How can we help?
Find help articles, troubleshooting guides, and tutorials
Search
Common searches:
Find help articles, troubleshooting guides, and tutorials
Common searches:
Video tutorials explaining how to set up various aspect of Timus tutorials listed on this Knowledge Base page
A quick guide to setup Timus and be up and running in no time
Learn how others use Timus to secure their clients
Browse the frequently asked questions when using Timus
Explore our YouTube channel for how-to videos, partner use, and insights on Timus and the MSP space.
This exam assesses your proficiency and understanding of some of the key functionalities of the Timus’ Zero Trust Network Security Solution.
Welcome to our explainer videos page! Here, you'll find a variety of guides that walk you through essential features and configurations of Timus Networks. These quick, easy-to-follow videos are designed to help you with everything from setup and configuration to more advanced topics, making your experience with Timus smoother and more efficient. Whether you're a beginner or looking for advanced tips, these videos will guide you every step of the way.
The Zero trust framework is build around the mindset where you never trust, always verify. See the two minute video below showing how Timus verifies key user behaviors to ensure you are who you say you are.
The Timus Gateway hosts a cloud firewall that performs various functions. See below video showing configuration of an IPsec tunnel from the gateway to an on-premise firewall, giving users connectivity to data no matter where it lives.
With users working from anywhere, the security perimeter is wherever the user is. The Timus adaptive cloud firewall rules follow the user and their identity, not just their device or location, enabling true secure access at the edge.
Each Timus gateway comes standard with a private, static IP address. Benefits include: - Lock down SaaS apps via IP Whitelisting - Single point of entry to the network, providing deeper visibility - Further defining conditional access
At the network layer, Timus' Secure Web Gateway enables web filtering, content blocking and anti-virus to ensure that users are accessing safe applications and sites while working.
This article explains an overview of the primary dashboard within the Timus Manager. Including key indicators, actionable items & insights
The Timus Dashboard is part of Timus Manager. It allows the administrator a comprehensive view of the network, including active users, devices, sites, and events occurring on the client network.
Dashboard components include:
By clicking one of these areas, such as Users Online, you will be redirected to the Users screen. On this screen, the status of the online users within your network is displayed as Active.
Similarly, for Devices Online or Sites Online, you can view the devices and sites listed as Online in the Status section on the respective Devices or Sites screens that will open after clicking.
Most Active Devices: displays the devices that frequently login and out of the network. A maximum of 30 devices can be displayed in the widget.
Most Active Users: displays in order of the users who frequently login and out of the network. A maximum of 30 users can be displayed in the widget.
Events: displays the login and out of users on the network. A maximum of 30 events can be displayed in the widget.
Alerts: shows the total number of events in the upper right corner of the Dashboard as shown in the image below.
These alerts are generated in response to the user/admin sign-in policies under the Zero Trust Security section.
When you click on the icon, you will be directed to the Alerts page, where you can get more detailed information about the alert.
Profile: Located in the upper right corner of the Dashboard allows you to edit your Account information, Change Password, and change the Session Expiration Time.
Additionally, you can access the Setup Guide or Log out of the interface here.
The partner portal dashboard will provide visibility into customers' relevant information & all data pertaining to your partnership with Timus Networks.
MSPs will leverage the Timus Networks partner portal as their primary dashboard for day to day management of the Timus solution. Within the portal, you will be able to add, remove & manage all clients for both billing and technical management.
Link to - partner portal
For more information on Timus Connect App versions for different operating systems, go to:
ChaCha20 encryption is used for WireGuard.
AES-256-CBC encryption is used for OpenVPN.
When installing Timus Connect App onto desktop devices for the first time, the account must have administrator permission in order to install the application onto the device.
If Timus Connect App's background service is completely stopped for any reason, administrator permission will be required to access the application.
Open the application. You will see the Timus Connect App End User License Agreement on the screen.
The e-mail address screen will appear. Enter the e-mail address of your Timus account.
If you trigger a user sign-in policy of Timus Manager with a behavior when you try to login, you may encounter a different authentication method like two-factor authorization.
The screen that opens is the application's main screen. On this screen, you will see the following menu items:
Connection
Follow the steps below to establish a connection by using the Timus Connect Windows application:
The round-trip traffic duration to each active gateway will be displayed next to the gateway. The lower the duration, the faster the connection.
Account
On the Account menu, you can
To change your password:
Settings
On the Settings menu,
Split tunnel configuration works on Windows when the tunnel protocol is WireGuard.
Support
On the Support menu, you can
You will get a notification message as shown in the image below once you click on Collect log. This process can take up to 10 seconds.
Once the log file has been successfully created, you will see the pop-up message as shown in the image below.
Silent Deployment Script
For Partners who would like to use a silent script to deploy through an RMM tool, please refer to the below article:
Timus Connect App for Microsoft Windows Silent Deployment Script
NOTE:
Powershell Script - Windows
To run on a local machine without RMM, you may have to bypass the machine’s execution policy with:
powershell.exe -noprofile -executionpolicy bypass -file '.\Timus Silent Install.ps1'
Windows:
<#
Timus Connect Windows Installation Script
***Always review to make sure you know what a script is doing.***
* DISCLAIMER OF WARRANTIES:
*
* THE SOFTWARE PROVIDED HEREUNDER IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
* ANY WARRANTIES OR REPRESENTATIONS EXPRESS, IMPLIED OR STATUTORY; INCLUDING,
* WITHOUT LIMITATION, WARRANTIES OF QUALITY, PERFORMANCE, NONINFRINGEMENT,
* MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NOR ARE THERE ANY
* WARRANTIES CREATED BY A COURSE OR DEALING, COURSE OF PERFORMANCE OR TRADE
* USAGE. FURTHERMORE, THERE ARE NO WARRANTIES THAT THE SOFTWARE WILL MEET
* YOUR NEEDS OR BE FREE FROM ERRORS, OR THAT THE OPERATION OF THE SOFTWARE
* WILL BE UNINTERRUPTED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#####################################################################################
<#
1. Check to see if the application is already installed
If already installed, exits the script. Otherwise proceeds with section 2.
#>
$appName = 'Timus Connect'
$RegUninstallKey = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*'
$installedApplication = Get-ItemProperty -Path $RegUninstallKey | Where-Object {$_.DisplayName -like "*$appName*"}
if ($installedApplication) {
Write-Host "Application is already installed, exiting script"
}
else {
Write-Host "Application is not installed."
}
#####################################################################################
<#
2. Check to see if this is a desktop or laptop by looking for a battery
#!#! Delete this whole line if you want to disable this section #!#! #>
$systemType = "Unknown"
$BatteryStatus = (Get-WmiObject -Class Win32_Battery -EA SilentlyContinue).Status
if ($BatteryStatus) {
$systemType = "Laptop"
} else {
$systemType = "Desktop"
}
Write-Output "This device is a" $systemType
#2.1 At this time I am only automating the Timus installation on laptops
if ($systemType -eq "Desktop") {
Write-Output "The device is a desktop, exiting script."
}
else {
Write-Output "This is a laptop, proceeding with download."
}
#>
#####################################################################################
<#
3. Does the download destination exist?
If not, create download directory
Default download directory is "C:\temp\Timus Networks"
#>
$dlFolder = "C:\temp\Timus Networks"
$dlFolderTest = Test-Path -Path $dlFolder
$dlDest = "$dlFolder\Timus-Connect.exe"
$dlUrl = "https://repo.timuscloud.com/connect/Timus-Connect.exe"
$tempFolderExists = Test-Path -Path "C:\Temp"
if ($dlFolderTest -eq $true) {
Write-Output "Download directory exists, continuing with download."
}
else {
Write-Output "Download directory does not exist, creating directory"
New-Item -ItemType Directory -Path $dlFolder -Verbose -ErrorAction Stop
}
#####################################################################################
<#
4. Starting download to destination
Will try three different methods to download the file: Invoke-WebRequest, WebClient, and finally Start-BitsTransfer.
If all three fail, the script will exit with a failure.
#>
try {
Write-Output "Trying to download..."
Invoke-WebRequest -Uri $dlUrl -OutFile $dlDest
Write-Output "Invoke-WebRequest download was successful, moving on to installation..."
}
catch {
Write-Output "Invoke-Webrequest failed, trying webclient download..."
try {
$webClient = New-Object System.Net.WebClient
$webClient.DownloadFile($dlUrl, $dlDest)
Write-Output "WebClient download was successful, moving on to installation"
}
catch {
Write-Output "WebClient download failed, starting BitsTransfer..."
try {
Start-BitsTransfer -Source $dlUrl -Destination $dlDest
Write-Output "Downloaded successfully with BitsTransfer, moving on to installation..."
}
catch {
Write-Host "All methods failed. Unable to download the file. Exiting."
Exit 1
}
}
}
#####################################################################################
<#
5. Starts Installation of the Timus Connect App.
Upon error, the script will exit.
Checks registry for uninstall key for Timus Connect.
#>
Start-Process -Wait -FilePath $dlDest -ArgumentList "/S" -PassThru -ErrorAction Stop
#Check for successful install
$appName = 'Timus Connect'
$RegUninstallKey = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*'
$installedApplication = Get-ItemProperty -Path $RegUninstallKey | Where-Object {$_.DisplayName -like "*$appName*"}
if ($installedApplication) {
Write-Host "Application is installed."
} else {
Write-Host "Application is not installed."
}
#####################################################################################
<#
6. Performs cleanup of created files/folders
If download root existed prior to script, will only remove newly created folder.
For example, if C:\temp already existed, the script will only remove C:\temp\Timus Networks
and not C:\temp as a whole.
If download root did not exist, it will delete the whole folder
#>
if ($tempFolderExists -eq $true) {
Write-Output "Temp folder existed prior to download, only removing" $dlFolder
Remove-Item -Path $dlFolder -Recurse -Force
Write-Output "Cleanup complete, exiting..."
Exit 0
}
else {
Write-Output "Temp folder did not exist prior to script, deleting Temp folder..."
Remove-Item -Path "C:\Temp" -Recurse -Force
Write-Output "Cleanup complete, exiting..."
Exit 0
}
This script is designed to automate the installation of a digital certificate into the "Trusted Root Certification Authorities" store on a local machine. It can be distributed and executed via Remote Monitoring and Management (RMM) tools, making it ideal for deploying trusted certificates across multiple systems in a managed environment.
# Path to the certificate file $certPath = "C:\Users\username\Downloads\DESKTOP_CERTIFICATE.der"# Check if the file exists if (Test-Path $certPath) { # Import the certificate into the Trusted Root Certification Authorities store $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert.Import($certPath) # Add the certificate to the local machine Trusted Root store $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine" $store.Open("ReadWrite") $store.Add($cert) $store.Close() Write-Host "Certificate installed successfully." } else { Write-Host "Certificate file not found at $certPath. Exiting." }
This document is a guide explaining the use of the Timus Connect for macOS® application.
This application secures your connection by establishing an encrypted tunnel to the Timus Platform.
Timus Connect App supports macOS Monterey or higher versions.
Login
When installing Timus Connect App for the first time, the account must have administrator permission in order to install the application onto the device.
If Timus Connect App's background service is completely stopped for any reason, administrator permission will be required to access the application.
Administrator permission is not required for version updates.
If this account is synchronized from a directory service like Microsoft Entra ID(Azure AD), Okta, or Google Workspace, at this moment the login screen will be forwarded to the login screen of that directory service.
If you trigger a user sign-in policy of Timus Manager with a behavior when you try to login, you may encounter a different authentication method like two-factor authentication.
The screen that opens is the application's main screen, you will see the following menu items:
Connection
Follow the steps below to establish a connection by using the Timus Connect Windows application:
The round-trip traffic duration to each active gateway will be displayed next to the gateway. The lower the duration, the faster the connection.
Account
On the Account menu, you can
Settings
On the Settings menu,
If you are unable to modify or turn features on or off, it indicates that the administrator has closed that feature to user selection based on their preference.
Split tunnel configuration works on macOS when the tunnel protocol is WireGuard.
Support
On the Support menu, you can
Once you have any isues with the Timus Connect Application, you click on Collect log. it will want you to select a folder to create a log file, which will have all the .log files needed for troubleshooting. You can send the file to one of our technical support specialists to have it analyzed.
You will get a notification message as shown in the image below once you click on Collect log. This process can take up to 10 seconds.
Once the log file has been successfully created, you will see the pop-up message as shown in the image below.
To install an SSL Certificate, follow these steps:
The SSL Certificate can be installed by clicking "Install Certificate" on the Support menu. However, in order for the SSL Certificate to function properly, its trust settings must be configured as follows.
Please note that altering the trust settings of any certificate should be done with caution. Always ensure that the certificate is from a reliable source.
Silent Deployment Script
For Partners who would like to use a silent script to deploy through an RMM tool, please refer to the below article:
Timus Connect App for MacOS Silent Deployment ScriptNote:
Bash Script - Mac
Ensure the script has execute permissions by using the following terminal command:
chmod +x /path/to/script.sh
Mac:
#!/bin/bash
# Check if the machine is a MacBook (laptop)
MODEL_IDENTIFIER=$(system_profiler SPHardwareDataType | awk '/Model Identifier/ {print $3}')
if [[ ! "$MODEL_IDENTIFIER" =~ "MacBook" ]]; then
echo "This script is intended for MacBook models only."
exit 1
else
echo "Thank you for using Timus ZTNA. Your secure remote access will be enabled shortly."
fi
# Specify the name of the app to check if it's installed
APP_NAME="Timus Connect.app"
APP_PATH="/Applications/$APP_NAME"
# Specify the URL and local directory and path for the .pkg
PKG_URL="https://repo.timuscloud.com/connect/Timus-Connect.pkg"
PKG_DIR="/tmp/Timus-Connect"
PKG_LOCAL_PATH="$PKG_DIR/Timus-Connect.pkg"
# Check if the app is already installed
if [ -d "$APP_PATH" ]; then
echo "$APP_NAME is already installed."
else
echo "$APP_NAME is not installed."
# Create the directory if it doesn't exist
[ ! -d "$PKG_DIR" ] && mkdir -p "$PKG_DIR"
# Download the .pkg file from the specified URL
echo "Downloading $PKG_NAME..."
curl -o "$PKG_LOCAL_PATH" "$PKG_URL"
if [ $? -eq 0 ]; then
echo "Download successful!"
# Install the .pkg
echo "Installing $PKG_NAME..."
installer -pkg "$PKG_LOCAL_PATH" -target /
if [ $? -eq 0 ]; then
echo "Installation successful!"
# Open the app
echo "Opening $APP_NAME..."
open "$APP_PATH"
# Optionally, you can clean up by removing the downloaded .pkg
rm "$PKG_LOCAL_PATH"
rmdir "$PKG_DIR" # This will only remove the directory if it's empty
else
echo "Error during installation."
fi
else
echo "Error downloading $PKG_NAME."
fi
fi
exit 0
There are three methods for creating users: manually, through importing, or by using directory synchronization
Follow these steps to manually add new user(s) on your network with Timus Manager:
In this example, I have used "john" in my password. Therefore, I have seen Invalid Password pop-up on my screen.
You need to set your Password Policies, which totally depend on the network admins, for the users.
Creating and managing agent profiles in Timus Networks helps in effectively controlling and optimizing user behaviors on your network. By following these steps, you can ensure that network policies are enforced and user experiences are tailored to your organizational needs. If you need further assistance, please feel free to reach out at any time.
Step 3: Click On “ Agent Profiles ”on the Middle Pane
NOTE: Users are required to disconnect and reconnect in order to access the updated settings.
The introduction of a new Agent Profile functionality empowers administrators with granular control over user machine configurations, facilitating seamless integration of preferred rules tailored to organizational needs. This feature encompasses a spectrum of customizable parameters including tunnel type selection, startup configurations, administrative approval requirements for user logins and logouts, and the implementation of productivity tracking mechanisms. By leveraging this advanced toolset, administrators can optimize operational efficiency, enhance security protocols, and streamline user experiences within the system.
This article contains guidance on managing users, executing bulk actions, and resetting passwords.
This article explains the process of creating and managing Agent Profiles on the Users & Teams page.
Start on boot, Connect on application start, Always-on VPN, Trusted Networks and Productivity tracker options are only available on Windows and MacOS.
This article explains the process of managing Password Policies on the Users & Teams page.
This password policy applies to all administrator accounts of the management portal.
This password policy applies to all user accounts that require a Timus password. Users that single sign-on with their third party Identity Provider accounts do not have Timus passwords, thus they are not bound by this policy.
We have 11 password policies. 6 of them are active and 5 of them are inactive in default as shown in the images below. You are able to change the password policies however you want
Once you click on Edit, you will be able to configure the policies however you want.
Minimum character length
This will be active all the time. You are able to change the minimum character length, which is 8 in default, to any numbers that you want.
Minimum number of lower case letters
We recommend using at least 1 lower-case letter to make the passwords stronger.
Minimum number of upper case letters
We recommend using at least 1 upper-case letter to make the passwords stronger.
Minimum number of digits (0-9) We recommend using at least 1 digit to make the password stronger.
Minimum number of special characters
If selected, password must include special characters such as !@#$-%&*+. We recommend using at least 1 special character to make the password stronger.
Maximum number of consecutive digits
For example; if 3 is selected, up to 3 consecutive digits such as 01, 012, 123, 456, 789 can be included in the password, 4 consecutive digits like 0123 cannot.
Cannot use commonly used passwords
Commonly used passwords can be very easily detected by automated tools of bad actors, thus using them leads to a vulnerability. This check is insensitive for upper-case and lower-case letters.
Cannot contain keywords
You can add the keywords, which you don't want the users/admins to use in their passwords, into here so that the users/admins are not able to use these keywords. Maximum 10 keywords can be entered.
Cannot contain first part of user's email address
For example, the password of the user with the email address johndoe@abc.com cannot contain the text 'johndoe'.
Cannot contain user's first name
If you activate this, the users/admins will not be able to use their user's first name in their passwords. This check is insensitive for upper-case and lower-case letters.
Cannot contain user's last name
If you activate this, the users/admins will not be able to use their user's last name in their passwords. This check is insensitive for upper-case and lower-case letters.
Password expires in
Entered value will be set as the administrator's password expiration limit. Minimum value is 1 day and maximum value is 10.000 days.
C:\Program Files\Timus Connect\resources\service\lib\active-win\active-win-windows.exe
process. To ensure proper operation, verify that this executable is not obstructed by any Endpoint Protection Platforms (EPPs) or other security software. It is crucial to whitelist active-win.exe in your security configurations.
This guide will walk you through the process of integrating JumpCloud with Timus using SAML 2.0 for secure Single Sign-On (SSO). Follow these steps to configure your JumpCloud application and complete the setup within Timus Manager.
Navigate to Applications
https://console.jumpcloud.com/login/admin
with your credentials.Create a New Application
After saving, you will be directed to the configuration screen.
IdP Entity ID and SP Entity ID: Paste JumpCloud’s provided IDP URL (visible in the SSO tab).
ACS URLs: Default URL: https://auth.timuscloud.com/user/external/saml
Subject NameID: Set NameID to email
urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
Signature Algorithm: Set to RSA-SHA256
Signing Option: Choose “Assertion and Response”.
3. Adding User Attributes
firstname
and lastname
.4. Assigning User Groups
Access Timus Manager:
Manage SAML 2.0 Integration:
JumpCloud Name | Timus Equivalent |
---|---|
IDP URL | Identifier |
IDP URL | Service URL |
IDP Certificate | X.509 Certificate |
Note: The IDP Certificate can be downloaded under the SAML Certificate section in JumpCloud. Make sure to use the Hex format certificate.
This completes the SAML configuration for JumpCloud with Timus. Your users can now authenticate securely through JumpCloud to access Timus applications.
console.jumpcloud.com/userconsole
with a test user.Note: Initial login must happen through JumpCloud’s application to create the user in Timus.
This article explains the process of synchronizing your Active Directory users and groups with Timus Manager
In the Logs tab, you can view all traffic on the agent under Log Time/ Type and Details parameters.
To integrate Bitdefender for using the getManagedEndpointDetails
and getEndpointList
API calls, you need to follow these steps:
Step 1: Access the Bitdefender GravityZone Console
Step 2: Create an API Key
To use the getManagedEndpointDetails
and getEndpointList
API calls, ensure the API key has the following permissions:
Ensure your API key has the following permissions:
By following these steps, you should be able to integrate Bitdefender and use the getManagedEndpointDetails
and getEndpointList
API calls effectively.
Now, you are ready to integrate with Timus. Please continue the article below to complete the integration. Device Posture Check and EPP
Microsoft Defender for Endpoint Integration Guide
SentinelOne for Endpoint Integration Guide
Bitdefender for Endpoint Integration Guide
Select the operating system for which you wish to perform device posture check. Please note that only one posture check can be created for each operating system.
Select the source from which the attribute data is retrieved. This data source provides the information used to evaluate the device posture.
Choose the specific attribute that is gathered from the data source.
The Attributes if the Data Source has been selected as either BitDefender or Microsoft Defender.
The Attributes if the Data Source has been selected as SentinelOne.
Condition can be is any of or is equal to depending on the Attribute you have selected.
Pass Value: Define the expected value that the attribute must have to pass the check. It can two options, True and False.
After you define the Attribute successfully, you will see a pop-up as shown in the image below.
After completing the Device Posture Checks process, you can use ZTNA to apply some policies for the users. To be able to do it, you need to go to the page Zero Trust Security -> Behaviors -> Create New as shown in the image below.
Once you click on Create New, you need to enter a Name and select Device Posture Check as a Type.
And, you need to select your Device Posture Check, which you have named it, and decide if the Trigger is Passes or Fails as shown in the image below.
After creating the behavior, you need to go to the page Zero Trust Security -> User Sign-in Policies -> Create New as shown in the image below.
After clicking on Create New, you will be able to see the pop-up, which will allow you to define some ZTNA policies based on the behavior, which you have created, based on the Device Posture Check.
You can modify the example policy as shown in the image below according to your needs.
Here is an example ZTNA policy based on the Device Posture Check below.
If you would like to get more details regarding ZTNA policies in general, you can take a look at the article User Sign-In Policy.
This article explains the process of enabling Google Sheets on Timus Manager.
This article explains how to access data on the ZTNA Dashboard and enhance productivity and security by leveraging all available information in zero trust scenarios.
The Zero Trust Network Access (ZTNA) Dashboard provides a complete overview of all user and admin events within your network, all displayed on one page.
To filter the data displayed in widgets, start by using the User & Admin Events filter and the time filter located in the upper-right corner of the ZTNA Dashboard.
Access the information on successful logins, failed logins, high-risk login attempts, lockouts for failed logins, sign-in rule denies, and sign-in locations on graph and a map.
This article will guide administrators on how to create behavior-based, user sign-in policies Timus ZTNA.
Timus ZTNA offers a unique and improved access control method that allows businesses to expand without compromising the fundamental security of their network, which includes infrastructure, applications, data, users, and devices.
The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other User Sign-In policies.
You can Deactivate the default user sign-in policy.
To create a new User Sign-In/Login Policy, follow these steps:
A pop-up window will appear with the following tabs:
On the Source tab:
If necessary, you can select multiple sources to apply to the policy.
On the Condition tab,
Schedule the policy.
When "All Selected Behaviors" is chosen, all selected behaviors such as Untrusted IPs, New Device, and Breached E-mail Address must be active simultaneously for the policy to take action.
When "Any Selected Behavior" is chosen, at least one of the selected behaviors must be triggered by the policy to take the action.
You can consider All Selected Behaviors like "AND &&" and Any Selected Behaviors like "OR ||" as in coding language.
Experience the user-friendly interface of Timus by hovering over the info icons on the policy creation screen:
When you add a behavior to the policy with the add behavior button on the screen and hover over that behavior, you can view the brief explanation about the behavior you added:
On the "Action" tab,
Select an action from the drop-down list.To set Alerts and Notifications for your policy,
To add customized behaviors to your network, visit Timus Manager, then select Zero Trust Security> Behaviors. This allows you to expand on the default behaviors provided by ZTNA for more comprehensive risk assessments in network use cases.
To find your network's pre-configured behaviors, go to the Name and Details parameters page. These behavior settings are already set up for your network and can be viewed and adjusted if necessary.
The general information of the default behaviors displayed on the page are as follows:
To create custom behaviors for your network policies, do the following:
Timus Zero Trust Policies provides a user/ behavior-based access control as an alternative to traditional IP-based access control and makes it easier for an organization to manage network access.
The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other policies.
It means that you are able to prioritize the Timus ZTNA rules by yourself.
It allows for more granular control over access rights, ensuring the right people have the right access at the right time.
The security model of this zero trust approach protects your organization against potential threats by increasing network security.
This article shows administrator how to create Timus ZTNA's behavior-based administrator sign-in policies and apply them to your network.
Timus ZTNA's policies provide a distinctive and enhanced access control approach to expand your business while maintaining the fundamental aspects of your network security: Infrastructure, Application and Data, User and Device.
To protect your organization and users against today's ever more sophisticated cyber security threats, you can create User/Administrator-based sign-in policies in Timus Manager that automatically respond to any predefined risk level.
On the Admin Sign-in Policies page, you can view the following left to right:
The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other Admin Sign-In policies.
It means that you are able to prioritize the Timus ZTNA rules by yourself.
You cannot Deactivate or Delete the default administrator sign-in policy.
On the Source tab,
On the Condition tab,
When "All Selected Behaviors" is chosen, all selected behaviors such as Untrusted IPs, New Device, and Breached E-mail Address must be active simultaneously for the policy to take the action.
When "Any Selected Behavior" is chosen, at least one of the selected behaviors must be triggered the policy to take the action.
You can consider All Selected Behaviors like "AND &&" and Any Selected Behaviors like "OR ||" as in coding language.
Experience the user-friendly interface of Timus by hovering over the info icons on the policy creation screen:
When you add a behavior to the policy with the add behavior button on the screen and hover over that behavior, you can view the brief explanation about the behavior you added:
In the Action tab,
Decide what action the system should take when a behavior triggers the policy. The actions defined in the system are as follows:
You can set multiple actions for multifactor authentication with Timus ZTNA.
The actions you select are numbered in the tab shown on the left.
So, in a scenario where the first authentication step fails, you can enable another action for login attempts and send authentication setup instructions to administrators who have not completed the setup process.
On the Alerts and Notifications tab, you can configure the policy to send Alerts and Notifications each time it is triggered.
This Connectivity section helps you make informed decisions or take necessary actions to optimize network connectivity.
The Network Statistics for the Primary WAN of the site you are currently viewing in your Timus Manager are as follows:
Latency:
Jitter:
Loss (Packet Loss):
Upload:
Download:
(Connection) Health:
To access the Health scale that ranks connection quality from best to worst, follow these steps:
The IPsec protocol suite can set up direct and encrypted connections between supported devices by offering a framework for securing data traffic between two servers.
Creating an IPsec tunnel via Timus, you can transfer the data securely between the peers of the connection.To create a site-to-site IPsec VPN gateway connection between your on-premises network and a virtual network (VNet) please follow these steps:Here are the two phases of internet key exchange (IKE) required to set up an IPsec connection using Timus.
As shown in the sample image below of the parameters tab, there are default settings that need to be configured for the IPsec tunnel connection you are about to create in order for it to function correctly:
To find your Local Primary WAN IP address,
This article will help you establish a site-to-site IPsec connection between Timus Networks and PfSense.
IPsec tunnel between Timus - PfSense: PfSense Configuration for Timus:
Go to PfSense UI -> VPN -> IPsec.
General Information:
IKE Endpoint Configuration:
Phase 1 Proposal (Authentication):
Parameters:
Miscellaneous:
Phase 2 configuration of Timus:
Services
Service Category
HTTP
Web Access
HTTPS
VoIp
SIP
Database Access
MSSQL_SERVER
MSSQL_MONITOR
MYSQL
POSTGRESQL
Remote Access
RDP
SSH
TELNET
VNC-RFB
RPC
DCE-RPC
File Access
FTP_DATA
FTP_CONTROL
TFTP
SMB
Network Services
DNS
DNS_MULTICAST
DNS_OVER_TLS
DNS_OVER_QUIC
DHCP_SERVER
DHCP_CLIENT
NTP
SNMP
SYSLOG
SSDP_UDP
SSDP_TCP
IMAP
IMAPS
POP3
POP3S
SMTP
SMTPS
Authentication
LDAP
LDAPS
RADIUS
KERBEROS_AUTH
KERBEROS_PWD
KERBEROS_ADMIN
Protocol
HOPOPT
ICMP
IGMP
GGP
IPv4
ST
TCP
CBT
EGP
IGP
BBN-RCC-MON
NVP-II
PUP
ARGUS
EMCON
XNET
CHAOS
UDP
MUX
DCN-MEAS
HMP
PRM
XNS-IDP
TRUNK-1
TRUNK-2
LEAF-1
LEAF-2
RDP
IRTP
ISO-TP4
NETBLT
MFE-NSP
MERIT-INP
DCCP
3PC
IDPR
XTP
DDP
IDPR-CMTP
TP++
IL
IPV6
SDRP
IPV6-ROUTE
IPV6_FRAG
IDRP
RSVP
GRE
DSR
BNA
ESP
AH
I-NLSP
SWIPE
NARP
MIN-IPV4
TLSP
SKIP
IPV6-ICMP
IPV6_NONXT
IPV6_OPTS
CFTP
SAT-EXPAK
KRYPTOLAN
RVD
IPPC
SAT-MON
VISA
IPCV
CPNX
CPHB
WSN
PVP
BR-SAT-MON
SUN-ND
WB-MON
WB-EXPAK
ISO-IP
VMTP
SECURE-VMTP
VINES
IPTM
NSFNET-IGP
DGP
TCF
EIGRP
OSPFIGP
SPRITE-RPC
LARP
MTP
AX.25
IPIP
MICP
SCC-SP
ETHERIP
ENCAP
GMTP
IFMP
PNNI
PIM
ARIS
SCPS
QNX
A/N
IPCOMP
SNP
COMPAQ-PEER
IPX-IN-IP
VRRP
PGM
L2TP
DDX
IATP
STP
SRP
UTI
SMP
SM
PTP
ISIS_OVER_IPV4
FIRE
CRTP
CRUDP
SSCOPMCE
IPLT
SPS
PIPE
SCTP
FC
RSVP-E2E-IGNORE
MOBILITY_HEADER
UDPLITE
MPLS-IN-IP
MANET
HIP
SHIM6
WESP
ROHC
ETHERNET
AGGFRAG
NSH
If you enable Custom Source Port, you are allowed to define a specific source port. Otherwise, the source port would be selected as Any.
The "Adult" category comprises web pages containing images or videos depicting sexual acts, sexual arousal, or explicit nude imagery with a sexual intent. It also includes pages that use frequent or serious profanity. Additionally, this category encompasses pages whose primary content is child-appropriate, but with regular or irregular sections featuring sexually themed, non-educational material. Web pages with sexual content, products, or services related to sex, but without explicit nudity, are part of this category. It also includes pages featuring tasteless content, such as cruelty to animals, bathroom humor, and other potentially inappropriate material for children.
The "Alcohol" category includes web pages that promote, advocate, or sell alcohol, encompassing a variety of beverages such as beer, wine, and hard liquor. These pages may feature information about different types of alcoholic products, brands, and related events. They could also provide details on the production, distribution, and consumption of alcoholic beverages. Additionally, these web pages might offer the option to purchase alcohol online or provide resources for locating physical stores selling such products. The content within this category is focused on the promotion and commercial aspects of the alcohol industry.
The "Anonymizers" category includes web pages that promote the use of proxies and anonymizers. These tools are intended to facilitate anonymous and unrestricted access to websites by bypassing filters and other online restrictions. Anonymizers are often employed to conceal the user's identity and location, allowing them to browse the internet without revealing personal information. These pages may provide information, tools, or services related to the use of proxies for the purpose of maintaining online privacy and evading content restrictions.
The "Banking" category encompasses web pages operated by or dedicated to banks and credit unions, with a specific focus on online banking applications. This category excludes online brokerages, concentrating on financial institutions providing services related to traditional and digital banking, including account management, transactions, and financial services.
The "Business & Services" category encompasses a wide array of web pages, covering real estate transactions, agriculture-related information, construction and architectural services, genetics research, and biotechnology firms. It serves as a general category for businesses not fitting into more specific classifications, including furniture makers and retail outlets. The insurance sector is also represented, spanning various types from health to car insurance. The category further includes manufacturing and industrial production businesses, as well as those involved in security products and services, excluding computer security. Information on retirement homes and communities, inventory management, and connections within communities are also part of this diverse category, along with advertising agencies and marketing services, excluding online banner ads. In essence, "Business & Services" provides a comprehensive overview of commercial and service-related content.
The "Chat" category encompasses web pages designed for real-time communication, featuring chat rooms and messaging functionalities that facilitate group discussions among strangers or friends in both public and private settings. These pages serve as platforms for interactive conversations, allowing users to engage in discussions with others. Additionally, the category includes instant messaging software and web pages that enable users to stay connected with a list of "buddies" through messaging services. In essence, "Chat" provides diverse means for individuals to communicate in real-time, fostering both group interactions and one-on-one conversations through messaging platforms.
The "Content Servers" category includes web servers that lack navigable web pages and are primarily employed for hosting images and other media files. These servers play a crucial role in enhancing web page performance and site scalability by offloading media content delivery. Instead of serving complete web pages, they focus on efficiently delivering media elements, reducing page load times and optimizing the overall user experience. Content servers are integral to content delivery networks (CDNs) and are strategically positioned to distribute multimedia content, ensuring faster and more reliable access to images and other media resources for website visitors.
The "Criminal Activities" category includes web pages that promote extreme ideologies, discrimination, and hate based on factors like political affiliation, gender, race, or religion. Additionally, it encompasses pages that promote illegal drugs, including information on common illegal drugs and the misuse of prescription drugs. Content depicting physical or sexual abuse of children is also covered in this category. Moreover, the category includes web pages providing information on illegal activities such as burglary, murder, bomb-making, and lock picking. Pages with tools and information facilitating online crime, unauthorized access to computers, and fraud are part of this category. Furthermore, it involves content related to marijuana, covering aspects like legalization, medicinal use, and general information. Lastly, the category includes pages that provide access to illegally obtained files, such as pirated software, movies, and music, as well as sites offering assistance in cheating on homework and tests.
The "Culture & Arts" category encompasses web pages related to the development or display of the visual arts. This includes platforms featuring various forms of artistic expression, such as paintings, sculptures, and other visual creations. Additionally, the category includes web pages dedicated to published writings, spanning fiction and non-fiction novels, poems, and biographies. These pages serve as platforms for authors and literary enthusiasts to share and explore written works across different genres and styles.
The "Dating" category encompasses web pages that are focused on promoting relationships, including dating and marriage. These websites are designed to facilitate connections between individuals seeking romantic partnerships. They may feature profiles, matchmaking services, and communication tools to help users interact and potentially form long-term relationships. The content typically revolves around dating advice, relationship tips, and platforms for meeting and connecting with potential partners.
The "Education" category comprises a variety of web pages tailored to facilitate learning and academic pursuits. It includes pages for schools with an online presence, encompassing universities, private and public schools, and other real-world educational institutions that offer online resources and information. Additionally, the category covers web pages hosting academic publications, journals, research findings, curriculum details, online learning courses, and materials, providing a comprehensive repository for scholarly content and educational tools. These pages cater to students, researchers, and educators seeking valuable resources for academic enrichment. Furthermore, "Education" includes web pages containing reference materials, offering data compilations and reference shelf content such as atlases, dictionaries, encyclopedias, census data, and other reference materials. These resources contribute to a well-rounded educational experience, supporting users in their quest for knowledge and information.
The "Entertainment" category encompasses a diverse range of web pages designed to provide amusement and enjoyment. This includes pages featuring comics, jokes, and other humorous content to elicit laughter and entertainment. Furthermore, it includes platforms offering internet radio, streaming media, and downloads related to musicians, bands, MP3s, and various media content. Additionally, the category covers web pages dedicated to animated TV shows, movies, comic books, and graphic novels, catering to fans of animated and illustrated entertainment. News and gossip about celebrities, television shows, movies, and the broader entertainment industry are also featured, keeping users informed about the latest developments. Moreover, "Entertainment" includes pages devoted to the venues of entertainment, such as comedy clubs, nightclubs, discos, festivals, theaters, and playhouses, offering information about places where entertainment events unfold. Lastly, the category encompasses web pages providing comprehensive content about television shows and movies, including reviews, showtimes, plot summaries, discussions, teasers, and marketing materials, creating an immersive experience for enthusiasts.
The "Environment" category encompasses web pages dedicated to fostering awareness and understanding of environmental issues. These pages provide information on various aspects of sustainability, including sustainable living practices and initiatives. Additionally, the category covers content related to ecology, delving into the study of ecosystems, biodiversity, and the interactions between organisms and their environments. Furthermore, these web pages offer insights into nature and the environment, sharing knowledge on topics like wildlife conservation, natural habitats, and environmental conservation efforts. By compiling information on environmental
The Map to Port feature allows you to specify a range of ports on both protocols, TCP or UDP, for instance, 70-75, and map them to a destination range, such as 80-85. Ports are forwarded sequentially: port 70 maps to port 80, port 71 maps to port 81, and so on. This feature is useful for port forwarding in a one-to-one manner."
In the Traffic Logs page, where you can access comprehensive data presented through tables and graphics organized into various tabs. Here's an overview of what you'll find in each tab:
You can download the csv file to get a report for your traffic by clicking on Export at the top right of the screen as shown in the image above.
Only the last 10.000 records will be exported when you have created it.
When you have clicked on the Export button, you will see the pop-up above when the Export process is completed successfully. You can click on Download to get your report.
This organized approach allows you to analyze user behavior, team activities, device usage, application preferences, website interactions, and network engagement.
Dive into detailed insights to make informed decisions about your product usage and optimize your resources effectively.
Click on the "Search" button.
By clicking the Search button, you can access a list displaying all the traffic generated by this user on your network.
To access the details of the traffic logs listed, click on the blue info icon located at the far right of the respective line.
You can use the Search bar to display more specific information about the logs you want to see.
Simply insert the desired columns with the appropriate command:
Time: Select the Start and End date of the traffic logs you want to display on the list.
Action: Choose between Drop or Allow.
Destination: Specify Team, Device, IP, Network, Site, or Any.
Factor: Specify Application, Category, Website, Keywords, or Any.
After selecting the user, you display the following information on the page.
You can also view traffic details for the following components by going to the Insights dropdown > Traffic Logs page:
To turn on these notifications, go to the Alerts & Notifications tab on the Zero Trust Sign-In Policies pages. (User/Admin)
To filter your alerts, use the Search filter located at the top of the Alerts page:
You can see the details of the each by clicking on the ellipsis icon at the end of the row:
The IP Intelligence section is only visible when a sign-in policy with the Untrusted IP Behavior has been defined for the specific IP.
Before creating a report, it is important to first manage the templates. This will allow you to choose analytics and insights you want to include in your report, using either predefined or custom templates.
To view the template or create a report using Timus's default Predefined Weekly Template, click the ellipsis icon next to it.
You also have the option to use the template as a basis for a new one:
To create a custom template,
Once your report is created, you can view the results by clicking on the Actions button and selecting the Go to Results page option on the report's page.
The generated reports will be saved on the report's page. You can access and view all reports generated on different dates by using the Displayed Report filter.
To configure the widgets, click on the "Show Template" option located on the report page. This is the same process as when you access it from the "Manage Templates" -> "Edit" page.
Timus and ConnectWise integration helps MSPs automate billing tasks by syncing product catalog details and usage data directly with ConnectWise agreements. This setup simplifies invoicing, making it easier to manage customer billing automatically and keep everything accurate without manual input. Here's how to set up ConnectWise integration:
This role will generate an API key for the integration. You may use another role with the necessary permissions if preferred.
Note: Save the public and private keys. The private key is only visible upon creation.
Are you experiencing slower speeds than expected after connecting to the Timus Network?
Several factors can contribute to this, but don't worry! This guide will help you troubleshoot the issue and get your connection back up to speed.
Initial Steps:
If your client is up-to-date and there are no other programs running that could impact your connectivity. Please check the following troubleshooting steps:
1. Identify Current MTU Setting
macOS:
Open Terminal.
List network services:
networksetup -listallnetworkservice
Check current MTU:
networksetup -getMTU <network_service>
Windows:
Open Command Prompt.
Check current MTU:
netsh interface ipv4 show interfaces
2. Ping with Specific Packet Sizes
macOS:
Open Terminal.
Ping with a specific packet size:
ping -D -s 1472 <gateway_public_ip>
Windows:
Open Command Prompt.
Ping with a specific packet size:
ping -f -l 1472 <gateway_public_ip>
Adjust Packet Size Incrementally:
3. Use Traceroute and MTR
Traceroute:
macOS:
Open Terminal.
Install traceroute (if not already installed):
brew install traceroute
Run traceroute:
traceroute <gateway_public_ip>
Windows:
Open Command Prompt.
Run tracert:
tracert <gateway_public_ip>
MTR:
macOS:
Open Terminal.
Install mtr (if not already installed):
brew install mtr
Run mtr:
mtr -rw <gateway_public_ip>
Windows:
4. Check Endpoint Configuration
ipconfig /all
macOS:
Open Activity Monitor.
Monitor CPU and memory usage to ensure they are not maxed out during the VPN connection.
Check network interface for errors:
ifconfig
Windows:
Open Task Manager.
Monitor CPU and memory usage to ensure they are not maxed out during the VPN connection.
Check network interface for errors:
ipconfig /all
5. Performance Testing
macOS and Windows:
Download and install iPerf3 from https://iperf.fr/.
Run iPerf tests to measure raw throughput with and without VPN:
iperf3 -c ash.speedtest.clouvider.net -p 5200-5209
6. Quality of Service (QoS) and ISP Throttling
macOS and Windows:
7. Firewall and Security Software
macOS:
Windows:
If none of these steps resolve your bandwidth issue, please contact Timus Network support for further assistance at Support@timusnetworks.com
What no gateways available mean and possible scenarios
This information message means that if the user is not allowed to connect to any gateway, a specific message will appear in the Timus Connect application.
The administrator must select the remote site for the user in the manager.
But there can be another root cause to show this error when;
To verify that, please run:
ping user.timuscloud.com
ping device.timuscloud.com
Also, try to go to user.timuscloud.com or device.timuscloud.com from the browser. If user can not reach connect application will not able to connect.
timus-connect-background service is not running
Go to Activity Monitor (Mac) or Task Manager (Windows) on your device and find timus-connect-service
.
Alternatively, you can go to http://localhost:49202 in your browser. If you see the output, it means the service is running.
If you validate that the service is not running, please follow these steps:
[MacOS] Validate if service is running
Run the commands below to check if they exist:
#for connect service
cat /Library/LaunchDaemons/timus-connect-service.plist
#for helper service
cat /Library/LaunchDaemons/timus-helper-service.plist
After running the commands, if they exist, please run this command to load the service. After running, please check if the service has started.
# Avoid if error occurs after running these commands. This is just a make sure none of instance exist on device
sudo launchctl unload /Library/LaunchDaemons/timus*
sudo launchctl load /Library/LaunchDaemons/timus*
[Windows] Validate if service is running
Find services from search
Make sure this 2 services are exist
If they are not exist and running state try to install them manually see if any error occurs. For clean service install run these commands
sc.exe stop timus-helper-service
sc.exe stop timus-connect-service
taskkill /F /IM "timus-connect-service.exe"
taskkill /F /IM "timus-helper-service.exe"
sc.exe delete timus-connect-service
sc.exe delete timus-helper-service
cd C:\\Program Files\\Timus Connect\\resources\\service
timus-connect-service.exe -service install && timus-connect-service -service start
timus-helper-service.exe -service install && timus-helper-service -service start
After validation, if you see that the services are still not running and nothing works, try to start the service manually and check if any crashes occur.
[MacOS] Validate if service crash
Run this command and see if service works
#for connect service
sudo /Applications/Timus\\ Connect.app/Contents/Resources/service/timus-connect-service
#for helper service
sudo /Applications/Timus\\ Connect.app/Contents/Resources/service/timus-helper-service
[Windows] Validate if service crash
Run these commands
cd C:\\Program Files\\Timus Connect\\resources\\service
timus-connect-service.exe
Let’s assume that a crash happened, which in most cases (99%) is a permission issue.
At this point, it is better to perform a clean setup by removing all files we have and reinstalling Timus Connect. Please find the section with the clean setup steps for Timus Connect.
Sometimes, SentinelOne, Bitdefender, or other security tools can prevent Timus Connect from working. We can confirm this by checking the task manager or asking the customer.
Explore our most popular video tutorials on our YouTube channel.
Manage your network, add tunnels, users, rules and licenses from a multi-tenant cloud portal with Timus.
Connect to offices or protect SaaS apps through private gateways with a single static IP address.
The Timus firewall sits in the cloud and intercepts all encrypted user traffic.
Timus uses zero-trust secure remote access and least privilege principles before granting any access to the network and data to protect against hackers, criminals, and ransomware. Additionally, Timus uses a best-of-breed DNS filter (at the network level) protecting users from zero-day threats and malicious sites from wherever they may encounter it (any device, application, protocol or port). A user is protected against all of the below: Malicious software including drop servers and compromised websites, including drive by downloads and adware Fraudulent phishing websites that aim to trick users into handing over personal or financial information Command and Control botnet hosts Sites which serve files or host applications that force the web browser to mine cryptocurrency Domains which have been registered in the last 30 days and in the last 24 hours Parked sites & domains that may no longer be controlled by the original owner
The Timus solution is superior to traditional VPNs for secure remote access. User verification is hardened with behavioral and contextual analysis. Multi-factor authentication (MFA) can be deployed adaptively (ie. when signing in from a new device, new country, etc), improving user experience. Timus ZTNA can work with another IAM solution or standalone. Timus has one of the richest behavioral checks in the industry for Zero Trust Verification.
Timus provides dedicated gateways with static IP addresses. An MSP can whitelist the Static IP in SaaS applications for controlled access and security.
WireGuard and OpenVPN tunneling protocols are supported.
The tunnel for secure connections can be configured to pass all user traffic, or just part of it, through the tunnel. Split tunnel configurations can be created in Manager->Settings-Tunnel Configuration page. Default configuration is all traffic passes through the tunnel. Timus Connect agent gets the tunnel configuration valid for the user and context, and passes traffic through the tunnel accordingly. This feature is currently available only for Windows and macOS releases of Timus Connect app.
Still have questions? Explore our in-depth documentation for comprehensive guides and detailed solutions.
Go to documentation