.

In the Logs tab, you can view all traffic on the agent under Log Time/ Type and Details parameters.

 
  1. Navigate to the Active Directory integration area in Timus Manager and enable the Synchronization Status.
  2. Groups transferred from the directory can now be viewed here.
  3. Map groups with Timus Manager.
  4. Select the Remote Access that users will be able to connect to.
 
Select the sites that users will be able to connect. This selection only applies during the initial synchronization of a user. You can change the allowed sites of the existing users in user settings or bulk actions.
The synchronization process may require up to 30 minutes, but it could potentially take longer.
The duration of the synchronization depends on the amount of information you are synchronizing from Active Directory.
See more
Bitdefender for Endpoint Integration Guide
  1. Log in to BitDefender GravityZone:
  2. Navigate to API Keys:
    • Once logged in, click on your username at the upper right corner of the console and select 'My Account'.
    • Go to the 'API keys' section.
  3. Generate an API Key:
    • Click on the 'Add' button in the API keys section.
    • Enter a description for the API key and select the Network API.
    • Click 'Generate'. Ensure you copy and save your API key as it is crucial for the integration.
  4. Copy the Management URL:
    • The Management URL is generally the URL you use to access the GravityZone control panel, like https://cloud.gravityzone.bitdefender.com
    • You might also find the specific API endpoint URLs under the API section if your integration requires targeting specific services.
  5. Enter your details in Timus Manager portal:
    • To be able to enable Bitdefender you need to go to the page Settings -> Integrations and click the “Enable” button of Bitdefender integration.
    • Enter your API Key and Management URL, and click the “Confirm” button.

To integrate Bitdefender for using the getManagedEndpointDetails and getEndpointList API calls, you need to follow these steps:

1. Obtain API Access

Step 1: Access the Bitdefender GravityZone Console

  • Log in to your Bitdefender GravityZone console.

Step 2: Create an API Key

  • Navigate to the API section in the GravityZone console.
  • Generate an API key if you don't already have one.
  • Note down the API key as you will need it to authenticate your API calls.

2. Assign Necessary Permissions

To use the getManagedEndpointDetails and getEndpointList API calls, ensure the API key has the following permissions:

  • Endpoints: Read access to retrieve endpoint details.
  • Network: Read access to retrieve the list of managed endpoints.

3. Permissions Summary

Ensure your API key has the following permissions:

  • Read access to the Endpoints and Network sections in the Bitdefender GravityZone console.

By following these steps, you should be able to integrate Bitdefender and use the getManagedEndpointDetails and getEndpointList API calls effectively.

  • Endpoints: Read access to retrieve endpoint details.
  • Network: Read access to retrieve the list of managed endpoints.
  • Read access to the Endpoints and Network sections in the Bitdefender GravityZone console.

Now, you are ready to integrate with Timus. Please continue the article below to complete the integration. Device Posture Check and EPP

See more
Device Posture Check and EPP
This article explains the process of enabling EPP and Device Posture Check configurations on Timus Manager.
  • Please complete the EPP integration guide(s) below before taking any actions on the Timus Manager. Without taking the needed permission configuration actions of the EPPs below, the EPP integrations will not work as expected.

Microsoft Defender for Endpoint Integration Guide

SentinelOne for Endpoint Integration Guide

Bitdefender for Endpoint Integration Guide

  • To be able to enable the EPPs, BitDefender, SentinelOne or Microsoft Defender, you need to go to the page Settings -> Integrations.

BitDefender:

  • Once you enable BitDefender, you need to enter the API Key and Management URL to activate it. After entering the needed fields, you need to click on Confirm.

SentinelOne:

  • Once you enable SentinelOne, you need to enter the API Key and Management URL to activate it. After entering the needed fields, you need to click on Confirm.

Microsoft Defender:

  • Once you enable Microsoft Defender, you need to enter the Tenant ID, Client ID and Client Secret to activate it. After entering the needed fields, you need to click on Confirm.
  • After enabling the EPP, you will be allowed to configure the Device Posture Checks. In order to configure it, you need to go to the page Zero Trust Security -> Device Posture Checks.
  • If you want to create new Device Posture Checks, you need to click on Create New as shown in the image above. If you have already got some Device Posture Checks, it will be listed as shown in the image above as well.
  • Once you click on Create New, you will see the page as shown in the image below. This page has 2 tabs, General and Attributes. Without entering the field on the tab General, you are not allowed to skip to the Attributes tab.

Assigned Operating Systems:

Select the operating system for which you wish to perform device posture check. Please note that only one posture check can be created for each operating system.

  • Windows
  • macOS
  • Linux
  • Windows Server
  • iOS
  • Android
  • After you assign the Operating System and enter the required fields, you can click on Save. You will be able to configure the tab Attributes now. You need to click on Add Attribute as shown in the image below.
  • Device Posture Check will fail if any attribute value is missing: Enable this option to fail the device posture check if any attribute values are missing, ensuring only complete datasets pass the check.

Data Source:

Select the source from which the attribute data is retrieved. This data source provides the information used to evaluate the device posture.

  • BitDefender
  • Microsoft Defender
  • SentinelOne

Attribute:

Choose the specific attribute that is gathered from the data source.

The Attributes if the Data Source has been selected as either BitDefender or Microsoft Defender.

  • Antivirus Agent Outdated
  • Antivirus Agent Signature Outdated
  • Antivirus Agent Signature Update Disabled
  • Antivirus Agent Update Disabled
  • Device Infected
  • Disk Encryption
  • Agent Installed
  • Malware Detected
  • Operating System
  • Risk Score

The Attributes if the Data Source has been selected as SentinelOne.

  • Antivirus Agent Outdated
  • Device Infected
  • Disk Encryption
  • Agent Installed
  • Operating System

Condition can be is any of or is equal to depending on the Attribute you have selected.

Pass Value: Define the expected value that the attribute must have to pass the check. It can two options, True and False.

After you define the Attribute successfully, you will see a pop-up as shown in the image below.

After completing the Device Posture Checks process, you can use ZTNA to apply some policies for the users. To be able to do it, you need to go to the page Zero Trust Security -> Behaviors -> Create New as shown in the image below.

Once you click on Create New, you need to enter a Name and select Device Posture Check as a Type.

And, you need to select your Device Posture Check, which you have named it, and decide if the Trigger is Passes or Fails as shown in the image below.

After creating the behavior, you need to go to the page Zero Trust Security -> User Sign-in Policies -> Create New as shown in the image below.

After clicking on Create New, you will be able to see the pop-up, which will allow you to define some ZTNA policies based on the behavior, which you have created, based on the Device Posture Check.

You can modify the example policy as shown in the image below according to your needs.

Here is an example ZTNA policy based on the Device Posture Check below.

If you would like to get more details regarding ZTNA policies in general, you can take a look at the article User Sign-In Policy.

 
See more
Google Sheets

This article explains the process of enabling Google Sheets on Timus Manager.

Timus Manager integration lets you import network users or device login/ logout activities to Google Sheets.
  1. Click Enable.
  2. Click the Authorize button.
  3. This will redirect you to the page where you can complete the synchronization of your Google account with Timus.

See more
View ZTNA Dashboard

This article explains how to access data on the ZTNA Dashboard and enhance productivity and security by leveraging all available information in zero trust scenarios.

The Zero Trust Network Access (ZTNA) Dashboard provides a complete overview of all user and admin events within your network, all displayed on one page.

To filter the data displayed in widgets, start by using the User & Admin Events filter and the time filter located in the upper-right corner of the ZTNA Dashboard.

Access the information on successful logins, failed logins, high-risk login attempts, lockouts for failed logins, sign-in rule denies, and sign-in locations on graph and a map.

  • You can also access the locations of all events using the map in the Sign-In Locations widget.
  • To zoom in on the map, use ctrl+ scroll. In addition, you can view the event types included in the widget by using the map filter in the upper-right corner.
  • Double-click the purple number icons on the map to access login information such as the username, public IP, location, and time.
  • For a better view, use the Keyboard Shortcuts dialog located in the lower-right corner of the map.
  • By clicking on the widgets, you will be directed to the Events page where you can see all the User Events and Administrator Events, including their respective details with the IP Intelligence information about their device. Click the View Events page to see more.
See more
User Sign-In Policy

This article will guide administrators on how to create behavior-based, user sign-in policies Timus ZTNA.

Timus ZTNA offers a unique and improved access control method that allows businesses to expand without compromising the fundamental security of their network, which includes infrastructure, applications, data, users, and devices.

  • In the "User Sign-in Policies" page, you can see the following information from left to right: Name, Description, and Status of both default and custom policies.
  • You can use the search filter in the upper left corner to find and adjust policies quickly.

The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other User Sign-In policies.

It means that you are able to prioritize the Timus ZTNA rules by yourself.
  • To create a custom policy for a user, click the "Create User Sign-in Policy" button on the right side of the page.
  • The total number of policies defined in your network will be displayed just below.
  • To manage a policy, click the ellipsis icon located at the end of its general details.
  • From here, you can edit the policy or create a new one using the Copy feature.
  • Additionally, you have the option to Activate/Deactivate or Delete the policy.

You can Deactivate the default user sign-in policy.

To create a new User Sign-In/Login Policy, follow these steps:

  • Go to the Timus Manager -> Zero Trust Security -> User Sign-In Policies page.
  • Click the "Create User Sign-In Policy" button on the right side of the page.

A pop-up window will appear with the following tabs:

  • Source,
  • Condition,
  • Action,
  • Alerts & Notifications.

On the Source tab:

  • Enter a Name and Description for the policy you are creating. For example, "Default User Sign-In Policy" or "Default User Sign-In Policy for High-Risk Attempts."
  • Click "Select" and choose the Source as User/Team/Tag or Public IP.
  • Enter a Description based on the Source type you selected.

If necessary, you can select multiple sources to apply to the policy.

On the Condition tab,

  • Choose the Authentication method that you prefer to verify the source of your policy, whether it's Any, Connect App, or User Portal.
  • Set the risk level to Any, High, Medium, or Low.
  • Select the Behavior on which this policy will be applied.
  • Click on + Add Behavior. You can select multiple behaviors to trigger the policy.

Schedule the policy.

When "All Selected Behaviors" is chosen, all selected behaviors such as Untrusted IPs, New Device, and Breached E-mail Address must be active simultaneously for the policy to take action.

When "Any Selected Behavior" is chosen, at least one of the selected behaviors must be triggered by the policy to take the action.

You can consider All Selected Behaviors like "AND &&" and Any Selected Behaviors like "OR ||" as in coding language.

Experience the user-friendly interface of Timus by hovering over the info icons on the policy creation screen:

When you add a behavior to the policy with the add behavior button on the screen and hover over that behavior, you can view the brief explanation about the behavior you added:

On the "Action" tab,

  • You can determine how the system should respond when a certain behavior triggers a policy.
  • The system offers various actions, including Allow, Deny, Ban, MFA-Email, MFA Authenticator App, Deny and Block IP, and Ban and Block IP.
  • You can select multiple actions for multi-factor authentication which are numbered on the left side of the tab: If you select MFA-Authenticator App and MFA-Email actions, you will have the option to add more actions for login attempts.
  • This means that if the first authentication step fails, you can enable another action and send two-factor authentication setup introductions to users.

Select an action from the drop-down list.To set Alerts and Notifications for your policy,

  1. Go to the tab on the policy screen,
  2. Enter a title for the alert and select the severity (High, Medium, or Low).
  3. To activate the alert, make sure the Status is switched to ON.
  4. Specify which Result Conditions will trigger the alert, such as Successful, Failed, or Timeout.
  5. To create a notification, click on "Notifications" and enter a Title.
  6. Select the severity (High, Medium, or Low) and turn the Status ON to enable the notification.
  7. Specify the Result Conditions that will trigger the notification (Successful, Failed, or Timeout).
  8. If necessary, you can check the box labeled "Notify Users Matching Conditions" to notify policy-bound users.
  9. Additionally, you can specify recipients for the notification by choosing between administrators or external users. It is possible to assign multiple recipients to the policy.
  10. If you select administrators, all admins in the system will be listed, and you can choose "All Administrators."
  11. If you select External user, enter their Name and Email Address.
  12. To delete a recipient, simply click x at the end of the line.
  13. Once all the required information is entered, click "Confirm" to create your user sign-in policy with Timus ZTNA.
  • To edit the default policy on the page, click on the ellipsis icon located on the policy row and select "Edit" from the mini drop-down list.
  • Once you have made the necessary changes to the policy configuration and click Confirm, you can reapply it to Timus ZTNA with your updated settings.
  • You also have the option to create a similar policy with minor adjustments using the Copy feature in the list.
See more
Create Behavior

To add customized behaviors to your network, visit Timus Manager, then select Zero Trust Security> Behaviors. This allows you to expand on the default behaviors provided by ZTNA for more comprehensive risk assessments in network use cases.

To find your network's pre-configured behaviors, go to the Name and Details parameters page. These behavior settings are already set up for your network and can be viewed and adjusted if necessary.

The general information of the default behaviors displayed on the page are as follows:

  1. New Device - Default Compare with the last 10 authentications.
  2. Out of Radius - Default When the Radius from the location is 50 miles. Last 3 locations
  3. New Country - Default Compare with the last 5 authentications.
  4. Impossible Travel - Default When the assumed maximum speed is 1000 mph.
  5. Last Sign-In Date - Default Last sign-on date older than 30 days.
  6. Untrusted IP - Default
  7. Breached E-mail Address - Default Include Breaches and Disclosures that occurred within the last 180 days.
  8. Consecutive Failures at Same Account - Default When consecutive failures are 5 times.
  9. Consecutive Failures at Any Account - Default When consecutive failures are 5 times.
  • You can get more information about a behavior by clicking on the ">" symbol next to its name.
  • To customize the default behavior, click on the ellipsis icon (three dots) next to the "Details" option.
  • This will open the Edit feature where you can make changes according to your preferences.
  • Moreover, you can create a new behavior by copying the default behavior with just one click on the Copy Feature.
  • This way, you can modify the copied behavior without affecting the original.

To create custom behaviors for your network policies, do the following:

  1. On the right side of the page, find the Create Behavior button.
  2. Click on the Create Behavior button to start creating a new behavior.
  3. Follow the prompts and provide the necessary information to define the behavior.
  4. Enter a Name select a Behavior Type - the behavior classification of Timus for the ZTNA trigger.
  5. Click Confirm.
New Device
This behavior is triggered when users attempt to sign in to the system from a different device than the previous devices they successfully signed in with.
New Geo-Location
This behavior is triggered when users attempt to log into the system from a different location than their previous successful signed-in locations.
New Country
This behavior is triggered when users attempt to sign in to the system from a new country than the previous countries they successfully signed in from.
Impossible Travel
This behavior is triggered if there is an unusual time and distance between the user's last sign attempts.
Last Sign-On Date
This behavior is triggered if more than the specified time has passed since the user's last successful login.
Untrusted IP
This behavior is triggered when the user tries to sign in with an untrusted IP address.
An IP address is tagged as “untrusted” if it has recently been involved in abusive activities, or is part of the TOR network, or is part of a proxy network.
Certain public IP addresses can be used for malicious purposes, causing them to be tagged as Untrusted IPs by Timus ZTNA framework. Those IP addresses may then be given to legitimate users by the IPs. If you use Untrusted IP behavior to deny user or admin sign-ins, their sign-ins will be denied until their IP addresses become trusted again, or they start using other trusted IP addresses.
Breached E-mail Address - Default
This behavior is triggered if there have been any breaches or disclosures within the selected days.
Consecutive Failures for the Same Account
This behavior is triggered if more than a specified number of failed login attempts have been tried to the same user's account.
Consecutive Failures at Any Account
This behavior is triggered if more than a specified number of failed login attempts have been tried on any user's account.
Device Posture Check This behavior depends on what EPP you have been using, the trigger can be Passes or Fails.
See more
Manage Zero Trust Policies

Timus Zero Trust Policies provides a user/ behavior-based access control as an alternative to traditional IP-based access control and makes it easier for an organization to manage network access.

  • You can view the default sign-in policies for both Users and Admins by visiting the Zero Trust Policies pages.
  • You can create custom user/admin sign-in policies.
  • Edit, copy, deactivate, and delete your Custom and Copied policies.

The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other policies.

It means that you are able to prioritize the Timus ZTNA rules by yourself.

It allows for more granular control over access rights, ensuring the right people have the right access at the right time.

The security model of this zero trust approach protects your organization against potential threats by increasing network security.

See more
Create an Administrator Sign-In Policy

This article shows administrator how to create Timus ZTNA's behavior-based administrator sign-in policies and apply them to your network.

Timus ZTNA's policies provide a distinctive and enhanced access control approach to expand your business while maintaining the fundamental aspects of your network security: Infrastructure, Application and Data, User and Device.

To protect your organization and users against today's ever more sophisticated cyber security threats, you can create User/Administrator-based sign-in policies in Timus Manager that automatically respond to any predefined risk level.

On the Admin Sign-in Policies page, you can view the following left to right:

  • You can easily navigate the page, view and configure policies using the Search filter located in the page's upper-left corner.

The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other Admin Sign-In policies.

It means that you are able to prioritize the Timus ZTNA rules by yourself.

  • You can create custom policies for admins by clicking the Create Admin Sign-in Policy button on the right side of the page.
  • In the area on the page with the default and custom policies, you can get general information about the policies, such as Name, Description, and Status.
  • The total number of policies defined in your network is displayed just below.
  • By clicking the ellipsis icon at the end of the general details of a policy: You can Edit the policy and easily create a new policy with the Copy feature. You can Deactivate and Delete the policy.

You cannot Deactivate or Delete the default administrator sign-in policy.

 

If you want to create a new Administrator Sign-In/ Login Policy, follow the steps below:
  1. Go to Timus Manager> Zero Trust Security> Admin Sign-in Policies.
  2. Click the Create Admin Sign-in Policy button on the right side of the page and display the pop-up on the screen with the following tabs:
    • Source
    • Condition
    • Action
    • Alerts & Notifications

On the Source tab,

  1. You must first enter a Name and Description for the policy you are about to create. For example, Default Administrator Sign-in Policy Default Administrator Sign-in Policy for High-Risk Attempts
  2. Click on Select and choose an Administrator.
  3. If needed, you can select multiple administrators to apply to the policy.
  4. Click on Save.

On the Condition tab,

  1. Set Risk Level as Any, High, Medium, or Low.
  2. Select the behaviors on which this policy will be applied. More than one can be selected.
  3. If you move your mouse over the new behavior, a pop-up text will appear displaying information about that specific behavior.
  4. If you want to set the time, click Schedule. You can set the day(s) and start/ end date here.
  5. Click Confirm.

When "All Selected Behaviors" is chosen, all selected behaviors such as Untrusted IPs, New Device, and Breached E-mail Address must be active simultaneously for the policy to take the action.

When "Any Selected Behavior" is chosen, at least one of the selected behaviors must be triggered the policy to take the action.

You can consider All Selected Behaviors like "AND &&" and Any Selected Behaviors like "OR ||" as in coding language.

Experience the user-friendly interface of Timus by hovering over the info icons on the policy creation screen:

When you add a behavior to the policy with the add behavior button on the screen and hover over that behavior, you can view the brief explanation about the behavior you added:

In the Action tab,

Decide what action the system should take when a behavior triggers the policy. The actions defined in the system are as follows:

  1. Allow
  2. Deny
  3. MFA-Email
  4. MFA Authenticator App
  5. Deny and Block IP

You can set multiple actions for multifactor authentication with Timus ZTNA.

The actions you select are numbered in the tab shown on the left.

  1. Select an Action from the drop-down list.
  2. If you choose is MFA- Authenticator App and MFA- Email actions with multifactor authentication capability, you will see the Add More Actions button on the screen.

So, in a scenario where the first authentication step fails, you can enable another action for login attempts and send authentication setup instructions to administrators who have not completed the setup process.

On the Alerts and Notifications tab, you can configure the policy to send Alerts and Notifications each time it is triggered.

  1. Enter a Title for the policy alert.
  2. Set the Severity of the alert. Severity can be defined as High/ Medium or Low.
  3. Set Status ON to enable the alert.
  4. Specify which Result Conditions will be given an alert. Conditions can be Successful/ Failed or Timeout.
  5. Click on Notification.
  6. Enter a Title for notification.
  7. Set the Severity of notification. Severity can be defined as High/ Medium or Low.
  8. Set Status ON to enable the notification.
  9. Decide which Result Conditions will receive notification. Conditions can be Successful/ Failed or Timeout.
  10. If necessary, check Notify Administrators Matching Conditions to have the system notify the policy-bound user.
  11. If necessary, enter a Recipients for the notifications to be generated,
  12. Choose a recipient type: This can be one of your Admin(s) or an External user. More than one recipient can be assigned to the policy.
  13. When the administrator is selected, all administrators defined in the system are listed by name, and you can also select All Administrators in here.
  14. When External is selected, enter a Name and E-mail Address.
  15. Click +Add and view administrators' information, such as Name/ Type and E-mail Address below.
  16. Clicking Delete at the end of the line deletes the recipient.
  17. By clicking on Save, you will have created your first Create Admin Sign-in Policy with Timus ZTNA.
  • When you open the page, click the ellipsis icon in the default policy row and select Edit from the mini drop-down list.
  • Then you can change the configuration of the default policy and reapply it to Timus ZTNA with your final configuration.
  • Also, you can create a similar but slightly different policy: If needed, use the Copy feature in this list.
 
 
See more
Create Site
The ability to create a site is a key feature of the Timus Solution. This article will show you how to navigate through the process on Timus Manager.
The gateway(s) you will create should meet everything you need to provide a reliable, high-performance, and secure connection to your remote offices and mobile/remote workers by utilizing the most up-to-date tunnelling protocols.
  • To be able to create a Site, you need to go to the Timus Manager -> Sites -> Create New.
Select a region that is closest to most of your users. We recommend that you deploy multiple gateways in different regions if your users are distributed geographically. You can allow users to connect to all the gateways or some of them in user settings. If multiple gateways are allowed for a user, then the user’s Timus Connect App can choose the closest one before attempting to connect.
You cannot change the region of a gateway once it is created.
To set up site-to-site IPSec VPN connections, read the connector article.
This process may take around 5 to 10 minutes.
See more
View Site Details
This article explains how to view site details on Timus Manager.
Your network consists of components such as Gateways and IPsec tunnels. These components enable your users to securely access your resources on-premises and in the cloud and can be viewed in detail on the Sites page of the Timus Manager.
  • To view the site details, go to Timus Manager and click on the Sites page.
  • Find the site whose details you want to view and click on the ellipsis icon in the corresponding row.
  • Select "View" to access the page with site details.
  • This page contains a summary table titled "Connectivity." The table provides information on three parameters: Connection Health: indicates the overall status and reliability of the connections Throughput: refers to the amount of data that can be transmitted through the network within a given time frame, indicating the network's capacity. Efficiency: measures how effectively the network utilizes its resources to transmit data.

This Connectivity section helps you make informed decisions or take necessary actions to optimize network connectivity.

  • The Network Statistics graph shows the Health or Throughput data for the Primary WAN over the Last 7/15 Days, Last Month, or Custom date range.

  • List of the networks of the site.
  • Site information widget shows the most important details about the site and has the ability to configure the site with the Edit feature at the upper right of the widget.

 
See more
View Network Statistics
This article explains how to view network statistics to ensure network efficiency.
  • To access Network Statistics, start by going to Timus Manager and selecting the "Sites" page.
  • From here, select the site with the network you want to view and click on the ellipsis icon located on the right side of the site row.
  • Click on "View" to enter the site page, where you can find the statistics for the networks associated with that site.
  • The Network Statistics section provides graphical representations of the connection status (Health) or the download/upload statistics (Throughput) for either all networks or a specific one.
  • You can filter the status and statistics with the time filter as default: 7, 15, 30 days or, you can customize the date.

The Network Statistics for the Primary WAN of the site you are currently viewing in your Timus Manager are as follows:

Latency:

  • They indicate the time it takes for a data packet to travel from one point to another on the network.

Jitter:

  • Inconsistent arrival of packets between two endpoints, causing delays.

Loss (Packet Loss):

  • Packet loss refers to when a packet fails to reach its destination, arrives in a different order than intended, or arrives after a significant delay.

Upload:

  • The upload rate refers to the speed at which the customer's data is transferred to the Gateway, typically measured in bits per second.

Download:

  • The download speed is the rate at which the representative receives data from the Gateway, typically measured in bits per second.

(Connection) Health:

  • The performance of the session indicates the status of the established connection and is derived from the average recorded latency.
  • If the Latency is less than 50 ms, the connection is defined as "PERFECT."
  • Similarly, if the Latency is recorded as:
    • Between 50 and 150 ms, the connection is called "GOOD."
    • Between 150 and 300 ms, it is considered "AVERAGE."
    • If it exceeds 300 ms, the connection is labeled "BAD."
See more
Connection Health

To access the Health scale that ranks connection quality from best to worst, follow these steps:

  • Go to Timus Manager > Sites page.
  • Locate the site from the list on the page.
  • The past 24 hours are color-coded in green, yellow, red, and gray (null) on the scale for easy identification under the Health section.

  • When you hover your mouse over the scale, you will be able to see a pop-up information box showing the measurement values within that hour.

  • For a more detailed overview of the connection health, click on the ellipsis icon located on the site row and select "View" from the dropdown menu.
  • This will provide you with comprehensive information on the status of your connection.
  • The overall values for Latency, Jitter, and Loss are presented to the right of the scale.
 
See more
Create Site to Site IPsec Connections

The IPsec protocol suite can set up direct and encrypted connections between supported devices by offering a framework for securing data traffic between two servers.

Creating an IPsec tunnel via Timus, you can transfer the data securely between the peers of the connection.To create a site-to-site IPsec VPN gateway connection between your on-premises network and a virtual network (VNet) please follow these steps:Here are the two phases of internet key exchange (IKE) required to set up an IPsec connection using Timus.

IKE PHASE 1

General Settings

  • Go to Timus Manager > Sites page.

ipsec-1.png

  • Click Create New in the upper right corner of the page.
    ipsec-2.png
  • Select Connector.
  • In the General tab, enter a Name of up to 30 characters.
  • Select IPsec as the Tunnel Type.
  • Set the Status to Enabled.
    ipsec-3.png

Parameters

As shown in the sample image below of the parameters tab, there are default settings that need to be configured for the IPsec tunnel connection you are about to create in order for it to function correctly:

  • Click the Parameters tab on the Connector page.
  • Local Peer represents the originating gateway. Choose the Network > the Primary WAN from here.
  • Please enter the PUBLIC WAN IP of your Timus Manager in the Local Peer Identifier box located to the right of the Local Peer.
    ipsec-4.png
  • To access the IP address and insert it into the Peer Identifier box, go to the Timus Manager -> Sites -> relevant Site's line and click on the ellipsis icon. Then, select View. On the page that opens, the Gateway's IP address is displayed in the Site information field. Copy this PUBLIC WAN IP.

ipsec-5.png

  • Remote Peer represents the WAN IP of the remote device. Enter the WAN IP of the device (i.e. firewall) at the other side of the tunnel.
  • Peer Identifier is to facilitate communication and data exchange between peers. If your network topology does not include the local WAN IP, you might consider leaving this Peer Identifier box to the right of Local Peer blank.
  • However, your device may also require Remote Peer Identifier. So even if the IPsec tunnel you want to establish ends in the PUBLIC WAN IP, you may need to enter the same IP address in the Remote Peer into Peer Identifier (Optional) box without putting network classes such as /32
  • Here is an example below:
    • Remote Peer: 8.8.8.8/32
    • Remote Identifier: 8.8.8.8

To find your Local Primary WAN IP address,

  • Go to the Timus Manager -> Sites -> relevant Site's line and click on the ellipsis icon.
  • Then, select View.
    ipsec-6.png
  • On the page that opens, the Local Primary WAN IP address is displayed in the Networks area field at the bottom of the screen. You can use this Local Primary WAN IP Address for your Remote Peer Identifier field.
    ipsec-7.png
  • To be able to create an IPsec with some devices, the Local Peer Identifier (optional) must be your Local Primary WAN IP address as the image below
    ipsec-8.png
  • In the Authentication and Encryption section, you will specify the mode of Phase 1 for authentication and encryption and complete the configuration of an association that both parties agree on.
  • It is recommended to choose IKEv2 as the Key Exchange Type, which provides greater efficiency and flexibility.
  • Create an IPsec password as a Preshared Key. Be careful not to use simple passwords and algorithms for network security. Timus supports a maximum of 50 characters for the Preshared Key. However, due to the 18-character key restriction on certain devices, it would be useful to verify whether this limit applies to the remote peer.
  • Select the Mode for negotiation, either Main or Aggressive.
  • The choice between Main Mode (The default and more secure) and Aggressive Mode (This mode is faster but less secure. However, it is useful in situations where one or both devices are behind a NAT device, as NAT can interfere with the Main Mode negotiation process) depends on your specific needs and the level of security required. You should always consider the trade-off between security and speed when making this decision.
  • For Authentication Algorithm, you should choose between sha1 or sha256.
  • For the Encryption Algorithm, the widely used and supported AES128 algorithm is available for establishing a secure connection.
  • modp1024(2) or Group 2 is the minimum acceptable group for DH Group's security algorithm. However, for higher security needs, consulting a network security professional and choosing higher groups from the list, such as modp2048(14) or modp3072(15), is recommended.
  • The important point to note is that in order for tunneling to be established correctly, the values used in the Authentication and Encryption section must be exactly the same as on the peer device at the other side of the tunnel.

Miscellaneous

  • You can configure the retry methods for the IPsec tunnel connection in the Miscellaneous tab.
  • The recommended/default settings in this tab are displayed in the image below.
  • Ensure that the same values are entered for both devices in order to establish a correct connection in this tab as well.
  • Enable NAT Traversal to ensure the proper functioning of the IPsec connection. Please note that this option should be enabled on both Timus and your IPsec device. If you do not have any options to enable it on the on-prem IPsec device/Firewall, please keep it disabled.
    ipsec-9.png

IKE PHASE 2

  • You must create a tunnel where you will determine the traffic that will pass through the Connector you have created in the Phase 1 section.
  • As in Phase 1, you must enter all the same values for the connection health of the IPsec tunnel for both devices.
  • Here are the steps you need to follow to create a tunnel:
  • Go to Timus Manager -> Sites page.

ipsec-10.png

  • The Connector you have created in the Phase 1 chapter is in the drop-down menu under the selected gateway. Use the right and down slider button icons to view the connector's line.
  • Click on the icon at the end of the Connector’s line. Then click "View."
    ipsec-11.png
  • The page that opens is the Phase 2 table of IPsec. In the Site section on the right side of the page, you can view the Phase 1 methods you have configured.
  • Click on Create Tunnel on the page that opens.
    ipsec-12.png
  • Enter a Name for the IPsec tunnel.
  • Set the Status to Enabled.
  • Select Authentication and Encryption Algorithms.
  • Choose from the list if you want to create an IPsec tunnel over a particular protocol.
  • In Phase 2, select multiple algorithms to increase security.
  • To access and enter the IP to Local Network section, go to Sites-> Relevant Gateway -> View -> Networks.
  • Copy the IP address you desire from under the Network heading.
  • For instance, the WireGuard tunnel for IPsec is 192.168.249.0/24, and the OpenVPN tunnel for IPsec is 192.168.255.0/24 in the below picture.
  • You can prioritize traffic to pass through the tunnel by enabling NAT Status for LAN.
  • NAT Status: Ensuring traffic comes from a different IP block prevents you from losing network connectivity even if local networks conflict.
  • In the Remote Network section, you can select the local subnet of the remote device.
  • Enable or disable the PFS feature.
  • Enable Perfect Forward Secrecy (PFS) only if you are sure that PFS can be enabled on the peer device. If the peer device is old, disabling PFS may be a viable option.
    ipsec-13.png
  • After configuring the Phase 2, click on Save.

Vendors - IPsec site-to-site configuration 

See more
PfSense

This article will help you establish a site-to-site IPsec connection between Timus Networks and PfSense.

IPsec tunnel between Timus - PfSense: PfSense Configuration for Timus:

 

Go to PfSense UI -> VPN -> IPsec.

General Information:

IKE Endpoint Configuration:

Phase 1 Proposal (Authentication):

Phase 1 Proposal (Encryption Algorithm):
Expiration and Replacement:
Advanced Options:
Once you have completed the steps as shown in the images above, hit Save to complete the Phase 1 configuration on PfSense.
You need to go back to the VPN -> IPsec page again, and hit Show Phase 2 Entries or create a new one to complete the Phase 2 configuration of PfSense.
In this example, we consider that the local subnet belonging to PfSense is 10.10.10.0/24 and Remove Subnet is 192.168.249.0/24 (WireGuard subnet on Timus).
Once you Add P2 or Edit the P2, you will be able to see the Phase 2 configuration of PfSense.
General Information:
Networks:
Phase 2 Proposal (SA/Key Exchange):
Expiration and Replacement:
Keep Alive:
You can hit Save to complete the Phase 2 configuration of PfSense.
PfSense generally connects to the IPsec automatically. Yet, it sometimes does not connect automatically. To be able to manually trigger the IPsec connection, you need to go to Status -> IPsec as shown in the image below and hit Connect P1 and P2 button there to run it. Plus, you can disconnect the IPsec tunnel manually if needed.
After completing the steps above, please add a Firewall IPsec rule on PfSense as shown in the image below to let the Phase 2 work on both Timus and PfSense.

Timus Configuration for PfSense Firewall:

  • Go to the Timus Manager -> Sites -> Create New Please note that you need to have a gateway to be able to create an IPsec tunnel(Connector).

  • After clicking on Create New, you need to select Connector on top and enter an IPsec tunnel name, which is required.

Parameters:

  • Note- you now have the option to select "Create firewalls rules automatically"

Miscellaneous:

  • To enable Dead Peer Detection(DPD) is highly recommended. Therefore, once the IPsec tunnel gets down for some reasons, it will automatically connect back and it will be Established/Online again.
  • After configuring the Phase 1 IKE configuration of Timus, you need to hit Save.
  • After saving, please extend the gateway by clicking on the arrow, and click on the 3 dots at the end of the row. After that, click on View.
  • After clicking on View, you will be the page where you can add/edit the Phase 2 configuration, click on Create New Tunnel to create a Phase 2 configuration for your IPsec.

Phase 2 configuration of Timus:

  • Note- you now have the option to select "Create firewalls rules automatically"

  • After configuring the Phase 2, click on Save.
See more
Create Firewall Rule
To create and configure firewall rules, go to the Rules> Firewall tab in the Timus Manager:
Click the Create New button on the top right of the page.
Configuration of Firewall
  • Action can be Allow or Deny.
  • Status is selected as Enabled by default. Yet, you can select Disabled while creating a rule to make it enabled later.
  • The Source can be Network, Site, IP, Location(GeoIP), User, Team, Device, Tag and you are allowed to add multiple sources.
  • The Destination can be Network, Site, IP, User, Team, Device, Tag, Category, Website, Keywords and you are allowed to add multiple destinations.
  • The service can be selected from the pre-defined list as shown in the image below or you can select Custom to customize the rule. If you would like to define a rule for both TCP and UDP, you can select TCP/UDP as shown in the image below. You are allowed to define multiple services.
  • You can block/allow any countries by using the option Location on both Source and Destination.

Services

Service Category
HTTP
Web Access
HTTPS
VoIp
SIP
Database Access
MSSQL_SERVER
MSSQL_MONITOR
MYSQL
POSTGRESQL
Remote Access
RDP
SSH
TELNET
VNC-RFB
RPC
DCE-RPC
File Access
FTP_DATA
FTP_CONTROL
TFTP
SMB
Network Services
DNS
DNS_MULTICAST
DNS_OVER_TLS
DNS_OVER_QUIC
DHCP_SERVER
DHCP_CLIENT
NTP
SNMP
SYSLOG
SSDP_UDP
SSDP_TCP
Email
IMAP
IMAPS
POP3
POP3S
SMTP
SMTPS
Authentication
LDAP
LDAPS
RADIUS
KERBEROS_AUTH
KERBEROS_PWD
KERBEROS_ADMIN
Protocol
HOPOPT
ICMP
IGMP
GGP
IPv4
ST
TCP
CBT
EGP
IGP
BBN-RCC-MON
NVP-II
PUP
ARGUS
EMCON
XNET
CHAOS
UDP
MUX
DCN-MEAS
HMP
PRM
XNS-IDP
TRUNK-1
TRUNK-2
LEAF-1
LEAF-2
RDP
IRTP
ISO-TP4
NETBLT
MFE-NSP
MERIT-INP
DCCP
3PC
IDPR
XTP
DDP
IDPR-CMTP
TP++
IL
IPV6
SDRP
IPV6-ROUTE
IPV6_FRAG
IDRP
RSVP
GRE
DSR
BNA
ESP
AH
I-NLSP
SWIPE
NARP
MIN-IPV4
TLSP
SKIP
IPV6-ICMP
IPV6_NONXT
IPV6_OPTS
CFTP
SAT-EXPAK
KRYPTOLAN
RVD
IPPC
SAT-MON
VISA
IPCV
CPNX
CPHB
WSN
PVP
BR-SAT-MON
SUN-ND
WB-MON
WB-EXPAK
ISO-IP
VMTP
SECURE-VMTP
VINES
IPTM
NSFNET-IGP
DGP
TCF
EIGRP
OSPFIGP
SPRITE-RPC
LARP
MTP
AX.25
IPIP
MICP
SCC-SP
ETHERIP
ENCAP
GMTP
IFMP
PNNI
PIM
ARIS
SCPS
QNX
A/N
IPCOMP
SNP
COMPAQ-PEER
IPX-IN-IP
VRRP
PGM
L2TP
DDX
IATP
STP
SRP
UTI
SMP
SM
PTP
ISIS_OVER_IPV4
FIRE
CRTP
CRUDP
SSCOPMCE
IPLT
SPS
PIPE
SCTP
FC
RSVP-E2E-IGNORE
MOBILITY_HEADER
UDPLITE
MPLS-IN-IP
MANET
HIP
SHIM6
WESP
ROHC
ETHERNET
AGGFRAG
NSH

If you enable Custom Source Port, you are allowed to define a specific source port. Otherwise, the source port would be selected as Any.

  • Clear sessions: If enabled, all the existing sessions of the source items in the rule will be cleared when the rule is applied. This means the rule will be enforced immediately for all source items, without the need to wait for termination of their existing sessions. If disabled, the rule will be enforced for the source items after their existing sessions are terminated. This is disabled by default.
  • Log rules: If enabled, traffic logs related to this rule will be collected. Otherwise, they will not be collected. This is enabled by default.
  • Schedule: This is defined as Everyday. If you would like to select a specific period of time/duration, you can modify the schedule depending on your needs.
  • There are 2 rules defined by default and they are not editable, deletable or movable.

  • If you would like to prioritize the rules you have created, you can use the drag-and-drop directive, and the rule order is from top to bottom.
  • To be able to block the paths on the URLs lie example.com/timus, you need to make sure that the SSL Inspection is enabled on the device and the certificate has been installed successfully.

 

 

 

See more
Web Categories and Rules
This article explains the process of creating firewall rules for a website or categories of websites. Furthermore, it explains you more details about the name of the categories and their descriptions in detail.
To be able to manage and use the Web Categories, you need to go to the page the Timus Manager -> Rules -> Web Categories.
  • If you want to look up the domain, you can use the search bar to enter a domain to search as shown in the image below.

  • We support Import functionality for the domain entries with a csv file, you can click on Import to be able to add the domains faster as shown in the image below. You can click on Download Sample and you can add your domains accordingly.

  • You can either customize a web category by clicking on Create New or use the pre-defined categories as shown in the image below.

  • As an example, here is a new created category called Knowledge Base and there are 2 domains www.timusnetworks.com and timusnetworks.com in it.

  • You can either Include the domains or exclude the domains by editing the web category. Please note that you are not allowed to edit or delete the predefined web categories.

 

Adult

The "Adult" category comprises web pages containing images or videos depicting sexual acts, sexual arousal, or explicit nude imagery with a sexual intent. It also includes pages that use frequent or serious profanity. Additionally, this category encompasses pages whose primary content is child-appropriate, but with regular or irregular sections featuring sexually themed, non-educational material. Web pages with sexual content, products, or services related to sex, but without explicit nudity, are part of this category. It also includes pages featuring tasteless content, such as cruelty to animals, bathroom humor, and other potentially inappropriate material for children.

Alcohol

The "Alcohol" category includes web pages that promote, advocate, or sell alcohol, encompassing a variety of beverages such as beer, wine, and hard liquor. These pages may feature information about different types of alcoholic products, brands, and related events. They could also provide details on the production, distribution, and consumption of alcoholic beverages. Additionally, these web pages might offer the option to purchase alcohol online or provide resources for locating physical stores selling such products. The content within this category is focused on the promotion and commercial aspects of the alcohol industry.

Anonymizers

The "Anonymizers" category includes web pages that promote the use of proxies and anonymizers. These tools are intended to facilitate anonymous and unrestricted access to websites by bypassing filters and other online restrictions. Anonymizers are often employed to conceal the user's identity and location, allowing them to browse the internet without revealing personal information. These pages may provide information, tools, or services related to the use of proxies for the purpose of maintaining online privacy and evading content restrictions.

Banking

The "Banking" category encompasses web pages operated by or dedicated to banks and credit unions, with a specific focus on online banking applications. This category excludes online brokerages, concentrating on financial institutions providing services related to traditional and digital banking, including account management, transactions, and financial services.

Business & Services

The "Business & Services" category encompasses a wide array of web pages, covering real estate transactions, agriculture-related information, construction and architectural services, genetics research, and biotechnology firms. It serves as a general category for businesses not fitting into more specific classifications, including furniture makers and retail outlets. The insurance sector is also represented, spanning various types from health to car insurance. The category further includes manufacturing and industrial production businesses, as well as those involved in security products and services, excluding computer security. Information on retirement homes and communities, inventory management, and connections within communities are also part of this diverse category, along with advertising agencies and marketing services, excluding online banner ads. In essence, "Business & Services" provides a comprehensive overview of commercial and service-related content.

Chat

The "Chat" category encompasses web pages designed for real-time communication, featuring chat rooms and messaging functionalities that facilitate group discussions among strangers or friends in both public and private settings. These pages serve as platforms for interactive conversations, allowing users to engage in discussions with others. Additionally, the category includes instant messaging software and web pages that enable users to stay connected with a list of "buddies" through messaging services. In essence, "Chat" provides diverse means for individuals to communicate in real-time, fostering both group interactions and one-on-one conversations through messaging platforms.

Content Servers

The "Content Servers" category includes web servers that lack navigable web pages and are primarily employed for hosting images and other media files. These servers play a crucial role in enhancing web page performance and site scalability by offloading media content delivery. Instead of serving complete web pages, they focus on efficiently delivering media elements, reducing page load times and optimizing the overall user experience. Content servers are integral to content delivery networks (CDNs) and are strategically positioned to distribute multimedia content, ensuring faster and more reliable access to images and other media resources for website visitors.

Criminal Activities

The "Criminal Activities" category includes web pages that promote extreme ideologies, discrimination, and hate based on factors like political affiliation, gender, race, or religion. Additionally, it encompasses pages that promote illegal drugs, including information on common illegal drugs and the misuse of prescription drugs. Content depicting physical or sexual abuse of children is also covered in this category. Moreover, the category includes web pages providing information on illegal activities such as burglary, murder, bomb-making, and lock picking. Pages with tools and information facilitating online crime, unauthorized access to computers, and fraud are part of this category. Furthermore, it involves content related to marijuana, covering aspects like legalization, medicinal use, and general information. Lastly, the category includes pages that provide access to illegally obtained files, such as pirated software, movies, and music, as well as sites offering assistance in cheating on homework and tests.

Culture & Arts

The "Culture & Arts" category encompasses web pages related to the development or display of the visual arts. This includes platforms featuring various forms of artistic expression, such as paintings, sculptures, and other visual creations. Additionally, the category includes web pages dedicated to published writings, spanning fiction and non-fiction novels, poems, and biographies. These pages serve as platforms for authors and literary enthusiasts to share and explore written works across different genres and styles.

Dating

The "Dating" category encompasses web pages that are focused on promoting relationships, including dating and marriage. These websites are designed to facilitate connections between individuals seeking romantic partnerships. They may feature profiles, matchmaking services, and communication tools to help users interact and potentially form long-term relationships. The content typically revolves around dating advice, relationship tips, and platforms for meeting and connecting with potential partners.

Education

The "Education" category comprises a variety of web pages tailored to facilitate learning and academic pursuits. It includes pages for schools with an online presence, encompassing universities, private and public schools, and other real-world educational institutions that offer online resources and information. Additionally, the category covers web pages hosting academic publications, journals, research findings, curriculum details, online learning courses, and materials, providing a comprehensive repository for scholarly content and educational tools. These pages cater to students, researchers, and educators seeking valuable resources for academic enrichment. Furthermore, "Education" includes web pages containing reference materials, offering data compilations and reference shelf content such as atlases, dictionaries, encyclopedias, census data, and other reference materials. These resources contribute to a well-rounded educational experience, supporting users in their quest for knowledge and information.

Entertainment

The "Entertainment" category encompasses a diverse range of web pages designed to provide amusement and enjoyment. This includes pages featuring comics, jokes, and other humorous content to elicit laughter and entertainment. Furthermore, it includes platforms offering internet radio, streaming media, and downloads related to musicians, bands, MP3s, and various media content. Additionally, the category covers web pages dedicated to animated TV shows, movies, comic books, and graphic novels, catering to fans of animated and illustrated entertainment. News and gossip about celebrities, television shows, movies, and the broader entertainment industry are also featured, keeping users informed about the latest developments. Moreover, "Entertainment" includes pages devoted to the venues of entertainment, such as comedy clubs, nightclubs, discos, festivals, theaters, and playhouses, offering information about places where entertainment events unfold. Lastly, the category encompasses web pages providing comprehensive content about television shows and movies, including reviews, showtimes, plot summaries, discussions, teasers, and marketing materials, creating an immersive experience for enthusiasts.

Environment

The "Environment" category encompasses web pages dedicated to fostering awareness and understanding of environmental issues. These pages provide information on various aspects of sustainability, including sustainable living practices and initiatives. Additionally, the category covers content related to ecology, delving into the study of ecosystems, biodiversity, and the interactions between organisms and their environments. Furthermore, these web pages offer insights into nature and the environment, sharing knowledge on topics like wildlife conservation, natural habitats, and environmental conservation efforts. By compiling information on environmental

See more
Forwarding Rules
To create a forwarding rule that manages traffic from devices, IP addresses, and networks for your organization's network.
  • Create a Forwarding rule by going to Timus Manager -> Rules -> Forwarding page.

  • Once you click on Create New, you will be able to see the page as shown in the image below:

  • You can define a range for both source and destination ports like 1000-2000.
  • Once you extend the Schedule, you can decide if the forwarding will be active Everyday (all the time) or it will be active for a specific period of time. It has been selected as Everyday by default.

  • Map to Port: When enabled, destination ports loop sequentially for source ports.

The Map to Port feature allows you to specify a range of ports on both protocols, TCP or UDP, for instance, 70-75, and map them to a destination range, such as 80-85. Ports are forwarded sequentially: port 70 maps to port 80, port 71 maps to port 81, and so on. This feature is useful for port forwarding in a one-to-one manner."

See more
View Traffic Logs
This article provides instructions on how to view traffic logs, an important step in troubleshooting agent and network-related issues.
  • View all the traffic in your network with details on Timus Manager -> Insights -> Traffic Logs page,
  • Search the list using Time, Source, Action, Destination, Factor parameters on the Logs tab.
  • Clear the filters you have created by clicking on Clear All Filters.
  • You can gather more information by clicking the icon in the Details section to identify if there's been an issue.

  • You are able to check the Rule IDs of the traffic logs to detect which rule allows or denies the traffic.
  • If you have previously enabled SSL Inspection for a user or device, you can access detailed data by going to the User or Device tabs.

In the Traffic Logs page, where you can access comprehensive data presented through tables and graphics organized into various tabs. Here's an overview of what you'll find in each tab:

You can download the csv file to get a report for your traffic by clicking on Export at the top right of the screen as shown in the image above.

Only the last 10.000 records will be exported when you have created it.

When you have clicked on the Export button, you will see the pop-up above when the Export process is completed successfully. You can click on Download to get your report.

  • User Tab: User Information Top Most Active Users Detailed User Logs Most Active Devices per User Traffic Analysis Most Frequently Accessed Resources Time Spent by Users
  • Team Tab: Top Most Active Teams Team-specific Activity Data Most Active Devices within Teams Most Used Resources by Teams Time Spent by Teams
  • Device Tab: Device Information Most Active Devices Device-specific Activity Data Most Used Resources by Devices Time Spent on Devices
  • Applications Tab: Most Used Applications Application-specific Usage Data
  • Website Tab: Most Accessed Resources on Websites
  • Network Tab: Most Active Networks

This organized approach allows you to analyze user behavior, team activities, device usage, application preferences, website interactions, and network engagement.

Dive into detailed insights to make informed decisions about your product usage and optimize your resources effectively.

See more
View User Traffic
This article explains how to view user traffic and their details on your network.
To view detailed user traffic for each user, follow the steps below:
  1. Go to Timus Manager -> Insights -> Traffic Logs page.
  2. You can view all traffic on the Logs tab without navigating to other tabs.
  3. To configure the list, utilize the search bar. To view a specific user's traffic, navigate to the Source heading.
  4. Click on "Select" here.
  5. Click on "User".
  6. Click on "Start typing..." Select a user or scroll down the dropdown menu to find a user and view their traffic logs.

Click on the "Search" button.

By clicking the Search button, you can access a list displaying all the traffic generated by this user on your network.

To access the details of the traffic logs listed, click on the blue info icon located at the far right of the respective line.

You can use the Search bar to display more specific information about the logs you want to see.

Simply insert the desired columns with the appropriate command:

Time: Select the Start and End date of the traffic logs you want to display on the list.

Action: Choose between Drop or Allow.

Destination: Specify Team, Device, IP, Network, Site, or Any.

Factor: Specify Application, Category, Website, Keywords, or Any.

  1. Similarly, to see a user's traffic logs and in general, to view all user's traffic logs Click the User tab on this page.
  2. To view detailed user traffic, select a user from the Select section at the top of the page.

After selecting the user, you display the following information on the page.

  • Most Active Users,
  • Users Logs,
  • The user's Most Active Devices,
  • Traffic,

  • Applications and Websites as the user's Most Used Resources,

  • Time Spent as applications and websites where the user spends the most time,

  • The user's Events on your network.

You can also view traffic details for the following components by going to the Insights dropdown > Traffic Logs page:

  • Logs
  • User
  • Team
  • Device
  • Application
  • Website
  • Network
See more
View Alerts
This article explains how to view alerts generated by zero trust security policies in Timus Manager.
  • To view alerts for a selected policy type with an activated status, go to
    Timus Manager > Insights > Alerts page.
  • The total number of alert records can be found at the bottom of the page.
  • You can navigate between alert list pages using the total records filter in the lower-right corner of the page.

To turn on these notifications, go to the Alerts & Notifications tab on the Zero Trust Sign-In Policies pages. (User/Admin)

To filter your alerts, use the Search filter located at the top of the Alerts page:

  1. Enter the Title.
  2. Select an option in Result- Failed, Successful, or Timeout.
  3. Select a Type - User Sign-In Policy or Administrator Sign-In Policy.
  4. Specify the Severity level - Any, High, Medium, or Low.
  5. Set the Time.
  6. Click on the Search button.
    • Your filtered alerts will be displayed below based on your selections.

    • You can download the Alerts as a csv file by clicking on Export at the top right of the screen. Once you click on it, you will see a pop-up screen as shown in the image below. You can click on Download to get your report related to the Alerts.

    • To View Details of an alert, click on the ellipsis icon at the end of the alert line.

    • Mark the alert as Read/ Unread. When you mark it as read, the text will be faded out.
    • Delete the alert.

 
See more
View Events
By filtering sign-in events in your network, you can view the results based on criteria such as risk level, location, and authentication type.
  • You can search for these events with the parameters User or Admin.
  • To search for events, enter Public IP in the designated field and select a date from the Date/Time filter.
  • You can choose a Risk Level or leave it blank.
  • Once you have entered the necessary information, click the Search button.
  • Your search results display Event, Authentication, Risk Level, Location and Time data based on the information you provide.
     
  • Authentication field shows the steps of authentication, and the result of the each step. Green text indicates that step is successful, red means that failed.

  • You can download a report as a csv file on both tabs, User and Admin, by clicking on Export button at the top right of the screen as shown in the image above. Once you click on Export, you will see a pop-up screen where you can click Download to get your report as a csv file.

View Event Details

You can see the details of the each by clicking on the ellipsis icon at the end of the row:

  • Click the ellipsis icon in the row containing user or administrator information, and select View.

  • Scroll down to view the IP Intelligence section in the Event Details window.
  • On this section, you can see IP Intelligence information related to the IP address of the device used for sign-in:

The IP Intelligence section is only visible when a sign-in policy with the Untrusted IP Behavior has been defined for the specific IP.

  • Proxy: Shows if a proxy server is detected.
  • VPN: Shows if a VPN server is detected.
  • TOR: Shows if a TOR network node is detected.
  • Fraud Score: Shows the fraud score (1-100).
  • Abuse Velocity: Shows abuse velocity (high/medium/low).
  • Recent Abuse: Shows if recent abuse detected.
  • Bot Activity: Shows if bot activity detected.

See more
Automated Reports
This article provides guidance on how administrators can utilize the Automated Reports feature in Timus Manager.
This Timus Manager feature provides enhanced visibility, facilitating improved decision-making for administrators within their Timus network.
It offers comprehensive insight and analysis through AI-generated reports that can be accessed on-demand or scheduled.
To create new reports and view all network activity at once, follow these steps:

Manage Templates

  1. Go to Timus Manager -> Insights -> Automated Reports page.
  2. To manage templates, click on the "Manage Templates" button located in the upper right corner of the Reports page.
  3. From here, you can view the available templates, which are divided into two categories:
    Predefined and Custom.

Before creating a report, it is important to first manage the templates. This will allow you to choose analytics and insights you want to include in your report, using either predefined or custom templates.

To view the template or create a report using Timus's default Predefined Weekly Template, click the ellipsis icon next to it.

You also have the option to use the template as a basis for a new one:

Create Custom Template

To create a custom template,

  1. Click the "Create Custom Template" button in the Manage Templates screen and enter the title of the new template.
  2. After entering a title for the new template and clicking the Create Custom Template button, the page for your newly created template will be displayed on your screen.
     
  3. To add widgets to the template's screen, click the "Add Widget" button. This will open the
    "Add Widget" pop-up window where you can select the widgets you want to display.
  4. After you click the "Add" button, use the drag-and-drop method to move widgets around the page and arrange the template as desired.
  5. If you want to view different data ranges or components, you can add the same widget multiple times.
  6. Click "Configure" to adjust the number of components displayed in the tables and view data in the widgets with different Data Range Types.
  7. You can choose between Relative or Fixed data range types and select Daily, Weekly, Monthly, or Yearly parameters for the Data Range.

You can then configure the template by clicking on the ellipsis icon next to the template's name on the "Manage Templates" screen.

Create Report

To create a report, first complete the template configurations.
  1. Next, go to the Reports page and then, either click the "Create Report" button or select
    "
    Create Report" from the ellipsis icon of the template row on the Manage Templates pop-up screen.
  2. On the Create Report screen, enter a title for the report.
  3. Select the Type of report and Template.
  4. Add recipients from the Recipients section by entering their information and selecting their email language.

  5. Click "Save" and wait for the Successfully Created notification to appear.
  6. To view the report, click the ellipsis icon in the row of the report you created, then click "View".
  7. To generate the report, click the Actions button in the upper-right corner of the Reports page and select "Generate Report".
  8. You will see a notification that says "Report Result successfully created. Click here to see the result in your browser".
  9. Click "Here" to view your on-demand report in your browser.
  10. When you add a Recipient, your report will be sent to their e-mail address.
  11. If you've scheduled a report, the system will automatically generate and send it to the recipient of your choice.
    • The automated report you created for Daily events is scheduled to run every day without any issues.
    • For Weekly events, the report is set to run every Monday.
    • Monthly reports are generated on the 1st day of each month, such as November 1st and December 1st.
    • Yearly reports are generated on January 1st of every year.

Once your report is created, you can view the results by clicking on the Actions button and selecting the Go to Results page option on the report's page.

The generated reports will be saved on the report's page. You can access and view all reports generated on different dates by using the Displayed Report filter.

To configure the widgets, click on the "Show Template" option located on the report page. This is the same process as when you access it from the "Manage Templates" -> "Edit" page.

See more
View Blocked IP Addresses
This article shows you to how to view blocked IP addresses in your Timus network.
Access control with Timus Zero Trust Policies is based on user behavior, making it easy for administrators to monitor and manage blocked IP addresses on their organization's network.
To access logs of IP addresses blocked due to risky login attempts and default sign-in policies, go to the Timus Manager -> Insights -> Blocked IP Addresses page.
  • On this page, you can view the user associated with the blocked public IP, its location, the time it was blocked, and the policy denying access under zero trust.
  • Additionally, you can adjust the duration for removing address blocks using the Settings button on the page.

See more
ConnectWise PSA Integration Setup and Guide

Timus and ConnectWise integration helps MSPs automate billing tasks by syncing product catalog details and usage data directly with ConnectWise agreements. This setup simplifies invoicing, making it easier to manage customer billing automatically and keep everything accurate without manual input. Here's how to set up ConnectWise integration:

1. Create a Security Role for Timus

This role will generate an API key for the integration. You may use another role with the necessary permissions if preferred.

  • Go to ConnectWise PSA and navigate to System > Security Roles.

image (9).png

  • Click the “+” button to add a new security role.

image (10).png

  • Name the role and save it.

image (11).png

image (12).png

image (13).png

  • Assign the required permissions, then click “Save”.
  • Set “Inquire Level” to “All” for “Company Maintenance” under the “Companies” section.
  • Set “Add Level”, “Edit Level” and “Inquire Level” to “All” for “Agreements” under the “Finance” section.
  • Set “Inquire Level” to “All” for “Product Catalog” under the “Procurement” section.

2. Generate an API Key

  • Navigate to System > Members > API Members and click the “+” button to add a new API member.

image (14).png

  • Fill in the “Member ID” and “Member Name” fields, and choose the security role you created.

image (15).png

  • Save the member details.
  • Go to the “API Keys” tab, click “+” to create a new API key, enter a description, and save.

image (16).png

  • Go to the “API Keys” tab, click “+” to create a new API key, enter a description, and save.

image (17).png

Note: Save the public and private keys. The private key is only visible upon creation.

3. Set Up the ConnectWise Integration on the Partner Portal

  • Go to Settings > Integrations in the Partner Portal.

image (18).png

  • Select ConnectWise PSA to configure the integration.

image (19).png

  • Enter your ConnectWise Site URL, Company ID, Public Key, and Private Key. Test the integration before saving.
  • For example, if you are logging in to ConnectWise through this link https://na.myconnectwise.net/, enter “https://na.myconnectwise.net” to the ConnectWise Site URL field.
  • If the test is successful, click “Save”.
  • Enable the integration by switching the Status toggle, then click “Save” again. Now, you can access the “Customers” and “Products” tabs for mapping.

4. Customer Mapping

  • Navigate to the Customers tab. Select the corresponding ConnectWise Company and agreement, then click the “Map” icon.

image (20).png

  1. Repeat for all customers.

5. Product Mapping

  • Go to the Products tab to map your products. Users and gateways need to be mapped separately.
  • Ensure the ConnectWise product’s “Class” is set to “Agreement” for it to be listed.
  • Select the corresponding ConnectWise product and click the “Map” icon.

image (21).png

  • Repeat for all products.

5. Synchronization

  • When an invoice is generated in Timus, relevant subscriptions are automatically synced with ConnectWise. Only subscriptions with "Monthly" or "Annual with Monthly Payments" cycles are included in the sync.
  • The integration creates or updates additions when you assign, update, or cancel a subscription. To ensure a smooth workflow, map all customers and products in ConnectWise; only mapped items will sync correctly.
  • When a new subscription is assigned, Timus creates prorated additions in ConnectWise to cover the period from the subscription's start date to the last day of the month. In these cases, the “Effective” date is set to the assignment day, and the “Canceled” date is the month’s end.
    • Note: Timus also prorates the price you enter when creating the products. Unit costs are auto-filled to align with Timus invoices.
  • For consolidated invoices, Timus creates a main addition in ConnectWise to reflect the full monthly billing amount. Each main addition has an “Effective” date on the first day of the month and remains active until a further change is made. These additions don’t have a “Canceled” date, as Timus subscriptions renew automatically.
  • For any mid-month updates—like adding users or upgrading plans—Timus generates prorated additions covering the time from the change date to the month’s end. These entries are marked with an “Effective” date on the change date and a “Canceled” date at the month’s end to ensure accurate partial-period billing.
    • At the end of the month, the main additions for these subscriptions are set to end. New main additions are then created with the updated details when a consolidated invoice is generated at the start of the following month. This approach ensures that billing in ConnectWise stays in sync with the latest subscription adjustments made in Timus.
  • If a subscription is canceled, Timus updates ConnectWise by setting the main addition to end on the last day of the month when the cancellation occurs.

See more
Troubleshooting Bandwidth Issues on the Timus Network

Are you experiencing slower speeds than expected after connecting to the Timus Network? 

Several factors can contribute to this, but don't worry! This guide will help you troubleshoot the issue and get your connection back up to speed.

Initial Steps:

  1. Application Updates: Ensure you're using the latest version of the Timus Network client application. Outdated software can sometimes lead to performance issues. You can set automatic updates within the Timus Network client application by accessing your device settings within manage.timusnetworks.com.
  2. Conflicting Software: Uninstall any other VPN or network software running in the background. Even unused software might consume resources and affect your bandwidth.

If your client is up-to-date and there are no other programs running that could impact your connectivity. Please check the following troubleshooting steps:

  • Check Maximum Transmission Unit (MTU)
  • Ping Test with Varying Packet Sizes
  • Identify Network Issues (Traceroute & MTR)
  • Check Endpoint Configuration
  • Performance Testing (Optional)
  • Quality of Service (QoS) and ISP Throttling
  • Firewall and Security Software

 

1. Identify Current MTU Setting

macOS:

  1. Open Terminal.

  2. List network services:

    networksetup -listallnetworkservice
    
  3. Check current MTU:

    networksetup -getMTU <network_service>
    

Windows:

  1. Open Command Prompt.

  2. Check current MTU:

    netsh interface ipv4 show interfaces
    

2. Ping with Specific Packet Sizes

macOS:

  1. Open Terminal.

  2. Ping with a specific packet size:

    ping -D -s 1472 <gateway_public_ip>
    

Windows:

  1. Open Command Prompt.

  2. Ping with a specific packet size:

    ping -f -l 1472 <gateway_public_ip>
    
  3. Adjust Packet Size Incrementally:

    • Start with 1472 bytes.
    • Reduce the packet size by small increments if you encounter packet loss or errors.
    • Find the largest packet size that does not result in fragmentation or packet loss.

3. Use Traceroute and MTR

Traceroute:

macOS:

  1. Open Terminal.

  2. Install traceroute (if not already installed):

    brew install traceroute
    
  3. Run traceroute:

    traceroute <gateway_public_ip>
    

Windows:

  1. Open Command Prompt.

  2. Run tracert:

    tracert <gateway_public_ip>
    

MTR:

macOS:

  1. Open Terminal.

  2. Install mtr (if not already installed):

    brew install mtr
    
  3. Run mtr:

    mtr -rw <gateway_public_ip>
    

Windows:

  1. Open Command Prompt.
  2. Install WinMTR (if not already installed) from https://sourceforge.net/projects/winmtr/.
  3. Run WinMTR and enter the gateway IP to start the test.

4. Check Endpoint Configuration

ipconfig /all

macOS:

  1. Open Activity Monitor.

  2. Monitor CPU and memory usage to ensure they are not maxed out during the VPN connection.

  3. Check network interface for errors:

    ifconfig
    

Windows:

  1. Open Task Manager.

  2. Monitor CPU and memory usage to ensure they are not maxed out during the VPN connection.

  3. Check network interface for errors:

    ipconfig /all
    

5. Performance Testing

macOS and Windows:

  1. Download and install iPerf3 from https://iperf.fr/.

  2. Run iPerf tests to measure raw throughput with and without VPN:

    iperf3 -c ash.speedtest.clouvider.net -p 5200-5209
    

6. Quality of Service (QoS) and ISP Throttling

macOS and Windows:

  1. Check network QoS settings on your router or network management interface to ensure no QoS rules are throttling VPN traffic.
  2. Confirm with the ISP that there is no throttling of VPN traffic.

7. Firewall and Security Software

macOS:

  1. Open System Preferences.
  2. Review firewall settings to ensure they are not limiting VPN throughput.
  3. Check any installed security software for settings that might affect VPN performance.

Windows:

  1. Open Control Panel.
  2. Review Windows Defender Firewall settings to ensure they are not limiting VPN throughput.
  3. Check any installed security software for settings that might affect VPN performance.

Additional Notes:

  • If you're using macOS and don't have Homebrew installed, use the following command in Terminal: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" to install it.  

If none of these steps resolve your bandwidth issue, please contact Timus Network support for further assistance at Support@timusnetworks.com 

 

See more
Connect - No Gateways Available

What no gateways available mean and possible scenarios

This information message means that if the user is not allowed to connect to any gateway, a specific message will appear in the Timus Connect application.

The administrator must select the remote site for the user in the manager.

But there can be another root cause to show this error when;

  • User might not access the Timus Cloud services or doesn’t have internet access.

To verify that, please run:

ping user.timuscloud.com
ping device.timuscloud.com

Also, try to go to user.timuscloud.com or device.timuscloud.com from the browser. If user can not reach connect application will not able to connect.

  • timus-connect-background service is not running

    Go to Activity Monitor (Mac) or Task Manager (Windows) on your device and find timus-connect-service.

    Alternatively, you can go to http://localhost:49202 in your browser. If you see the output, it means the service is running.

    If you validate that the service is not running, please follow these steps:

    • [MacOS] Validate if service is running

      • Check if the plist file exists
        • Run the commands below to check if they exist:

          #for connect service
          cat /Library/LaunchDaemons/timus-connect-service.plist
          
          #for helper service
          cat /Library/LaunchDaemons/timus-helper-service.plist
          
        • After running the commands, if they exist, please run this command to load the service. After running, please check if the service has started.

          # Avoid if error occurs after running these commands. This is just a make sure none of instance exist on device
          sudo launchctl unload /Library/LaunchDaemons/timus*
          sudo launchctl load /Library/LaunchDaemons/timus*
          
    • [Windows] Validate if service is running

      Find services from search

      Make sure this 2 services are exist

      If they are not exist and running state try to install them manually see if any error occurs. For clean service install run these commands

      sc.exe stop timus-helper-service
      sc.exe stop timus-connect-service
      
      taskkill /F /IM "timus-connect-service.exe"
      taskkill /F /IM "timus-helper-service.exe"
      
      sc.exe delete timus-connect-service
      sc.exe delete timus-helper-service
      
      cd C:\\Program Files\\Timus Connect\\resources\\service
      
      timus-connect-service.exe -service install && timus-connect-service -service start
      timus-helper-service.exe -service install && timus-helper-service -service start
      

    After validation, if you see that the services are still not running and nothing works, try to start the service manually and check if any crashes occur.

    • [MacOS] Validate if service crash

      Run this command and see if service works

      #for connect service
      sudo /Applications/Timus\\ Connect.app/Contents/Resources/service/timus-connect-service
      
      #for helper service
      sudo /Applications/Timus\\ Connect.app/Contents/Resources/service/timus-helper-service
      
    • [Windows] Validate if service crash

      Run these commands

      cd C:\\Program Files\\Timus Connect\\resources\\service
      timus-connect-service.exe
      

    Let’s assume that a crash happened, which in most cases (99%) is a permission issue.

    At this point, it is better to perform a clean setup by removing all files we have and reinstalling Timus Connect. Please find the section with the clean setup steps for Timus Connect.

    Sometimes, SentinelOne, Bitdefender, or other security tools can prevent Timus Connect from working. We can confirm this by checking the task manager or asking the customer.

See more
View all

Step-by-Step Video Guides

Explore our most popular video tutorials on our YouTube channel.

Video Thumbnail

Segmenting Traffic with Split Tunneling

Manage your network, add tunnels, users, rules and licenses from a multi-tenant cloud portal with Timus.

Video Thumbnail

Connecting Branch Offices with IPSec

Connect to offices or protect SaaS apps through private gateways with a single static IP address.

Video Thumbnail

Granularity within the Timus Firewall

The Timus firewall sits in the cloud and intercepts all encrypted user traffic.

×

Frequently asked questions

How does Timus help us against ransomware & phishing attacks?

Timus uses zero-trust secure remote access and least privilege principles before granting any access to the network and data to protect against hackers, criminals, and ransomware. Additionally, Timus uses a best-of-breed DNS filter (at the network level) protecting users from zero-day threats and malicious sites from wherever they may encounter it (any device, application, protocol or port). A user is protected against all of the below: Malicious software including drop servers and compromised websites, including drive by downloads and adware Fraudulent phishing websites that aim to trick users into handing over personal or financial information Command and Control botnet hosts Sites which serve files or host applications that force the web browser to mine cryptocurrency Domains which have been registered in the last 30 days and in the last 24 hours Parked sites & domains that may no longer be controlled by the original owner

How does Timus ZTNA improve security?

The Timus solution is superior to traditional VPNs for secure remote access. User verification is hardened with behavioral and contextual analysis. Multi-factor authentication (MFA) can be deployed adaptively (ie. when signing in from a new device, new country, etc), improving user experience. Timus ZTNA can work with another IAM solution or standalone. Timus has one of the richest behavioral checks in the industry for Zero Trust Verification.

Does Timus provide shared or dedicated gateways?

Timus provides dedicated gateways with static IP addresses. An MSP can whitelist the Static IP in SaaS applications for controlled access and security.

Which tunneling protocols are supported by the Timus Connect agent?

WireGuard and OpenVPN tunneling protocols are supported.

How does split tunneling work?

The tunnel for secure connections can be configured to pass all user traffic, or just part of it, through the tunnel. Split tunnel configurations can be created in Manager->Settings-Tunnel Configuration page. Default configuration is all traffic passes through the tunnel. Timus Connect agent gets the tunnel configuration valid for the user and context, and passes traffic through the tunnel accordingly. This feature is currently available only for Windows and macOS releases of Timus Connect app.

Documentation

Still have questions? Explore our in-depth documentation for comprehensive guides and detailed solutions.

Go to documentation