How can we help?
Find help articles, troubleshooting guides, and tutorials
Search
Common searches:
Find help articles, troubleshooting guides, and tutorials
Common searches:
Video tutorials explaining how to set up various aspect of Timus tutorials listed on this Knowledge Base page
Explore our YouTube channel for how-to videos, partner use, and insights on Timus and the MSP space.
This exam assesses your proficiency and understanding of some of the key functionalities of the Timus’ Zero Trust Network Security Solution.
Discover Timus features and configurations through quick and easy-to-follow video tutorials. Perfect for a visual walkthrough of our capabilities.
Welcome to the Timus Explainer Videos page!
Explore our comprehensive library of video guides that simplify the essential features and configurations of Timus Networks. Designed for both beginners and advanced users, these quick and engaging tutorials will help you:
Learn how to configure Zero Trust policies with context-aware access control to protect your network and ensure only the right users have access to the right resources.
Master the creation and management of firewall rules to secure your network, prevent threats, and streamline network traffic.
Learn how to block unwanted content and enforce web filtering policies, ensuring a safe and productive network environment.
Explore how to segment network traffic effectively, optimizing performance while maintaining security and control.
Follow this step-by-step installation guide for Timus Connect to get your network running securely and efficiently in no time.
As security threats grow increasingly sophisticated, adopting a Zero Trust framework has become a necessity. Built on the principle of “Never trust, always verify”, Zero Trust ensures that every access request is meticulously validated, protecting your network and confirming user identities.
What Is Zero Trust Access? 🔒
Zero Trust Access is a cutting-edge security approach designed to:
By implementing Zero Trust, organizations reduce vulnerabilities and strengthen their defenses against breaches.
🎬 Learn the Timus Way
Timus Networks Conditional Access the Timus Way
In this video you'll learn:
The Timus Gateway is more than just a security measure; it’s the key to seamless connectivity. By hosting a cloud firewall, it enables secure communication between your network environments. With IPsec tunneling, you can connect your Timus Gateway to an on-premise firewall, ensuring secure and reliable access to data—no matter where it resides.
🎬 Learn the Timus Way
Timus Networks Connecting Branch Offices with IPSec
In this video you'll explore:
Timus Adaptive Cloud Firewall: Securing Users Anywhere
In today’s dynamic work environment, where users can connect from virtually anywhere, static security rules are no longer sufficient. The Timus Adaptive Cloud Firewall ensures your security perimeter moves with the user—aligning with their identity rather than just their device or location. This innovative approach enables true secure access at the edge, providing robust protection and seamless connectivity.
Why Choose Adaptive Cloud Firewall Rules?
🎬 Learn the Timus Way
Timus Networks Granularity within the Timus Firewall
In this video you'll discover:
A static IP address is more than just a number—it’s the foundation of complete network control. Every Timus Gateway is equipped with a private, static IP address, providing unparalleled visibility, enhanced security, and total control over your network.
🎬 Learn the Timus Way
Timus Networks Locking Down Saas with Static IP
In this video you'll explore:
Real-World Applications
The Timus Secure Web Gateway provides your organization with cutting-edge tools to manage web access, block harmful content, and bolster network security. By utilizing robust web filtering, content blocking, and anti-virus protection at the network layer, you can ensure that users only access safe applications and websites—whether working in the office or remotely.
🎬 Learn the Timus Way
Timus Networks Conent and Category Blocking
In this video you'll learn:
Core Features of Timus Web Filtering
🔍 Web Filtering
🚫 Content Blocking
Why Choose Timus Secure Web Gateway?
As part of recent improvements to the Partner and Manager portal, access to your tenant via SSO (Single Sign-On) has been restricted. By default, Support teams no longer have access to any tenant. If you would like to grant the Timus Support team access to your tenant, follow the steps below.
Steps to Enable Support Access:
On the opening page, configure the following:
Note:
For further assistance, please contact the Timus Support team.
This article explains an overview of the primary dashboard within the Timus Manager. Including key indicators, actionable items & insights
The Timus Dashboard is part of Timus Manager. It allows the administrator a comprehensive view of the network, including active users, devices, sites, and events occurring on the client network.
Dashboard components include:
By clicking one of these areas, such as Users Online, you will be redirected to the Users screen. On this screen, the status of the online users within your network is displayed as Active.
Similarly, for Devices Online or Sites Online, you can view the devices and sites listed as Online in the Status section on the respective Devices or Sites screens that will open after clicking.
Most Active Devices: displays the devices that frequently login and out of the network. A maximum of 30 devices can be displayed in the widget.
Most Active Users: displays in order of the users who frequently login and out of the network. A maximum of 30 users can be displayed in the widget.
Events: displays the login and out of users on the network. A maximum of 30 events can be displayed in the widget.
Customizing Widget Display
The Most Active Devices, Most Active Users, and Events widgets allow for further customization to tailor data visibility. Clicking on the three dots in the top-right corner of any of these widgets opens a Configure option. Selecting Configure brings up a modal, where you can specify the number of data to display within the respective widget, providing flexibility to suit your monitoring preferences.
Alerts: shows the total number of events in the upper right corner of the Dashboard as shown in the image below.
These alerts are generated in response to the user/admin sign-in policies under the Zero Trust Security section.
When you click on the icon, you will be directed to the Alerts page, where you can get more detailed information about the alert.
Profile: Located in the upper right corner of the Dashboard allows you to edit your Account information, Change Password, and change the Session Expiration Time.
Additionally, you can access the Setup Guide or Log out of the interface here.
The partner portal dashboard will provide visibility into customers' relevant information & all data pertaining to your partnership with Timus Networks.
MSPs will leverage the Timus Networks partner portal as their primary dashboard for day to day management of the Timus solution. Within the portal, you will be able to add, remove & manage all clients for both billing and technical management.
Link to - partner portal
For more information on Timus Connect App versions for different operating systems, go to:
ChaCha20 encryption is used for WireGuard.
AES-256-CBC encryption is used for OpenVPN.
When installing Timus Connect App onto desktop devices for the first time, the account must have administrator permission in order to install the application onto the device.
If Timus Connect App's background service is completely stopped for any reason, administrator permission will be required to access the application.
Open the application. You will see the Timus Connect App End User License Agreement on the screen.
The e-mail address screen will appear. Enter the e-mail address of your Timus account.
If you trigger a user sign-in policy of Timus Manager with a behavior when you try to login, you may encounter a different authentication method like two-factor authorization.
The screen that opens is the application's main screen. On this screen, you will see the following menu items:
Connection
Follow the steps below to establish a connection by using the Timus Connect Windows application:
The round-trip traffic duration to each active gateway will be displayed next to the gateway. The lower the duration, the faster the connection.
Account
On the Account menu, you can
To change your password:
Settings
On the Settings menu,
Split tunnel configuration works on Windows when the tunnel protocol is WireGuard.
Support
On the Support menu, you can
You will get a notification message as shown in the image below once you click on Collect log. This process can take up to 10 seconds.
Once the log file has been successfully created, you will see the pop-up message as shown in the image below.
Silent Deployment Script
For Partners who would like to use a silent script to deploy through an RMM tool, please refer to the below article:
Timus Connect App for Microsoft Windows Silent Deployment Script
NOTE:
Powershell Script - Windows
To run on a local machine without RMM, you may have to bypass the machine’s execution policy with:
powershell.exe -noprofile -executionpolicy bypass -file '.\Timus Silent Install.ps1'
Windows:
<#
Timus Connect Windows Installation Script
***Always review to make sure you know what a script is doing.***
* DISCLAIMER OF WARRANTIES:
*
* THE SOFTWARE PROVIDED HEREUNDER IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
* ANY WARRANTIES OR REPRESENTATIONS EXPRESS, IMPLIED OR STATUTORY; INCLUDING,
* WITHOUT LIMITATION, WARRANTIES OF QUALITY, PERFORMANCE, NONINFRINGEMENT,
* MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NOR ARE THERE ANY
* WARRANTIES CREATED BY A COURSE OR DEALING, COURSE OF PERFORMANCE OR TRADE
* USAGE. FURTHERMORE, THERE ARE NO WARRANTIES THAT THE SOFTWARE WILL MEET
* YOUR NEEDS OR BE FREE FROM ERRORS, OR THAT THE OPERATION OF THE SOFTWARE
* WILL BE UNINTERRUPTED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#####################################################################################
<#
1. Check to see if the application is already installed
If already installed, exits the script. Otherwise proceeds with section 2.
#>
$appName = 'Timus Connect'
$RegUninstallKey = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*'
$installedApplication = Get-ItemProperty -Path $RegUninstallKey | Where-Object {$_.DisplayName -like "*$appName*"}
if ($installedApplication) {
Write-Host "Application is already installed, exiting script"
}
else {
Write-Host "Application is not installed."
}
#####################################################################################
<#
2. Check to see if this is a desktop or laptop by looking for a battery
#!#! Delete this whole line if you want to disable this section #!#! #>
$systemType = "Unknown"
$BatteryStatus = (Get-WmiObject -Class Win32_Battery -EA SilentlyContinue).Status
if ($BatteryStatus) {
$systemType = "Laptop"
} else {
$systemType = "Desktop"
}
Write-Output "This device is a" $systemType
#2.1 At this time I am only automating the Timus installation on laptops
if ($systemType -eq "Desktop") {
Write-Output "The device is a desktop, exiting script."
}
else {
Write-Output "This is a laptop, proceeding with download."
}
#>
#####################################################################################
<#
3. Does the download destination exist?
If not, create download directory
Default download directory is "C:\temp\Timus Networks"
#>
$dlFolder = "C:\temp\Timus Networks"
$dlFolderTest = Test-Path -Path $dlFolder
$dlDest = "$dlFolder\Timus-Connect.exe"
$dlUrl = "https://repo.timuscloud.com/connect/Timus-Connect.exe"
$tempFolderExists = Test-Path -Path "C:\Temp"
if ($dlFolderTest -eq $true) {
Write-Output "Download directory exists, continuing with download."
}
else {
Write-Output "Download directory does not exist, creating directory"
New-Item -ItemType Directory -Path $dlFolder -Verbose -ErrorAction Stop
}
#####################################################################################
<#
4. Starting download to destination
Will try three different methods to download the file: Invoke-WebRequest, WebClient, and finally Start-BitsTransfer.
If all three fail, the script will exit with a failure.
#>
try {
Write-Output "Trying to download..."
Invoke-WebRequest -Uri $dlUrl -OutFile $dlDest
Write-Output "Invoke-WebRequest download was successful, moving on to installation..."
}
catch {
Write-Output "Invoke-Webrequest failed, trying webclient download..."
try {
$webClient = New-Object System.Net.WebClient
$webClient.DownloadFile($dlUrl, $dlDest)
Write-Output "WebClient download was successful, moving on to installation"
}
catch {
Write-Output "WebClient download failed, starting BitsTransfer..."
try {
Start-BitsTransfer -Source $dlUrl -Destination $dlDest
Write-Output "Downloaded successfully with BitsTransfer, moving on to installation..."
}
catch {
Write-Host "All methods failed. Unable to download the file. Exiting."
Exit 1
}
}
}
#####################################################################################
<#
5. Starts Installation of the Timus Connect App.
Upon error, the script will exit.
Checks registry for uninstall key for Timus Connect.
#>
Start-Process -Wait -FilePath $dlDest -ArgumentList "/S" -PassThru -ErrorAction Stop
#Check for successful install
$appName = 'Timus Connect'
$RegUninstallKey = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*'
$installedApplication = Get-ItemProperty -Path $RegUninstallKey | Where-Object {$_.DisplayName -like "*$appName*"}
if ($installedApplication) {
Write-Host "Application is installed."
} else {
Write-Host "Application is not installed."
}
#####################################################################################
<#
6. Performs cleanup of created files/folders
If download root existed prior to script, will only remove newly created folder.
For example, if C:\temp already existed, the script will only remove C:\temp\Timus Networks
and not C:\temp as a whole.
If download root did not exist, it will delete the whole folder
#>
if ($tempFolderExists -eq $true) {
Write-Output "Temp folder existed prior to download, only removing" $dlFolder
Remove-Item -Path $dlFolder -Recurse -Force
Write-Output "Cleanup complete, exiting..."
Exit 0
}
else {
Write-Output "Temp folder did not exist prior to script, deleting Temp folder..."
Remove-Item -Path "C:\Temp" -Recurse -Force
Write-Output "Cleanup complete, exiting..."
Exit 0
}
This script is designed to automate the installation of a digital certificate into the "Trusted Root Certification Authorities" store on a local machine. It can be distributed and executed via Remote Monitoring and Management (RMM) tools, making it ideal for deploying trusted certificates across multiple systems in a managed environment.
# Path to the certificate file $certPath = "C:\Users\username\Downloads\DESKTOP_CERTIFICATE.der"# Check if the file exists if (Test-Path $certPath) { # Import the certificate into the Trusted Root Certification Authorities store $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert.Import($certPath) # Add the certificate to the local machine Trusted Root store $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine" $store.Open("ReadWrite") $store.Add($cert) $store.Close() Write-Host "Certificate installed successfully." } else { Write-Host "Certificate file not found at $certPath. Exiting." }
This document is a guide explaining the use of the Timus Connect for macOS® application.
This application secures your connection by establishing an encrypted tunnel to the Timus Platform.
Timus Connect App supports macOS Monterey or higher versions.
Login
When installing Timus Connect App for the first time, the account must have administrator permission in order to install the application onto the device.
If Timus Connect App's background service is completely stopped for any reason, administrator permission will be required to access the application.
Administrator permission is not required for version updates.
If this account is synchronized from a directory service like Microsoft Entra ID(Azure AD), Okta, or Google Workspace, at this moment the login screen will be forwarded to the login screen of that directory service.
If you trigger a user sign-in policy of Timus Manager with a behavior when you try to login, you may encounter a different authentication method like two-factor authentication.
The screen that opens is the application's main screen, you will see the following menu items:
Connection
Follow the steps below to establish a connection by using the Timus Connect Windows application:
The round-trip traffic duration to each active gateway will be displayed next to the gateway. The lower the duration, the faster the connection.
Account
On the Account menu, you can
Settings
On the Settings menu,
If you are unable to modify or turn features on or off, it indicates that the administrator has closed that feature to user selection based on their preference.
Split tunnel configuration works on macOS when the tunnel protocol is WireGuard.
Support
On the Support menu, you can
Once you have any isues with the Timus Connect Application, you click on Collect log. it will want you to select a folder to create a log file, which will have all the .log files needed for troubleshooting. You can send the file to one of our technical support specialists to have it analyzed.
You will get a notification message as shown in the image below once you click on Collect log. This process can take up to 10 seconds.
Once the log file has been successfully created, you will see the pop-up message as shown in the image below.
To install an SSL Certificate, follow these steps:
The SSL Certificate can be installed by clicking "Install Certificate" on the Support menu. However, in order for the SSL Certificate to function properly, its trust settings must be configured as follows.
Please note that altering the trust settings of any certificate should be done with caution. Always ensure that the certificate is from a reliable source.
Silent Deployment Script
For Partners who would like to use a silent script to deploy through an RMM tool, please refer to the below article:
Timus Connect App for MacOS Silent Deployment ScriptNote:
Bash Script - Mac
Ensure the script has execute permissions by using the following terminal command:
chmod +x /path/to/script.sh
Mac:
#!/bin/bash
# Check if the machine is a MacBook (laptop)
MODEL_IDENTIFIER=$(system_profiler SPHardwareDataType | awk '/Model Identifier/ {print $3}')
if [[ ! "$MODEL_IDENTIFIER" =~ "MacBook" ]]; then
echo "This script is intended for MacBook models only."
exit 1
else
echo "Thank you for using Timus ZTNA. Your secure remote access will be enabled shortly."
fi
# Specify the name of the app to check if it's installed
APP_NAME="Timus Connect.app"
APP_PATH="/Applications/$APP_NAME"
# Specify the URL and local directory and path for the .pkg
PKG_URL="https://repo.timuscloud.com/connect/Timus-Connect.pkg"
PKG_DIR="/tmp/Timus-Connect"
PKG_LOCAL_PATH="$PKG_DIR/Timus-Connect.pkg"
# Check if the app is already installed
if [ -d "$APP_PATH" ]; then
echo "$APP_NAME is already installed."
else
echo "$APP_NAME is not installed."
# Create the directory if it doesn't exist
[ ! -d "$PKG_DIR" ] && mkdir -p "$PKG_DIR"
# Download the .pkg file from the specified URL
echo "Downloading $PKG_NAME..."
curl -o "$PKG_LOCAL_PATH" "$PKG_URL"
if [ $? -eq 0 ]; then
echo "Download successful!"
# Install the .pkg
echo "Installing $PKG_NAME..."
installer -pkg "$PKG_LOCAL_PATH" -target /
if [ $? -eq 0 ]; then
echo "Installation successful!"
# Open the app
echo "Opening $APP_NAME..."
open "$APP_PATH"
# Optionally, you can clean up by removing the downloaded .pkg
rm "$PKG_LOCAL_PATH"
rmdir "$PKG_DIR" # This will only remove the directory if it's empty
else
echo "Error during installation."
fi
else
echo "Error downloading $PKG_NAME."
fi
fi
exit 0
To handle cases where the initial script does not work for certain Mac models, you can use the alternative script with adjustments below:
MacOS:
#!/bin/bash # Define variables DOWNLOAD_URL="https://repo.timuscloud.com/connect/Timus-Connect.pkg" DESTINATION="$HOME/Downloads/TimusConnect.pkg" LOG_FILE="/tmp/timus_install.log" # Ensure the log file is writable if [[ ! -w $(dirname "$LOG_FILE") ]]; then echo "Error: Cannot write to log file at $LOG_FILE. Check permissions or use a different path." exit 1 fi # Redirect script output to log file exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting Timus Connect installation: $(date)" # Ensure the Downloads directory exists mkdir -p "$HOME/Downloads" # Download the package echo "Downloading the package from $DOWNLOAD_URL..." curl -L -o "$DESTINATION" "$DOWNLOAD_URL" if [[ $? -ne 0 ]]; then echo "Error: Failed to download the package from $DOWNLOAD_URL. Exiting." exit 1 fi echo "Download completed: $DESTINATION" # Install the package silently echo "Installing the package..." sudo installer -pkg "$DESTINATION" -target / if [[ $? -ne 0 ]]; then echo "Error: Installation failed. Exiting." exit 1 fi echo "Installation completed successfully." # Optional cleanup echo "Cleaning up downloaded file..." rm -f "$DESTINATION" echo "Cleaned up downloaded file: $DESTINATION" echo "Timus Connect installation completed successfully: $(date)" exit 0
There are three methods for creating users: manually, through importing, or by using directory synchronization
Follow these steps to manually add new user(s) on your network with Timus Manager:
In this example, I have used "john" in my password. Therefore, I have seen Invalid Password pop-up on my screen.
You need to set your Password Policies, which totally depend on the network admins, for the users.
Creating and managing agent profiles in Timus Networks helps in effectively controlling and optimizing user behaviors on your network. By following these steps, you can ensure that network policies are enforced and user experiences are tailored to your organizational needs. If you need further assistance, please feel free to reach out at any time.
Step 3: Click On “ Agent Profiles ”on the Middle Pane
NOTE: Users are required to disconnect and reconnect in order to access the updated settings.
The introduction of a new Agent Profile functionality empowers administrators with granular control over user machine configurations, facilitating seamless integration of preferred rules tailored to organizational needs. This feature encompasses a spectrum of customizable parameters including tunnel type selection, startup configurations, administrative approval requirements for user logins and logouts, and the implementation of productivity tracking mechanisms. By leveraging this advanced toolset, administrators can optimize operational efficiency, enhance security protocols, and streamline user experiences within the system.
This article contains guidance on managing users, executing bulk actions, and resetting passwords.
All users, all teams, and all tags will be selected automatically for you here. Also, you will not be able to take any actions on any fields here but the Description field, because this is a Default Agent Profile.
Regarding device connections and concurrent logins: A user is limited to a maximum of four active sessions across their devices. This means that while the user can have multiple devices (for example, 10 devices), only four of them can be actively connected to the Timus gateway at any given time. Technically, there is no restriction on the total number of devices a user can have; the limitation applies solely to the number of active sessions on those devices.
Once you create a new Agent Profile, you are able to change all the fields however you want.
This article explains the process of creating and managing Agent Profiles on the Users & Teams page.
Start on boot, Connect on application start, Always-on VPN, Trusted Networks and Productivity tracker options are only available on Windows and MacOS.
Timus Manager allows you to define and enforce robust password rules for both administrator and user accounts, ensuring security and compliance across your organization. Tailor policies to enforce password complexity, expiration, and restricted elements to meet your organization's security standards.
📌 Note: Password policies do not apply to users authenticating via third-party Identity Providers like Microsoft Entra ID, Okta, or Google Workspace.
Timus Manager offers 11 customizable rules for enforcing secure password practices. By default, six rules are active. Adjust settings to align with your organization's requirements.
Rule 🛠️ | Description |
---|---|
Minimum Character Length | Define the minimum password length. |
Minimum Lowercase Letters | Require lowercase letters. |
Minimum Uppercase Letters | Require uppercase letters. |
Minimum Digits (0-9) | Require numeric characters. |
Minimum Special Characters | Require special characters like !@#$%&*+ . |
Max Consecutive Digits | Restrict consecutive numbers. Example: 1234 if max = 3. |
Cannot Use Commonly Used Passwords | Block weak passwords like password123 or admin . |
Cannot Contain Keywords | Block specific keywords like companyname or admin . |
Cannot Include User's Email Prefix | Restrict passwords containing the user's email prefix. Example: john.doe@example.com → no john.doe . |
Cannot Include User’s Name | Prevent use of the user’s first or last name. |
Password Expiration | Set how often users must update passwords. |
Once changes are made, click Save to apply immediately. New settings affect new, reset, or updated passwords.
By implementing these practices, you create a secure environment that minimizes the risk of unauthorized access while maintaining user convenience. 🔐
The Productivity Tracker is a core feature of Timus Manager that empowers organizations to monitor, analyze, and optimize workforce efficiency. This guide provides step-by-step instructions for managing and utilizing the Productivity Tracker, along with detailed insights into Application Classification and Categorization.
This feature allows you to monitor user activities on Windows and macOS systems through the Timus Connect Application. It categorizes application usage as Productive, Unproductive, or Neutral and provides actionable insights through intuitive reports.
Key Features:
📌 The feature must be activated in the Agent Profiles section to enable Productivity Tracker.
⚠️ Users assigned to this profile will automatically be monitored while signed into the Timus Connect Application.
Applications are automatically classified into Predefined Categories and assigned a Predefined Classification by the system. You can:
Editing Application Details
Go to Settings > Configurations > Productivity tab.
Locate the application in the table and click Edit.
Update the following fields:
⚠️ Changes will reflect in reports and productivity metrics across relevant users or teams.
Productivity data can be reviewed in the Insights > Productivity Reports section. Reports are divided into the following tabs:
Overview:
Teams:
Applications:
📌 Use the Export button to download reports in CSV format for further analysis.
This guide will walk you through the process of integrating JumpCloud with Timus using SAML 2.0 for secure Single Sign-On (SSO). Follow these steps to configure your JumpCloud application and complete the setup within Timus Manager.
Navigate to Applications
https://console.jumpcloud.com/login/admin
with your credentials.Create a New Application
After saving, you will be directed to the configuration screen.
IdP Entity ID and SP Entity ID: Paste JumpCloud’s provided IDP URL (visible in the SSO tab).
ACS URLs: Default URL: https://auth.timuscloud.com/user/external/saml
Subject NameID: Set NameID to email
urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
Signature Algorithm: Set to RSA-SHA256
Signing Option: Choose “Assertion and Response”.
3. Adding User Attributes
firstname
and lastname
.4. Assigning User Groups
Access Timus Manager:
Manage SAML 2.0 Integration:
JumpCloud Name | Timus Equivalent |
---|---|
IDP URL | Identifier |
IDP URL | Service URL |
IDP Certificate | X.509 Certificate |
Note: The IDP Certificate can be downloaded under the SAML Certificate section in JumpCloud. Make sure to use the Hex format certificate.
This completes the SAML configuration for JumpCloud with Timus. Your users can now authenticate securely through JumpCloud to access Timus applications.
console.jumpcloud.com/userconsole
with a test user.Note: Initial login must happen through JumpCloud’s application to create the user in Timus.
This article guides you through establishing a secure site-to-site IPSec tunnel connection between your Timus Network and an Amazon Web Services (AWS) Virtual Private Cloud (VPC).
Prerequisites:
Important Note:
This article provides a general overview of the configuration steps. The specific settings may vary depending on your individual Timus and AWS configurations. Refer to the official documentation for both Timus and AWS for the latest configuration details and any advanced options.
Configuration Steps:
Review the example configuration above, Following the on-screen instructions to configure the VPN endpoint details, including the Outside IP address of your Timus Network gateway.
Additional Resources:
Disclaimer:
This guide is intended for informational purposes only. The accuracy and completeness of the information may vary depending on specific Timus and AWS configurations. For troubleshooting or advanced configuration assistance, please contact Timus Network support or refer to the official documentation for both platforms.
This article explains the process of synchronizing your Active Directory users and groups with Timus Manager
In the Logs tab, you can view all traffic on the agent under Log Time/ Type and Details parameters.
To integrate Bitdefender for using the getManagedEndpointDetails
and getEndpointList
API calls, you need to follow these steps:
Step 1: Access the Bitdefender GravityZone Console
Step 2: Create an API Key
To use the getManagedEndpointDetails
and getEndpointList
API calls, ensure the API key has the following permissions:
Ensure your API key has the following permissions:
By following these steps, you should be able to integrate Bitdefender and use the getManagedEndpointDetails
and getEndpointList
API calls effectively.
Now, you are ready to integrate with Timus. Please continue the article below to complete the integration. Device Posture Check and EPP
Microsoft Defender for Endpoint Integration Guide
SentinelOne for Endpoint Integration Guide
Bitdefender for Endpoint Integration Guide
Select the operating system for which you wish to perform device posture check. Please note that only one posture check can be created for each operating system.
Select the source from which the attribute data is retrieved. This data source provides the information used to evaluate the device posture.
Choose the specific attribute that is gathered from the data source.
The Attributes if the Data Source has been selected as either BitDefender or Microsoft Defender.
The Attributes if the Data Source has been selected as SentinelOne.
Condition can be is any of or is equal to depending on the Attribute you have selected.
Pass Value: Define the expected value that the attribute must have to pass the check. It can two options, True and False.
After you define the Attribute successfully, you will see a pop-up as shown in the image below.
After completing the Device Posture Checks process, you can use ZTNA to apply some policies for the users. To be able to do it, you need to go to the page Zero Trust Security -> Behaviors -> Create New as shown in the image below.
Once you click on Create New, you need to enter a Name and select Device Posture Check as a Type.
And, you need to select your Device Posture Check, which you have named it, and decide if the Trigger is Passes or Fails as shown in the image below.
After creating the behavior, you need to go to the page Zero Trust Security -> User Sign-in Policies -> Create New as shown in the image below.
After clicking on Create New, you will be able to see the pop-up, which will allow you to define some ZTNA policies based on the behavior, which you have created, based on the Device Posture Check.
You can modify the example policy as shown in the image below according to your needs.
Here is an example ZTNA policy based on the Device Posture Check below.
If you would like to get more details regarding ZTNA policies in general, you can take a look at the article User Sign-In Policy.
This article explains how to access data on the ZTNA Dashboard and enhance productivity and security by leveraging all available information in zero trust scenarios.
The Zero Trust Network Access (ZTNA) Dashboard provides a complete overview of all user and admin events within your network, all displayed on one page.
To filter the data displayed in widgets, start by using the User & Admin Events filter and the time filter located in the upper-right corner of the ZTNA Dashboard.
Access the information on successful logins, failed logins, high-risk login attempts, lockouts for failed logins, sign-in rule denies, and sign-in locations on graph and a map.
This article will guide administrators on how to create behavior-based, user sign-in policies Timus ZTNA.
Timus ZTNA offers a unique and improved access control method that allows businesses to expand without compromising the fundamental security of their network, which includes infrastructure, applications, data, users, and devices.
The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other User Sign-In policies.
You can Deactivate the default user sign-in policy.
To create a new User Sign-In/Login Policy, follow these steps:
A pop-up window will appear with the following tabs:
On the Source tab:
If necessary, you can select multiple sources to apply to the policy.
On the Condition tab,
Schedule the policy.
When "All Selected Behaviors" is chosen, all selected behaviors such as Untrusted IPs, New Device, and Breached E-mail Address must be active simultaneously for the policy to take action.
When "Any Selected Behavior" is chosen, at least one of the selected behaviors must be triggered by the policy to take the action.
You can consider All Selected Behaviors like "AND &&" and Any Selected Behaviors like "OR ||" as in coding language.
Experience the user-friendly interface of Timus by hovering over the info icons on the policy creation screen:
When you add a behavior to the policy with the add behavior button on the screen and hover over that behavior, you can view the brief explanation about the behavior you added:
On the "Action" tab,
Select an action from the drop-down list.To set Alerts and Notifications for your policy,
To add customized behaviors to your network, visit Timus Manager, then select Zero Trust Security> Behaviors. This allows you to expand on the default behaviors provided by ZTNA for more comprehensive risk assessments in network use cases.
To find your network's pre-configured behaviors, go to the Name and Details parameters page. These behavior settings are already set up for your network and can be viewed and adjusted if necessary.
The general information of the default behaviors displayed on the page are as follows:
To create custom behaviors for your network policies, do the following:
Timus Zero Trust Policies provides a user/ behavior-based access control as an alternative to traditional IP-based access control and makes it easier for an organization to manage network access.
The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other policies.
It means that you are able to prioritize the Timus ZTNA rules by yourself.
It allows for more granular control over access rights, ensuring the right people have the right access at the right time.
The security model of this zero trust approach protects your organization against potential threats by increasing network security.
This article shows administrator how to create Timus ZTNA's behavior-based administrator sign-in policies and apply them to your network.
Timus ZTNA's policies provide a distinctive and enhanced access control approach to expand your business while maintaining the fundamental aspects of your network security: Infrastructure, Application and Data, User and Device.
To protect your organization and users against today's ever more sophisticated cyber security threats, you can create User/Administrator-based sign-in policies in Timus Manager that automatically respond to any predefined risk level.
On the Admin Sign-in Policies page, you can view the following left to right:
The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other Admin Sign-In policies.
It means that you are able to prioritize the Timus ZTNA rules by yourself.
You cannot Deactivate or Delete the default administrator sign-in policy.
On the Source tab,
On the Condition tab,
When "All Selected Behaviors" is chosen, all selected behaviors such as Untrusted IPs, New Device, and Breached E-mail Address must be active simultaneously for the policy to take the action.
When "Any Selected Behavior" is chosen, at least one of the selected behaviors must be triggered the policy to take the action.
You can consider All Selected Behaviors like "AND &&" and Any Selected Behaviors like "OR ||" as in coding language.
Experience the user-friendly interface of Timus by hovering over the info icons on the policy creation screen:
When you add a behavior to the policy with the add behavior button on the screen and hover over that behavior, you can view the brief explanation about the behavior you added:
In the Action tab,
Decide what action the system should take when a behavior triggers the policy. The actions defined in the system are as follows:
You can set multiple actions for multifactor authentication with Timus ZTNA.
The actions you select are numbered in the tab shown on the left.
So, in a scenario where the first authentication step fails, you can enable another action for login attempts and send authentication setup instructions to administrators who have not completed the setup process.
On the Alerts and Notifications tab, you can configure the policy to send Alerts and Notifications each time it is triggered.
This guide outlines the steps required to establish a secure IPsec connection between Timus and Meter. Follow the configurations below to ensure a successful connection.
Timus Configuration:
Follow the guide below for an example setup. Configure the following settings:
Here is how you can configure Parameters for Phase 1 configurations on Timus
Here is how you can configure Miscellaneous for Phase 1 configurations on Timus
Refer to to the below image for Phase 2 setup. Use these configurations:
To add an IPsec VPN tunnel, log into the Dashboard and click Secure Tunnels > IPSec > ‘Add IPSec Tunnel’.
Meter provides Phase 1 and Phase 2 configurations into a single panel.
Once all configurations are applied, the IPsec connection between Timus and Meter should be successfully established. Follow this guide step by step, referencing the provided images as needed.
Note on Static Routing and Firewall Rules
Static routing rules and firewall access rules are automatically configured by default. However, if this option is not enabled or does not occur automatically, these rules must be created manually to ensure proper communication between Timus and Meter.
This Connectivity section helps you make informed decisions or take necessary actions to optimize network connectivity.
The Network Statistics for the Primary WAN of the site you are currently viewing in your Timus Manager are as follows:
Latency:
Jitter:
Loss (Packet Loss):
Upload:
Download:
(Connection) Health:
To access the Health scale that ranks connection quality from best to worst, follow these steps:
The IPsec protocol suite can set up direct and encrypted connections between supported devices by offering a framework for securing data traffic between two servers.
Creating an IPsec tunnel via Timus, you can transfer the data securely between the peers of the connection.To create a site-to-site IPsec VPN gateway connection between your on-premises network and a virtual network (VNet) please follow these steps:Here are the two phases of internet key exchange (IKE) required to set up an IPsec connection using Timus.
As shown in the sample image below of the parameters tab, there are default settings that need to be configured for the IPsec tunnel connection you are about to create in order for it to function correctly:
To find your Local Primary WAN IP address,
Services
Service Category
HTTP
Web Access
HTTPS
VoIp
SIP
Database Access
MSSQL_SERVER
MSSQL_MONITOR
MYSQL
POSTGRESQL
Remote Access
RDP
SSH
TELNET
VNC-RFB
RPC
DCE-RPC
File Access
FTP_DATA
FTP_CONTROL
TFTP
SMB
Network Services
DNS
DNS_MULTICAST
DNS_OVER_TLS
DNS_OVER_QUIC
DHCP_SERVER
DHCP_CLIENT
NTP
SNMP
SYSLOG
SSDP_UDP
SSDP_TCP
IMAP
IMAPS
POP3
POP3S
SMTP
SMTPS
Authentication
LDAP
LDAPS
RADIUS
KERBEROS_AUTH
KERBEROS_PWD
KERBEROS_ADMIN
Protocol
HOPOPT
ICMP
IGMP
GGP
IPv4
ST
TCP
CBT
EGP
IGP
BBN-RCC-MON
NVP-II
PUP
ARGUS
EMCON
XNET
CHAOS
UDP
MUX
DCN-MEAS
HMP
PRM
XNS-IDP
TRUNK-1
TRUNK-2
LEAF-1
LEAF-2
RDP
IRTP
ISO-TP4
NETBLT
MFE-NSP
MERIT-INP
DCCP
3PC
IDPR
XTP
DDP
IDPR-CMTP
TP++
IL
IPV6
SDRP
IPV6-ROUTE
IPV6_FRAG
IDRP
RSVP
GRE
DSR
BNA
ESP
AH
I-NLSP
SWIPE
NARP
MIN-IPV4
TLSP
SKIP
IPV6-ICMP
IPV6_NONXT
IPV6_OPTS
CFTP
SAT-EXPAK
KRYPTOLAN
RVD
IPPC
SAT-MON
VISA
IPCV
CPNX
CPHB
WSN
PVP
BR-SAT-MON
SUN-ND
WB-MON
WB-EXPAK
ISO-IP
VMTP
SECURE-VMTP
VINES
IPTM
NSFNET-IGP
DGP
TCF
EIGRP
OSPFIGP
SPRITE-RPC
LARP
MTP
AX.25
IPIP
MICP
SCC-SP
ETHERIP
ENCAP
GMTP
IFMP
PNNI
PIM
ARIS
SCPS
QNX
A/N
IPCOMP
SNP
COMPAQ-PEER
IPX-IN-IP
VRRP
PGM
L2TP
DDX
IATP
STP
SRP
UTI
SMP
SM
PTP
ISIS_OVER_IPV4
FIRE
CRTP
CRUDP
SSCOPMCE
IPLT
SPS
PIPE
SCTP
FC
RSVP-E2E-IGNORE
MOBILITY_HEADER
UDPLITE
MPLS-IN-IP
MANET
HIP
SHIM6
WESP
ROHC
ETHERNET
AGGFRAG
NSH
If you enable Custom Source Port, you are allowed to define a specific source port. Otherwise, the source port would be selected as Any.
The "Adult" category comprises web pages containing images or videos depicting sexual acts, sexual arousal, or explicit nude imagery with a sexual intent. It also includes pages that use frequent or serious profanity. Additionally, this category encompasses pages whose primary content is child-appropriate, but with regular or irregular sections featuring sexually themed, non-educational material. Web pages with sexual content, products, or services related to sex, but without explicit nudity, are part of this category. It also includes pages featuring tasteless content, such as cruelty to animals, bathroom humor, and other potentially inappropriate material for children.
The "Alcohol" category includes web pages that promote, advocate, or sell alcohol, encompassing a variety of beverages such as beer, wine, and hard liquor. These pages may feature information about different types of alcoholic products, brands, and related events. They could also provide details on the production, distribution, and consumption of alcoholic beverages. Additionally, these web pages might offer the option to purchase alcohol online or provide resources for locating physical stores selling such products. The content within this category is focused on the promotion and commercial aspects of the alcohol industry.
The "Anonymizers" category includes web pages that promote the use of proxies and anonymizers. These tools are intended to facilitate anonymous and unrestricted access to websites by bypassing filters and other online restrictions. Anonymizers are often employed to conceal the user's identity and location, allowing them to browse the internet without revealing personal information. These pages may provide information, tools, or services related to the use of proxies for the purpose of maintaining online privacy and evading content restrictions.
The "Banking" category encompasses web pages operated by or dedicated to banks and credit unions, with a specific focus on online banking applications. This category excludes online brokerages, concentrating on financial institutions providing services related to traditional and digital banking, including account management, transactions, and financial services.
The "Business & Services" category encompasses a wide array of web pages, covering real estate transactions, agriculture-related information, construction and architectural services, genetics research, and biotechnology firms. It serves as a general category for businesses not fitting into more specific classifications, including furniture makers and retail outlets. The insurance sector is also represented, spanning various types from health to car insurance. The category further includes manufacturing and industrial production businesses, as well as those involved in security products and services, excluding computer security. Information on retirement homes and communities, inventory management, and connections within communities are also part of this diverse category, along with advertising agencies and marketing services, excluding online banner ads. In essence, "Business & Services" provides a comprehensive overview of commercial and service-related content.
The "Chat" category encompasses web pages designed for real-time communication, featuring chat rooms and messaging functionalities that facilitate group discussions among strangers or friends in both public and private settings. These pages serve as platforms for interactive conversations, allowing users to engage in discussions with others. Additionally, the category includes instant messaging software and web pages that enable users to stay connected with a list of "buddies" through messaging services. In essence, "Chat" provides diverse means for individuals to communicate in real-time, fostering both group interactions and one-on-one conversations through messaging platforms.
The "Content Servers" category includes web servers that lack navigable web pages and are primarily employed for hosting images and other media files. These servers play a crucial role in enhancing web page performance and site scalability by offloading media content delivery. Instead of serving complete web pages, they focus on efficiently delivering media elements, reducing page load times and optimizing the overall user experience. Content servers are integral to content delivery networks (CDNs) and are strategically positioned to distribute multimedia content, ensuring faster and more reliable access to images and other media resources for website visitors.
The "Criminal Activities" category includes web pages that promote extreme ideologies, discrimination, and hate based on factors like political affiliation, gender, race, or religion. Additionally, it encompasses pages that promote illegal drugs, including information on common illegal drugs and the misuse of prescription drugs. Content depicting physical or sexual abuse of children is also covered in this category. Moreover, the category includes web pages providing information on illegal activities such as burglary, murder, bomb-making, and lock picking. Pages with tools and information facilitating online crime, unauthorized access to computers, and fraud are part of this category. Furthermore, it involves content related to marijuana, covering aspects like legalization, medicinal use, and general information. Lastly, the category includes pages that provide access to illegally obtained files, such as pirated software, movies, and music, as well as sites offering assistance in cheating on homework and tests.
The "Culture & Arts" category encompasses web pages related to the development or display of the visual arts. This includes platforms featuring various forms of artistic expression, such as paintings, sculptures, and other visual creations. Additionally, the category includes web pages dedicated to published writings, spanning fiction and non-fiction novels, poems, and biographies. These pages serve as platforms for authors and literary enthusiasts to share and explore written works across different genres and styles.
The "Dating" category encompasses web pages that are focused on promoting relationships, including dating and marriage. These websites are designed to facilitate connections between individuals seeking romantic partnerships. They may feature profiles, matchmaking services, and communication tools to help users interact and potentially form long-term relationships. The content typically revolves around dating advice, relationship tips, and platforms for meeting and connecting with potential partners.
The "Education" category comprises a variety of web pages tailored to facilitate learning and academic pursuits. It includes pages for schools with an online presence, encompassing universities, private and public schools, and other real-world educational institutions that offer online resources and information. Additionally, the category covers web pages hosting academic publications, journals, research findings, curriculum details, online learning courses, and materials, providing a comprehensive repository for scholarly content and educational tools. These pages cater to students, researchers, and educators seeking valuable resources for academic enrichment. Furthermore, "Education" includes web pages containing reference materials, offering data compilations and reference shelf content such as atlases, dictionaries, encyclopedias, census data, and other reference materials. These resources contribute to a well-rounded educational experience, supporting users in their quest for knowledge and information.
The "Entertainment" category encompasses a diverse range of web pages designed to provide amusement and enjoyment. This includes pages featuring comics, jokes, and other humorous content to elicit laughter and entertainment. Furthermore, it includes platforms offering internet radio, streaming media, and downloads related to musicians, bands, MP3s, and various media content. Additionally, the category covers web pages dedicated to animated TV shows, movies, comic books, and graphic novels, catering to fans of animated and illustrated entertainment. News and gossip about celebrities, television shows, movies, and the broader entertainment industry are also featured, keeping users informed about the latest developments. Moreover, "Entertainment" includes pages devoted to the venues of entertainment, such as comedy clubs, nightclubs, discos, festivals, theaters, and playhouses, offering information about places where entertainment events unfold. Lastly, the category encompasses web pages providing comprehensive content about television shows and movies, including reviews, showtimes, plot summaries, discussions, teasers, and marketing materials, creating an immersive experience for enthusiasts.
The "Environment" category encompasses web pages dedicated to fostering awareness and understanding of environmental issues. These pages provide information on various aspects of sustainability, including sustainable living practices and initiatives. Additionally, the category covers content related to ecology, delving into the study of ecosystems, biodiversity, and the interactions between organisms and their environments. Furthermore, these web pages offer insights into nature and the environment, sharing knowledge on topics like wildlife conservation, natural habitats, and environmental conservation efforts. By compiling information on environmental
The Map to Port feature allows you to specify a range of ports on both protocols, TCP or UDP, for instance, 70-75, and map them to a destination range, such as 80-85. Ports are forwarded sequentially: port 70 maps to port 80, port 71 maps to port 81, and so on. This feature is useful for port forwarding in a one-to-one manner."
In the Traffic Logs page, where you can access comprehensive data presented through tables and graphics organized into various tabs. Here's an overview of what you'll find in each tab:
You can download the csv file to get a report for your traffic by clicking on Export at the top right of the screen as shown in the image above.
Only the last 10.000 records will be exported when you have created it.
When you have clicked on the Export button, you will see the pop-up above when the Export process is completed successfully. You can click on Download to get your report.
This organized approach allows you to analyze user behavior, team activities, device usage, application preferences, website interactions, and network engagement.
Dive into detailed insights to make informed decisions about your product usage and optimize your resources effectively.
Click on the "Search" button.
By clicking the Search button, you can access a list displaying all the traffic generated by this user on your network.
To access the details of the traffic logs listed, click on the blue info icon located at the far right of the respective line.
You can use the Search bar to display more specific information about the logs you want to see.
Simply insert the desired columns with the appropriate command:
Time: Select the Start and End date of the traffic logs you want to display on the list.
Action: Choose between Drop or Allow.
Destination: Specify Team, Device, IP, Network, Site, or Any.
Factor: Specify Application, Category, Website, Keywords, or Any.
After selecting the user, you display the following information on the page.
You can also view traffic details for the following components by going to the Insights dropdown > Traffic Logs page:
To turn on these notifications, go to the Alerts & Notifications tab on the Zero Trust Sign-In Policies pages. (User/Admin)
To filter your alerts, use the Search filter located at the top of the Alerts page:
You can see the details of the each by clicking on the ellipsis icon at the end of the row:
The IP Intelligence section is only visible when a sign-in policy with the Untrusted IP Behavior has been defined for the specific IP.
Before creating a report, it is important to first manage the templates. This will allow you to choose analytics and insights you want to include in your report, using either predefined or custom templates.
To view the template or create a report using Timus's default Predefined Weekly Template, click the ellipsis icon next to it.
You also have the option to use the template as a basis for a new one:
To create a custom template,
Once your report is created, you can view the results by clicking on the Actions button and selecting the Go to Results page option on the report's page.
The generated reports will be saved on the report's page. You can access and view all reports generated on different dates by using the Displayed Report filter.
To configure the widgets, click on the "Show Template" option located on the report page. This is the same process as when you access it from the "Manage Templates" -> "Edit" page.
We have a wealth of ways to answer your questions or solve your issues. You can use our brand-new help center, submit a ticket in the help portal, email your issues, or chat with us.
Regular Support: Mon - Friday, 8:00 am EST - 5 pm EST
Chat Support: Mon - Friday, 9:00 am EST - 5 pm EST
Severity 1 Support: 24/7
Chat:
Web Form:
Email:
Support Portal
Waiting on Partner
Still Issue
Certain Endpoint Protection (EPP) and network security solutions can interfere with Timus Connect by modifying the system’s routing table. This interference disrupts VPN functionality, particularly for users relying on IPsec tunnels, split tunneling, and other VPN-related configurations. Additionally, kindly review the routing table to confirm there are no unusual entries that could be contributing to the issue.
When Todyl (SGN Connect) is installed and actively running, it overrides routing tables to establish its own connection priorities. This can conflict with the routes set by Timus Connect.
Example of Routing Table Showing Interference (Windows):
Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.0.x.x (Todyl) 192.168.1.x x
EPP and network security software, such as Todyl (SGN Connect) and similar tools, manipulate routing tables to enforce security policies. These modifications may unintentionally disrupt Timus Connect’s intended network routes.
Disable or Uninstall Todyl (SGN Connect):
Restart Timus Connect Application:
ipconfig /all
to check active adapters, then use route print
to view routing tables.netstat -nr
to check routing tables.Example of Correct Routing Table for Wireguard (Windows):
Network Destination Netmask Gateway Interface Metric 0.0.0.0 128.0.0.0 192.168.249.x 192.168.249.3 x 128.0.0.0 128.0.0.0 192.168.249.x 192.168.249.3 x
If you encounter this issue, consider reviewing your routing table configurations using your terminal. First, check the active adapters by running ipconfig /all
(Windows) or ifconfig
(MacOS). Then, inspect the routing table using:
route print
netstat -nr
Check for any entries inserted by security software. If another VPN or EPP is overriding the routing table, Timus Connect may not function as expected. Ensuring that only one VPN solution is managing network routes is crucial for maintaining proper connectivity.
Are you experiencing slower speeds than expected after connecting to the Timus Network?
Several factors can contribute to this, but don't worry! This guide will help you troubleshoot the issue and get your connection back up to speed.
Initial Steps:
If your client is up-to-date and there are no other programs running that could impact your connectivity. Please check the following troubleshooting steps:
1. Identify Current MTU Setting
macOS:
networksetup -listallnetworkservices
networksetup -getMTU <network_service>
Windows:
netsh interface ipv4 show interfaces
2. Ping with Specific Packet Sizes
macOS:
ping -D -s 1472 <gateway_public_ip>
Windows:
ping -f -l 1472 <gateway_public_ip>
3. Use Traceroute and MTR
Traceroute:
macOS:
brew install traceroute
traceroute <gateway_public_ip>
Windows:
tracert <gateway_public_ip>
MTR:
macOS:
brew install mtr
mtr -rw <gateway_public_ip>
Windows:
4. Check Endpoint Configuration
ipconfig /all
macOS:
ifconfig
Windows:
ipconfig /all
5. Performance Testing
macOS and Windows:
Run iPerf tests to measure raw throughput with and without VPN:
Download Test:
iperf3 -c ash.speedtest.clouvider.net -p 5200-5209 -t 10 -P8 -R
Upload Test:
iperf3 -c ash.speedtest.clouvider.net -p 5200-5209 -t 10 -P8
During both the Download Test and Upload Test, please wait for the [SUM] result. The [SUM] values should be checked and considered carefully when reviewing the results.
6. Quality of Service (QoS) and ISP Throttling
macOS and Windows:
7. Firewall and Security Software
macOS:
Windows:
If none of these steps resolve your bandwidth issue, please contact Timus Network support for further assistance at Support@timusnetworks.com
What no gateways available mean and possible scenarios
This information message means that if the user is not allowed to connect to any gateway, a specific message will appear in the Timus Connect application.
The administrator must select the remote site for the user in the manager.
But there can be another root cause to show this error when;
To verify that, please run:
ping user.timuscloud.com
ping device.timuscloud.com
Also, try to go to user.timuscloud.com or device.timuscloud.com from the browser. If user can not reach connect application will not able to connect.
timus-connect-background service is not running
Go to Activity Monitor (Mac) or Task Manager (Windows) on your device and find timus-connect-service
.
Alternatively, you can go to http://localhost:49202 in your browser. If you see the output, it means the service is running.
If you validate that the service is not running, please follow these steps:
[MacOS] Validate if service is running
Run the commands below to check if they exist:
#for connect service
cat /Library/LaunchDaemons/timus-connect-service.plist
#for helper service
cat /Library/LaunchDaemons/timus-helper-service.plist
After running the commands, if they exist, please run this command to load the service. After running, please check if the service has started.
# Avoid if error occurs after running these commands. This is just a make sure none of instance exist on device
sudo launchctl unload /Library/LaunchDaemons/timus*
sudo launchctl load /Library/LaunchDaemons/timus*
[Windows] Validate if service is running
Find services from search
Make sure this 2 services are exist
If they are not exist and running state try to install them manually see if any error occurs. For clean service install run these commands
sc.exe stop timus-helper-service
sc.exe stop timus-connect-service
taskkill /F /IM "timus-connect-service.exe"
taskkill /F /IM "timus-helper-service.exe"
sc.exe delete timus-connect-service
sc.exe delete timus-helper-service
cd C:\\Program Files\\Timus Connect\\resources\\service
timus-connect-service.exe -service install && timus-connect-service -service start
timus-helper-service.exe -service install && timus-helper-service -service start
After validation, if you see that the services are still not running and nothing works, try to start the service manually and check if any crashes occur.
[MacOS] Validate if service crash
Run this command and see if service works
#for connect service
sudo /Applications/Timus\\ Connect.app/Contents/Resources/service/timus-connect-service
#for helper service
sudo /Applications/Timus\\ Connect.app/Contents/Resources/service/timus-helper-service
[Windows] Validate if service crash
Run these commands
cd C:\\Program Files\\Timus Connect\\resources\\service
timus-connect-service.exe
Let’s assume that a crash happened, which in most cases (99%) is a permission issue.
At this point, it is better to perform a clean setup by removing all files we have and reinstalling Timus Connect. Please find the section with the clean setup steps for Timus Connect.
Sometimes, SentinelOne, Bitdefender, or other security tools can prevent Timus Connect from working. We can confirm this by checking the task manager or asking the customer.
Timus Networks, a provider of network security solutions, includes SSL inspection capabilities in its Timus Manager to enhance security by decrypting and inspecting SSL/TLS traffic. This helps in detecting and blocking malicious content that might be hidden within encrypted traffic. However, in certain situations, bypassing SSL inspection for specific trusted websites or services may be necessary. This can be achieved by whitelisting these websites within the Timus Manager. Whitelisting allows specific domains to exclude the SSL inspection process, ensuring that the traffic to and from these sites remains encrypted and is not inspected.
This guide aims to help you understand the benefits of bypass SSL inspection for specific domains in the Timus Manager by adding them to the whitelist.
By following these steps, you successfully bypass the domains for SSL inspection. Whitelisting domains to bypass SSL inspection in the Timus Manager is necessary to maintain the integrity of certain encrypted traffic and ensure smooth operation for trusted websites and services. This approach provides security and functionality by allowing critical or trusted traffic to remain encrypted while continuing to inspect other traffic for potential threats.
Explore our most popular video tutorials on our YouTube channel.
Manage your network, add tunnels, users, rules and licenses from a multi-tenant cloud portal with Timus.
Connect to offices or protect SaaS apps through private gateways with a single static IP address.
The Timus firewall sits in the cloud and intercepts all encrypted user traffic.
Timus uses zero-trust secure remote access and least privilege principles before granting any access to the network and data to protect against hackers, criminals, and ransomware. Additionally, Timus uses a best-of-breed DNS filter (at the network level) protecting users from zero-day threats and malicious sites from wherever they may encounter it (any device, application, protocol or port). A user is protected against all of the below: Malicious software including drop servers and compromised websites, including drive by downloads and adware Fraudulent phishing websites that aim to trick users into handing over personal or financial information Command and Control botnet hosts Sites which serve files or host applications that force the web browser to mine cryptocurrency Domains which have been registered in the last 30 days and in the last 24 hours Parked sites & domains that may no longer be controlled by the original owner
The Timus solution is superior to traditional VPNs for secure remote access. User verification is hardened with behavioral and contextual analysis. Multi-factor authentication (MFA) can be deployed adaptively (ie. when signing in from a new device, new country, etc), improving user experience. Timus ZTNA can work with another IAM solution or standalone. Timus has one of the richest behavioral checks in the industry for Zero Trust Verification.
Timus provides dedicated gateways with static IP addresses. An MSP can whitelist the Static IP in SaaS applications for controlled access and security.
WireGuard and OpenVPN tunneling protocols are supported.
The tunnel for secure connections can be configured to pass all user traffic, or just part of it, through the tunnel. Split tunnel configurations can be created in Manager->Settings-Tunnel Configuration page. Default configuration is all traffic passes through the tunnel. Timus Connect agent gets the tunnel configuration valid for the user and context, and passes traffic through the tunnel accordingly. This feature is currently available only for Windows and macOS releases of Timus Connect app.
Still have questions? Explore our in-depth documentation for comprehensive guides and detailed solutions.
Go to documentation