How can we help?
Find help articles, troubleshooting guides, and tutorials
Search
Common searches:
Find help articles, troubleshooting guides, and tutorials
Common searches:
Video tutorials explaining how to set up various aspect of Timus tutorials listed on this Knowledge Base page
Explore our YouTube channel for how-to videos, partner use, and insights on Timus and the MSP space.
This exam assesses your proficiency and understanding of some of the key functionalities of the Timus’ Zero Trust Network Security Solution.
Discover Timus features and configurations through quick and easy-to-follow video tutorials. Perfect for a visual walkthrough of our capabilities.
Welcome to the Timus Explainer Videos page!
Explore our comprehensive library of video guides that simplify the essential features and configurations of Timus Networks. Designed for both beginners and advanced users, these quick and engaging tutorials will help you:
Learn how to configure Zero Trust policies with context-aware access control to protect your network and ensure only the right users have access to the right resources.
Master the creation and management of firewall rules to secure your network, prevent threats, and streamline network traffic.
Learn how to block unwanted content and enforce web filtering policies, ensuring a safe and productive network environment.
Explore how to segment network traffic effectively, optimizing performance while maintaining security and control.
Follow this step-by-step installation guide for Timus Connect to get your network running securely and efficiently in no time.
As security threats grow increasingly sophisticated, adopting a Zero Trust framework has become a necessity. Built on the principle of “Never trust, always verify”, Zero Trust ensures that every access request is meticulously validated, protecting your network and confirming user identities.
What Is Zero Trust Access? 🔒
Zero Trust Access is a cutting-edge security approach designed to:
By implementing Zero Trust, organizations reduce vulnerabilities and strengthen their defenses against breaches.
🎬 Learn the Timus Way
Timus Networks Conditional Access the Timus Way
In this video you'll learn:
The Timus Gateway is more than just a security measure; it’s the key to seamless connectivity. By hosting a cloud firewall, it enables secure communication between your network environments. With IPsec tunneling, you can connect your Timus Gateway to an on-premise firewall, ensuring secure and reliable access to data—no matter where it resides.
🎬 Learn the Timus Way
Timus Networks Connecting Branch Offices with IPSec
In this video you'll explore:
Timus Adaptive Cloud Firewall: Securing Users Anywhere
In today’s dynamic work environment, where users can connect from virtually anywhere, static security rules are no longer sufficient. The Timus Adaptive Cloud Firewall ensures your security perimeter moves with the user—aligning with their identity rather than just their device or location. This innovative approach enables true secure access at the edge, providing robust protection and seamless connectivity.
Why Choose Adaptive Cloud Firewall Rules?
🎬 Learn the Timus Way
Timus Networks Granularity within the Timus Firewall
In this video you'll discover:
A static IP address is more than just a number—it’s the foundation of complete network control. Every Timus Gateway is equipped with a private, static IP address, providing unparalleled visibility, enhanced security, and total control over your network.
🎬 Learn the Timus Way
Timus Networks Locking Down Saas with Static IP
In this video you'll explore:
Real-World Applications
The Timus Secure Web Gateway provides your organization with cutting-edge tools to manage web access, block harmful content, and bolster network security. By utilizing robust web filtering, content blocking, and anti-virus protection at the network layer, you can ensure that users only access safe applications and websites—whether working in the office or remotely.
🎬 Learn the Timus Way
Timus Networks Conent and Category Blocking
In this video you'll learn:
Core Features of Timus Web Filtering
🔍 Web Filtering
🚫 Content Blocking
Why Choose Timus Secure Web Gateway?
As part of recent improvements to the Partner and Manager portal, access to your tenant via SSO (Single Sign-On) has been restricted. By default, Support teams no longer have access to any tenant. If you would like to grant the Timus Support team access to your tenant, follow the steps below.
Steps to Enable Support Access:
On the opening page, configure the following:
Note:
For further assistance, please contact the Timus Support team.
The Dashboard provides a real-time, centralized view of your organization’s network activity, user engagement, device connectivity, and traffic flow. It’s designed to give IT teams instant situational awareness and visibility into critical performance and security indicators—all in one place.
📍 To access this screen, click Dashboard from the left-side menu
👤 Users Online
Displays the number of end users currently connected to the network.
Use this widget to monitor real-time user engagement or detect unexpected sign-in spikes.
💻 Devices Online
Shows how many devices are actively connected at the moment.
This helps you track endpoint activity and detect any anomalies—such as unexpected device surges.
🌐 Sites Online
Indicates the number of configured Sites that are currently online.
A sudden drop may indicate network issues, outages, or site disconnections that require investigation.
📊 Traffic Graph
Visualizes upload and download traffic across your entire network in real time.
Hover over any point to view exact values.
You can change the timeframe using the dropdown menu:
This widget is ideal for identifying bandwidth trends, usage spikes, or abnormal traffic behavior.
📱 Most Active Devices
Lists the top devices consuming the most bandwidth.
Each entry shows the device name and operating system icon.
Click the ••• → Configure the number of devices shown.
🙋 Most Active Users
Displays the users with the highest data usage or interaction levels.
Users currently online are marked with a green status dot.
Click the ••• → Configure the number of users shown.
📝 Recent Events
Shows a timeline of device connection activities, sorted with the most recent at the top.
Each event includes a timestamp and short description of what occurred (e.g., connection established, disconnected).
Click the ••• → Configure the number of events shown.
The partner portal dashboard will provide visibility into customers' relevant information & all data pertaining to your partnership with Timus Networks.
MSPs will leverage the Timus Networks partner portal as their primary dashboard for day to day management of the Timus solution. Within the portal, you will be able to add, remove & manage all clients for both billing and technical management.
Link to - partner portal
he Agent Deployment screen allows you to access the latest versions of Timus Connect Application for all supported platforms. This screen supports both manual and automated deployment workflows—ensuring your users can connect securely and consistently.
📍 To access this screen, go to Settings → Agent Deployment
The Downloads tab lists the most recent agent versions per operating system, helping you deploy Timus Connect reliably at scale. You can:
Timus Connect Application is essential for secure remote access, device posture validation, and policy enforcement.
For platform-specific installation and configuration instructions, refer to the following:
The Deployment Tokens tab enables you to generate time-limited tokens that automate the registration and sign-in process during installation. These tokens simplify mass deployments via RMM tools or scripting across Windows and macOS.
After creation, the token is:
⚠️ Please store your token securely—it cannot be retrieved after you leave or refresh the page.
Under the Copy & Run the Command section, ready-to-use deployment commands are generated for both platforms. These commands insert the deployment token and user email into the installer process, enabling automatic sign-in.
Select User (Optional)
You may select a user from the dropdown to prefill their email address in the command.
Windows
msiexec /i "Timus-Connect.msi" /quiet DEPLOY_TOKEN="<YOUR_TOKEN>" DEPLOY_EMAIL="<USER_EMAIL>"
macOS
sudo defaults write /Library/Preferences/com.timus.connect.plist DEPLOY_TOKEN -string "<YOUR_TOKEN>" sudo defaults write /Library/Preferences/com.timus.connect.plist DEPLOY_EMAIL -string "<USER_EMAIL>" sudo installer -pkg Timus-Connect.pkg -target /
Click the copy icon to quickly copy the command to your clipboard.
The Timus Connect for Windows application allows your users to establish a secure, encrypted tunnel between their devices and your corporate network. It supports posture validation, policy enforcement, and ensures seamless access to protected resources across distributed environments.
You can download the installer from Manager → Settings → Agent Deployment → Downloads screen. Alternatively, users can access the same version from Timus My → Downloads screen.
To install Timus Connect on a user’s Windows device:
Download the Installer
Navigate to the Downloads in Timus My and select the latest Windows version.
Launch the Application
After installation, launch Timus Connect. The user must read and accept the End User License Agreement (EULA) before proceeding.
Enter Timus Account Email
The user must enter their Timus account email address to initiate authentication.
Authenticate and Select Network
Once signed in, the user is directed to the Connect screen.
Select a Gateway
All gateways associated with the user’s authorized sites are listed here. Each gateway includes a real-time round-trip latency metric to assist in selecting the most optimal connection point.
Use the “Select Fastest” Option
Automatically selects and connects to the gateway with the lowest latency.
Connect
Clicking Connect establishes the secure tunnel between the user’s device and the selected gateway.
The Settings tab in the Timus Connect application allows to configure how the agent behaves on the user’s device. These configurations are managed through Agent Profiles in the Manager portal and can be optionally exposed for user-level control.
You can define and assign custom Agent Profiles to your users through the Manager portal.
Go to Agent Profiles Guide
VPN Protocol Selection
Choose the tunnel protocol used to establish the connection:
WireGuard
OpenVPN
If Smart Tunnel Protocol Fallback is enabled, the application will automatically attempt the alternative protocol if the selected one fails.
Startup Behavior
Network Optimization
*Users can modify these settings if the “Users can modify“ ***setting is enabled in their assigned Agent Profile.
The Support tab in the Timus Connect application provides essential tools for troubleshooting, diagnostics, and SSL certificate management.
Install certificate
Installs the required Timus SSL Root Certificate to the device. This enables:
Give feedback
Users can submit feedback or suggestions directly to the Timus team. Submissions include device metadata to provide helpful diagnostic context.
Collect logs
Generates a compressed ZIP file containing system and agent logs. The user is prompted to select a location for saving the file. This file can then be sent to you or the Timus support team for investigation.
About:
Displays application version and device metadata useful for technical troubleshooting.
If SSL certificate installation fails or users encounter trust-related warnings:
.crt
file.If the issue persists, contact the Timus support team for assistance.
To deploy the Windows app silently using an RMM or scripting tool, refer to:
The Timus Connect for macOS application allows your users to establish a secure, encrypted tunnel between their devices and your corporate network. It supports posture validation, policy enforcement, and ensures seamless access to protected resources across distributed environments.
Timus Connect is compatible with macOS Monterey (12.0) and later versions.
You can download the installer from Manager → Settings → Agent Deployment → Downloads screen. Alternatively, users can access the same version from Timus My → Downloads screen.
When installing Timus Connect for the first time, the user account on the macOS device must have administrator privileges. Administrator rights are not required for future updates.
To install Timus Connect on a user’s macOS device:
Download the Installer
Navigate to the Downloads in Timus My and select the latest macOS version.
Launch the Application
After installation, launch Timus Connect. The user must read and accept the End User License Agreement (EULA) before proceeding.
Enter Timus Account Email
The user must enter their Timus account email address to initiate authentication.
Authenticate and Select Network
Once signed in, the user is directed to the Connect screen.
Select a Gateway
All gateways associated with the user’s authorized sites are listed here. Each gateway includes a real-time round-trip latency metric to assist in selecting the most optimal connection point.
Use the “Select Fastest” Option
Automatically selects and connects to the gateway with the lowest latency.
Connect
Clicking Connect establishes the secure tunnel between the user’s device and the selected gateway.
The Settings tab in the Timus Connect application allows to configure how the agent behaves on the user’s device. These configurations are managed through Agent Profiles in the Manager portal and can be optionally exposed for user-level control.
You can define and assign custom Agent Profiles to your users through the Manager portal.
VPN Protocol Selection
Choose the tunnel protocol used to establish the connection:
WireGuard
OpenVPN
If Smart Tunnel Protocol Fallback is enabled, the application will automatically attempt the alternative protocol if the selected one fails.
Startup Behavior
Network Optimization
*Users can modify these settings if the “Users can modify“ ***setting is enabled in their assigned Agent Profile.
The Support tab in the Timus Connect application provides essential tools for troubleshooting, diagnostics, and SSL certificate management.
Install certificate
Installs the required Timus SSL Root Certificate to the device. This enables:
Give feedback
Users can submit feedback or suggestions directly to the Timus team. Submissions include device metadata to provide helpful diagnostic context.
Collect logs
Generates a compressed ZIP file containing system and agent logs. The user is prompted to select a location for saving the file. This file can then be sent to you or the Timus support team for investigation.
About:
Displays application version and device metadata useful for technical troubleshooting.
If SSL certificate installation fails or users encounter trust-related warnings:
If the issue persists, contact the Timus support team for assistance.
To deploy the Windows app silently using an RMM or scripting tool, refer to:
The Timus Connect for Android application allows your users to securely connect to your corporate network by establishing an encrypted tunnel to the Timus platform. It supports posture-aware access, policy enforcement, and seamless connectivity in mobile environments.
Timus Connect is compatible with Android 10 and later versions.
You can download the installer from Manager → Settings → Agent Deployment → Downloads screen. Alternatively, users can access the same version from Timus My → Downloads screen or directly from the Google Play Store.
To install Timus Connect on a user’s Android device:
Download the Installer
Search for Timus Connect on the Google Play Store, or navigate to the Downloads in Timus My and select the latest Android version.
Launch the Application
After installation, launch Timus Connect. The user must read and accept the End User License Agreement (EULA) before proceeding.
Enter Timus Account Email
The user must enter their Timus account email address to initiate authentication.
Authenticate and Select Network
Once signed in, the user is directed to the Connect screen.
Select a Gateway
All gateways associated with the user’s authorized sites are listed here. Each gateway includes a real-time round-trip latency metric to assist in selecting the most optimal connection point.
Use the “Select Fastest” Option
Automatically selects and connects to the gateway with the lowest latency.
Connect
Clicking Connect establishes the secure tunnel between the user’s device and the selected gateway.
The Settings tab in the Timus Connect application allows to configure how the agent behaves on the user’s device. These configurations are managed through Agent Profiles in the Manager portal and can be optionally exposed for user-level control.
You can define and assign custom Agent Profiles to your users through the Manager portal.
VPN Protocol Selection
Choose the tunnel protocol used to establish the connection:
WireGuard
OpenVPN
The Support tab in the Timus Connect application provides essential tools for troubleshooting, diagnostics, and SSL certificate management.
Install certificate
Installs the required Timus SSL Root Certificate to the device. This enables:
Give feedback
Users can submit feedback or suggestions directly to the Timus team. Submissions include device metadata to provide helpful diagnostic context.
Collect logs
Generates a compressed ZIP file containing system and agent logs. The user is prompted to select a location for saving the file. This file can then be sent to you or the Timus support team for investigation.
About:
Displays application version and device metadata useful for technical troubleshooting.
The Timus Connect for iOS application allows your users to securely connect to your corporate network by establishing an encrypted tunnel to the Timus platform. It supports posture-aware access, policy enforcement, and seamless connectivity in mobile environments.
Timus Connect is compatible with iOS 14 and later versions.
You can download the installer from Manager → Settings → Agent Deployment → Downloads screen. Alternatively, users can access the same version from Timus My → Downloads screen or directly from the App Store.
To install Timus Connect on a user’s iOS device:
Download the Installer
Search for Timus Connect on the App Store, or navigate to the Downloads in Timus My and select the latest iOS version.
Launch the Application
After installation, launch Timus Connect. The user must read and accept the End User License Agreement (EULA) before proceeding.
Enter Timus Account Email
The user must enter their Timus account email address to initiate authentication.
Once signed in, the user is directed to the Connect screen.
Select a Gateway
All gateways associated with the user’s authorized sites are listed here. Each gateway includes a real-time round-trip latency metric to assist in selecting the most optimal connection point.
Permission Prompt
On the first connection attempt, iOS will request permission to add a VPN configuration profile.
Use the “Select Fastest” Option
Automatically selects and connects to the gateway with the lowest latency.
Connect
Clicking Connect establishes the secure tunnel between the user’s device and the selected gateway.
The Settings tab in the Timus Connect application allows to configure how the agent behaves on the user’s device. These configurations are managed through Agent Profiles in the Manager portal and can be optionally exposed for user-level control.
You can define and assign custom Agent Profiles to your users through the Manager portal.
VPN Protocol Selection
Choose the tunnel protocol used to establish the connection:
WireGuard
OpenVPN
The Support tab in the Timus Connect application provides essential tools for troubleshooting, diagnostics, and SSL certificate management.
Install certificate
Installs the required Timus SSL Root Certificate to the device. This enables:
Give feedback
Users can submit feedback or suggestions directly to the Timus team. Submissions include device metadata to provide helpful diagnostic context.
Collect logs
Generates a compressed ZIP file containing system and agent logs. The user is prompted to select a location for saving the file. This file can then be sent to you or the Timus support team for investigation.
About:
Displays application version and device metadata useful for technical troubleshooting.
For more information on Timus Connect App versions for different operating systems, go to:
ChaCha20 encryption is used for WireGuard.
AES-256-CBC encryption is used for OpenVPN.
The Blocked IP Addresses screen helps you monitor and manage public IPs that have been automatically blocked due to sign-in policy violations. These blocks are triggered when a User Sign-In Policy or Administrator Sign-In Policy includes the Block IP action—typically used for risky or suspicious login attempts.
📍 To access this screen, go to Insights → Blocked IP Addresses
This view enhances visibility and gives you full control over how your environment responds to unauthorized or anomalous sign-in activity.
The screen is divided into two tabs:
Each row includes:
Column | Description |
---|---|
Public IP | The external IP address that was blocked |
User / Administrator | The account associated with the attempted sign-in |
Policy Name | The sign-in policy that triggered the block |
Location | Geographic location of the IP (if detected) |
Time | The timestamp when the block was applied |
Click the Settings button in the top-right corner to configure auto-unblock behavior.
You can set a duration (in hours) after which blocked IPs will be automatically unblocked, unless a new violation re-triggers the same policy.
Setting | Description |
---|---|
Block Duration | Number of hours an IP remains blocked |
Reset on Violation | Each new violation resets the block timer |
This helps strike a balance between proactive protection and operational flexibility—reducing the need for manual clean-up while keeping your environment secure.
The Password Policies screen allows you to define and enforce secure password rules for both users and administrators. These rules help you strengthen account protection, support compliance frameworks, and reduce the risk of unauthorized access.
📍 To access this screen, go to Users & Teams → Password Policies from the left-side menu
You can configure two predefined policies:
Policy Name | Applies To |
---|---|
Policy for All Administrators | All Timus Manager portal admins |
Policy for All Users | All standard user accounts managed in Timus |
These policies only apply to accounts managed directly within Timus. Users authenticated via external identity providers—such as Microsoft Entra ID, Okta, or Google Workspace—are governed by the password rules set in those platforms.
Click Edit next to a policy to open the configuration form. Each policy includes multiple rule options you can enable or adjust based on your organization’s security standards.
Rule | Description |
---|---|
Minimum character length | Set the minimum number of total characters required. |
Minimum lowercase letters | Require a minimum number of lowercase (a–z) characters. |
Minimum uppercase letters | Require a minimum number of uppercase (A–Z) characters. |
Minimum digits (0–9) | Require numeric digits in the password. |
Minimum special characters | Require symbols such as !@#$%&*+ |
Maximum consecutive digits | Prevent sequences like 1234 or 0000 |
Cannot use commonly used passwords | Blocks popular weak passwords (e.g., password123 , admin2024 ) |
Cannot contain keywords | Allows you to define specific words (like company name or brand) that cannot appear in passwords. |
Cannot contain email prefix | Prevents using the part of the user’s email before @ |
Cannot contain first name | Blocks use of the user’s first name in their password. |
Cannot contain last name | Blocks use of the user’s last name in their password. |
Password expiration period | Forces password renewal after a defined number of days. |
Once saved, changes apply to all newly created, updated, or reset passwords. Existing passwords remain valid until changed or expired.
The User Management screen provides complete visibility and control over all users in your organization. Whether you're onboarding new employees, enforcing security policies, or monitoring user activity, this screen helps you do it all—clearly, efficiently, and at scale.
📍 To access this screen, go to Users & Teams → Users
The user list shows essential details for every user in your system:
Column | Description |
---|---|
Username | Full name of the user |
User’s email address | |
Team | Team membership; shows Unassigned if not assigned |
Tags | Assigned static or dynamic tags |
Remote Sites | Sites the user can access remotely |
Identity Provider | Shows whether the user logs in via internal database or an external IdP |
2FA Setup | Indicates whether two-factor authentication is configured |
Status | Current status of the user |
Created Date | Date when the user account was created |
Click Create New to open the user creation form. You’ll be asked to enter:
Click Save to create the user.
To view a user’s activity and telemetry-based insights, click the ••• next to their entry and select Details.
Events
Behavior Analysis
Traffic
Productivity (if enabled)
If the user’s Agent Profile has Productivity Tracker enabled:
Want to see these insights?
Required Fields |
Notes |
---|---|
First Name |
Max 120 characters |
Last Name |
Max 120 characters |
Email |
Must be in valid format |
Team |
Optional – will auto-create if not found |
Remote Sites |
Optional – must match existing sites |
You can upload up to 500 users in a single CSV.Separate multiple sites using commas: HQ, Branch A, Branch B
Click Export to download the current table view as a CSV file.
Applied filters and sorting are reflected in the export.
The Teams screen allows you to group users into logical units—such as departments, project teams, or locations—to streamline access control, reporting, and policy application.
Grouping users by team helps you manage them more efficiently across different features like tags, remote access, traffic reports, and Sign-In Policies.
📍 To access this screen, go to Users & Teams → Teams from the left-side menu
Each row in the table represents a team. You can view:
Column | Description |
---|---|
Title | The name of the team |
Tags | Static and dynamic tags assigned to the team |
Users | Number of users currently in the team |
Created Date | The date and time the team was created |
The Unassigned group is a system default. Users not assigned to any team will appear here automatically. This team cannot be edited or deleted.
Teams synced from identity providers (e.g., Microsoft Entra ID, SAML 2.0) will appear automatically and are managed externally. You cannot edit or delete them from this screen.
To manually create a team, click the Create New button and complete the form:
Field | Description |
---|---|
Title | The name of the team (required, max 30 characters) |
Tags | Assign static tags to the team (optional) |
Click Confirm to save the team. It will immediately appear in your list.
Team Actions
Click the ••• next to a team to access available actions:
Creating and managing agent profiles in Timus Networks helps in effectively controlling and optimizing user behaviors on your network. By following these steps, you can ensure that network policies are enforced and user experiences are tailored to your organizational needs. If you need further assistance, please feel free to reach out at any time.
Step 3: Click On “ Agent Profiles ”on the Middle Pane
NOTE: Users are required to disconnect and reconnect in order to access the updated settings.
The introduction of a new Agent Profile functionality empowers administrators with granular control over user machine configurations, facilitating seamless integration of preferred rules tailored to organizational needs. This feature encompasses a spectrum of customizable parameters including tunnel type selection, startup configurations, administrative approval requirements for user logins and logouts, and the implementation of productivity tracking mechanisms. By leveraging this advanced toolset, administrators can optimize operational efficiency, enhance security protocols, and streamline user experiences within the system.
The Productivity Tracker is a core feature of Timus Manager that empowers organizations to monitor, analyze, and optimize workforce efficiency. This guide provides step-by-step instructions for managing and utilizing the Productivity Tracker, along with detailed insights into Application Classification and Categorization.
This feature allows you to monitor user activities on Windows and macOS systems through the Timus Connect Application. It categorizes application usage as Productive, Unproductive, or Neutral and provides actionable insights through intuitive reports.
Key Features:
📌 The feature must be activated in the Agent Profiles section to enable Productivity Tracker.
⚠️ Users assigned to this profile will automatically be monitored while signed into the Timus Connect Application.
Applications are automatically classified into Predefined Categories and assigned a Predefined Classification by the system. You can:
Editing Application Details
Go to Settings > Configurations > Productivity tab.
Locate the application in the table and click Edit.
Update the following fields:
⚠️ Changes will reflect in reports and productivity metrics across relevant users or teams.
Productivity data can be reviewed in the Insights > Productivity Reports section. Reports are divided into the following tabs:
Overview:
Teams:
Applications:
📌 Use the Export button to download reports in CSV format for further analysis.
Device Posture Checks in Timus Manager let you enforce access policies based on the real-time security posture of user devices. This ensures that only healthy, compliant, and trustworthy endpoints are allowed to connect—regardless of whether the user has valid credentials.
As a core component of your Zero Trust Security architecture, posture checks shift access decisions from identity-based trust alone to context-aware access, incorporating endpoint risk into every session decision.
📍 To access this screen, go to Zero Trust Security → Device Posture Checks from the left-side menu
To use Device Posture Checks effectively, make sure your Endpoint Protection Platforms (EPPs) are properly integrated. Supported platforms include: Bitdefender, Heimdal, Microsoft Defender, and SentinelOne.
Device Posture Checks allow you to define a set of required conditions a device must meet before access is granted. These conditions are evaluated using telemetry from the Timus Connect agent and integrated EPPs.
Examples of posture attributes include:
Posture checks are continuously evaluated. If a device no longer meets the expected conditions, access can be dynamically revoked or downgraded using User Sign-In Policies and Behaviors.
Navigate to Zero Trust Security → Device Posture Checks. You’ll see a list of existing posture checks. Click Create New to define a new one.
Configure the high-level properties of the posture check:
Field | Description |
---|---|
Title | Name of the posture check (required, max 30 characters) |
Status |
Enabled or Disabled
|
Description | Optional summary for internal reference (max 70 characters) |
Assigned Operating System | Target OS for this posture check: Windows , macOS , Linux , Windows Server , iOS , or Android
|
Each posture check is created per OS. After saving, you will proceed to define the logic using attributes.
In the Attributes tab, you add one or more security conditions based on telemetry or EPP data.
Field | Description |
---|---|
Data Source | Where the data is coming from (Timus Connect or EPP) |
Attribute | Security or system state to evaluate |
Condition | Logical operator (e.g., is equal to , is any of , none of them ) |
Pass Value | Value that must be met for the check to pass |
All attributes must be satisfied unless otherwise configured. For example, you can design posture checks that fail if any required value is missing (ideal for strict security teams).
Not all data sources are available on all operating systems:
OS | Timus Connect | Bitdefender | Heimdal | Microsoft Defender | SentinelOne |
---|---|---|---|---|---|
Windows | ✅ | ✅ | ✅ | ✅ | ✅ |
macOS | ✅ | ✅ | ✅ | ✅ | ✅ |
Windows Server | ✅ | ✅ | ✅ | ✅ | ✅ |
Linux | ❌ | ✅ | ✅ | ✅ | ✅ |
iOS | ❌ | ✅ | ❌ | ✅ | ✅ |
Android | ❌ | ✅ | ❌ | ✅ | ✅ |
Each data source exposes different posture elements:
Once deployed, each user device is evaluated at sign-ins. Failing devices are blocked or prompted with additional authentication steps depending on policies.
Logs and evaluation results are available under: Insights → Device Posture Reports
The device posture reports include:
The Devices screen provides full visibility into all endpoints connecting via Timus Connect. Whether users are on the internal network or working remotely, this screen shows you which devices are active, how they are configured, and whether they meet your organization’s posture policies.
📍 To access this screen, go to Devices from the left-side menu
Devices are listed automatically as they connect to the network. The table provides key technical and contextual information for each endpoint:
Column | Description |
---|---|
Name | Custom device name (alias). If not edited, defaults to system hostname |
MAC | Device’s MAC address |
IP | Most recently reported IP address |
OS | Detected operating system (Windows, macOS, Linux, etc.) |
Client Version | Installed version of Timus Connect |
User | The user associated with the device, if any |
Status | Current connection state |
Tags | Any static or dynamic tags assigned |
Site | Gateway name the device is connected through |
Last Sign-in Date | Timestamp of the last successful connection from this device |
At the top of the screen, you’ll find real-time posture insights summarizing the results of the most recent device check.
Card | Description |
---|---|
Last Posture Check | How long ago the last check was performed |
Devices Checked | Total number of devices evaluated |
Devices Passed ✅ | Devices that passed all active posture checks |
Devices Failed ❌ | Devices that failed one or more posture conditions |
These posture results are based on the Device Posture Checks configured under Zero Trust Security. Only devices with telemetry enabled via Timus Connect are evaluated.
Device Actions
Click the ••• next to any device:
Bulk Actions
You can select multiple devices and apply actions in bulk via the Actions menu at the top:
In earlier version, assigning a static IP to a device was done through the Edit Device screen. This has now been moved under Interface Management to align with interface-level configuration best practices. it has now been moved under Edit Interface screen.
This update ensures:
The Trusted Networks screen lets you define specific networks that are considered secure and reliable. When a user connects from one of these networks, certain policies—like authentication requirements or posture enforcement—can be relaxed or adapted accordingly.
This feature is especially useful in Zero Trust environments where context matters as much as identity. By defining what you trust, you gain flexibility without compromising security.
📍 To access this screen, go to Settings → Configurations → Trusted Networks
Trusted Networks only work if the Trusted Networks feature is active in the Agent Profiles.
Each row represents a defined trusted network entry:
Column | Description |
---|---|
Title | The name you give the trusted network (e.g., Office Wi-Fi ) |
Description | Optional notes to help you recognize the network |
Network Type | How the network is identified — via SSID , Wired , or Wireless
|
Status | Current status of the trusted network |
You can add multiple entries to account for different branches, remote offices, or known home setups.
Click Create New to define a new trusted network. You’ll see a modal with the following fields:
Field | Description |
---|---|
Title | A recognizable name for this network (required) |
Status | Set to Enabled or Disabled
|
Description | Optional description to provide internal context |
Network Type | Choose how the network is identified: - SSID : Useful for known Wi-Fi names- Wired : Matches any physical (LAN) connection- Wireless : Matches all wireless connections
|
Source MAC | The MAC address of the router or access point (required for SSID or Wireless types) |
The Tunnel Configuration screen allows you to define how specific users or teams route their internet or application traffic—either directly through the internet or securely over a VPN tunnel.
This configuration ensures more granular control over how data flows between users and remote destinations, based on your access or compliance requirements.
📍 To access this screen, go to Agent Configuration → Tunnel Configuration
You can define a new routing rule by clicking the Create New button at the top right of the Tunnel Configuration screen.
Field | Description |
---|---|
Title | Enter a descriptive name for this configuration (max 30 characters) |
Source | Select one or more users or teams. This defines who the rule applies to. You can mix both types if needed. |
Destination | Choose how the destination should be reached. You can define multiple destinations: - Through VPN: Routes traffic securely over VPN. Requires either an IP address or a domain. - Through Internet: Sends traffic directly over the public internet. Only IP address input is supported here. You can add multiple destinations in the same configuration. |
The Agent Profiles screen allows you to centrally define how the Timus Connect app behaves across user devices—including Windows, macOS, iOS, and Android platforms. This ensures that VPN behavior, telemetry reporting, DNS handling, and security policies are applied consistently across your organization.
📍 To access this screen, go to Users & Teams → Agent Profiles from the left-side menu
Use profiles to enforce secure defaults, automate VPN behaviors, and apply settings dynamically to specific users, teams, or tags.
Each row in the Agent Profiles table includes:
Field | Description |
---|---|
Title | The name of the profile |
Description | Internal notes about its purpose |
Status | Current status of the profile |
The Default Profile cannot be renamed or deleted, but you can modify its settings.
Click Create New to begin. In the setup modal:
Enabled
****or Disabled
Users
, Teams
, or Tags
Once assigned, the profile opens platform-specific configuration tabs for detailed setup.
These platforms offer comprehensive control over how Timus Connect operates. Settings include:
Setting | Description |
---|---|
Tunnel Protocol | Choose between WireGuard or OpenVPN ; optionally allow users to switch |
WireGuard MTU / OpenVPN MTU | Fine-tune WireGuard MTU and OpenVPN MTU for performance (defaults: 1420/1500) |
Start on boot | Launch Timus Connect automatically when the system starts |
Connect on application start | Automatically connect VPN when Timus Connect opens |
Always-on VPN | Keep VPN connected continuously; optionally restrict disconnect to administrators only |
Trusted networks | Define known networks where VPN auto-disconnects (e.g., office Wi-Fi) |
Productivity tracker | Enable application usage tracking for productivity reporting |
Enforce Local DNS responder | Enforce DNS resolution through local responder for added security |
Auto update | Automatically update the Timus Connect application |
Telemetry | Enable diagnostic data collection for performance analysis |
🆕 Smart Tunnel Protocol Fallback | Detects and auto-switches to the most stable protocol in real time (Ideal for mobile or unstable connections) |
🆕 Adaptive MTU Adjustment | Dynamically applies optimal MTU values to improve VPN stability (Reduces fragmentation, no manual tuning required) |
🆕 Smart Tunnel Protocol Fallback and Adaptive MTU Adjustment features are added to reduce connection issues and optimize performance in real-time—especially useful in mobile, roaming, or constrained network environments.
💡 Want to give users control over certain settings? Enable the User can modify toggle for those fields.
Mobile platforms include essential VPN controls:
Setting | Description |
---|---|
Tunnel Protocol | Choose WireGuard or OpenVPN ; allow switching if needed |
This guide will walk you through the process of integrating JumpCloud with Timus using SAML 2.0 for secure Single Sign-On (SSO). Follow these steps to configure your JumpCloud application and complete the setup within Timus Manager.
After saving, you will be directed to the app configuration screen.
JumpCloud Field | Value |
---|---|
IdP Entity ID |
Provided automatically by JumpCloud (e.g., https://sso.jumpcloud.com/saml2/timusnetworks )
|
SP Entity ID | Same as IdP Entity ID |
ACS URL | https://auth.timuscloud.com/user/external/saml |
Subject NameID | email |
NameID Format | urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified |
Signature Algorithm | RSA-SHA256 |
Signing Option | Assertion and Response |
✅ JumpCloud uses the Display Label to auto-generate the Identifier. Ensure your app name is unique to avoid conflicts across SDNs in Timus.
Name | Value |
---|---|
firstname |
User's first name |
lastname |
User's last name |
4️⃣ Assign Users or Groups
Only users assigned to this SAML app will be able to authenticate through it.
Timus Field | Entra Equivalent |
---|---|
Title | e.g., JumpCloud SAML
|
Identifier |
https://sso.jumpcloud.com/saml2/[app-name] (auto-generated from Display Label) |
SAML 2.0 Service URL | Same as Identifier |
X.509 Certificate | Copy the Hex format certificate from the JumpCloud SAML Certificate section |
JumpCloud generates the Identifier based on the application's name. For example, naming your app timusnetworks
results in: https://sso.jumpcloud.com/saml2/timusnetworks
❗ This value must be unique across all SDNs.
To avoid conflicts:
The first successful login creates the user in Timus. Future sign-ins can occur directly from the Timus Connect application.
firstname
, lastname
, and nameID (email)
are included
The SAML 2.0 Integration in Timus Manager allows you to configure secure, standards-based Single Sign-On (SSO) for users authenticating via identity providers such as Okta, JumpCloud, or Microsoft Entra ID. This enables your organization to enforce consistent identity policies while simplifying access to Timus applications.
Timus supports multiple SAML integrations per tenant. The integration card displays the number of active configurations, and each can define its own access scope and remote access permissions.
Field | Description |
---|---|
Title | A unique, descriptive name for this integration |
Identifier | Also called the Issuer—provided by your IdP (e.g., https://your-idp.com/saml ) |
SAML 2.0 Service URL | The login URL users are redirected to for SSO |
X.509 Certificate | Public certificate used to validate incoming assertions |
Require Encrypted Assertions (optional) | Enables encrypted SAML responses; only use if your IdP supports encryption and has exchanged public keys with Timus |
Allowed Sites | Select the gateways this integration provides access to |
Remote Access | Toggle remote (VPN-style) access for users authenticating via this integration |
You can define different Allowed Sites and Remote Access settings per SAML integration to support flexible, identity-based access policies.
To complete the setup process, refer to the guide matching your Identity Provider:
Each guide includes:
Ensure your Identity Provider maps the following attributes to enable accurate user provisioning:
nameID
– Email address (used as the unique user ID in Timus)firstname
– User’s first namelastname
– User’s last nameThese attributes are required for displaying user identity properly in the Timus Manager and for enforcing user-based access rules.
If you enable the Require Encrypted Assertions checkbox:
Only activate this setting if encryption is supported and configured correctly on both sides.
It may take up to 30 minutes for a new integration to fully sync, depending on group complexity and user volume.
If users are unable to log in:
Identifier
and Audience
valuesAssertion Consumer Service (ACS)
URLnameID
, firstname
, lastname
)https://auth.timuscloud.com/user/external/saml
https://auth-beta-us-01.timuscloud.com/user/external/saml
This article guides you through establishing a secure site-to-site IPSec tunnel connection between your Timus Network and an Amazon Web Services (AWS) Virtual Private Cloud (VPC).
Prerequisites:
Important Note:
This article provides a general overview of the configuration steps. The specific settings may vary depending on your individual Timus and AWS configurations. Refer to the official documentation for both Timus and AWS for the latest configuration details and any advanced options.
Configuration Steps:
Review the example configuration above, Following the on-screen instructions to configure the VPN endpoint details, including the Outside IP address of your Timus Network gateway.
Additional Resources:
Disclaimer:
This guide is intended for informational purposes only. The accuracy and completeness of the information may vary depending on specific Timus and AWS configurations. For troubleshooting or advanced configuration assistance, please contact Timus Network support or refer to the official documentation for both platforms.
The Settings → Integrations screen in Timus Manager provides a centralized interface to manage all available third-party integrations. These integrations extend Timus capabilities by synchronizing with identity providers, endpoint protection platforms (EPPs), directory services, and notification tools—powering automation, visibility, and security throughout your network.
📍 To access this screen, go to Settings → Integrations
Each integration appears as a tile showing:
Connect to your on-premises AD using the Timus Directory Connector. Synchronize users and groups, assign them to specific teams, and control access to sites.
Active Directory
Synchronize your Active Directory users and groups with Timus. Users can sign in using their AD credentials.
Go to Active Directory Integration Guide
Google Workspace
Synchronize users and groups using a service account. Supports Google SSO and group-based access mapping for Cloud Gateways and remote connectivity.
Go to Google Workspace Integration Guide
Microsoft Entra ID
Authenticate and sync users from Azure Entra ID (formerly Azure AD). Supports team assignment, gateway access control, and user tagging by Entra groups.
Go to Microsoft Entra ID Integration Guide
Okta
Use Okta as your identity provider for federated SAML authentication. Supports user mapping, group-based access, and automatic user provisioning on first sign-in.
SAML 2.0
Integrate with any generic SAML 2.0 provider (e.g., JumpCloud, Entra ID, Okta) to enable Single Sign-On (SSO). Supports per-provider access scopes and remote access toggles.
Go to SAML 2.0 Integration Guide
All identity integrations support team-based access control and can be used to trigger ZTNA policies or link posture enforcement.
These integrations enable Device Posture Checks by retrieving real-time telemetry from EPP agents. This allows Timus to assess device health and enforce conditional access policies.
Bitdefender
Collect security posture data from Bitdefender EPP. Enforce posture checks using attributes such as malware detection, agent update status, disk encryption, and risk scores.
Go to BitDefender Integration Guide
Heimdal
Ingest posture telemetry from Heimdal, including detection resolution status, vulnerable software risk scores, and threat severity. Supports attribute-based posture enforcement.
Microsoft Defender
Fetch threat intelligence and endpoint state data via Microsoft Defender APIs. Supports posture enforcement for antivirus status, signature updates, exposure level, and more.
Go to Microsoft Defender Integration Guide
SentinelOne
Connect to your SentinelOne tenant to retrieve real-time endpoint protection data such as disk encryption status, agent presence, and infection state.
Go to SentinelOne Integration Guide
Pair these EPP integrations with Device Posture Checks to dynamically allow, deny, or isolate user sessions based on real-time device health.
These integrations push critical Timus events to external platforms—keeping your IT and security teams proactively informed.
Google Sheets
Automatically export user sign-in/out events or device activity logs to a connected Google Sheet. Useful for custom dashboards, reporting, or long-term log retention.
Go to Google Sheets Integration Guide
Slack
Send alerts directly to a Slack channel. Includes posture violations, sign-in attempts, and other high-priority system messages.
Telegram
Receive real-time alerts via private Telegram messages. Link your Telegram account to the Timus bot using a secure pairing code.
Go to Telegram Integration Guide
ConnectWise
Streamlines invoicing and billing processes for MSPs, ensuring accuracy by syncing product catalogs and usage data directly with ConnectWise agreements. This reduces manual input, saving time and reducing the risk of errors. With the integration, MSPs can anticipate smoother billing operations, thanks to automated syncing of product and usage data. This integration provides seamless invoicing management, allowing partners to focus on customer success rather than manual billing tasks.
The Active Directory (AD) Integration in Timus Manager enables seamless synchronization of your on-premises AD users and groups with your cloud environment. This allows centralized identity management, site-based access control, and automated user provisioning—making it ideal for enterprise and hybrid deployments.
Before getting started, ensure:
Need help generating API credentials?
The agent runs as a background service and communicates securely with Timus Cloud.
These credentials are used to authenticate the Directory Connector. Store them securely and never share publicly.
Upon successful login, the agent will initialize and display:
Fill in the required AD domain and bind credentials to proceed.
🔄 Synchronization will continue periodically while the agent remains active and authorized.
Once synchronization is enabled, the Directory Connector initiates a periodic sync every 15 minutes to fetch the latest users and group data from Active Directory.
Synchronized users can sign in using their Active Directory email and password.
Only users with valid Name and Email attributes in Active Directory are eligible for synchronization.
Important: The Synchronization Status must be remain ON for periodic or manual sync to function properly.
Note: You can sync one SDN with one Active Directory.
In the Mapping section:
Site permissions apply immediately and can be adjusted later under Users or via Bulk Actions.
To deactivate:
Disabling the integration will:
The BitDefender Integration in Timus Manager allows you to retrieve real-time endpoint security data from your BitDefender GravityZone environment. This integration enhances your Device Posture Checks under Zero Trust Security, enabling you to assess device compliance based on live security posture signals—without installing new agents or modifying endpoints.
Once connected, BitDefender will appear as a selectable Data Source in posture check configurations.
Before starting:
https://cloud.gravityzone.bitdefender.com
)
Timus Integration
)Endpoints** → Read
Network** → Read
🔐 Store your API key securely. It will be required during configuration and should not be shared externally.
Your Management URL is the base address of your GravityZone tenant (e.g., https://cloud.gravityzone.bitdefender.com
).
Make sure this URL matches the region or hosting environment used by your organization.
If the credentials are valid, BitDefender will be activated as a data source and ready for use in posture policies.
Once enabled:
To turn off the integration:
Disabling the integration will:
This article explains how to access data on the ZTNA Dashboard and enhance productivity and security by leveraging all available information in zero trust scenarios.
The Zero Trust Network Access (ZTNA) Dashboard provides a complete overview of all user and admin events within your network, all displayed on one page.
To filter the data displayed in widgets, start by using the User & Admin Events filter and the time filter located in the upper-right corner of the ZTNA Dashboard.
Access the information on successful logins, failed logins, high-risk login attempts, lockouts for failed logins, sign-in rule denies, and sign-in locations on graph and a map.
To add customized behaviors to your network, visit Timus Manager, then select Zero Trust Security> Behaviors. This allows you to expand on the default behaviors provided by ZTNA for more comprehensive risk assessments in network use cases.
To find your network's pre-configured behaviors, go to the Name and Details parameters page. These behavior settings are already set up for your network and can be viewed and adjusted if necessary.
The general information of the default behaviors displayed on the page are as follows:
To create custom behaviors for your network policies, do the following:
Timus Zero Trust Policies provides a user/ behavior-based access control as an alternative to traditional IP-based access control and makes it easier for an organization to manage network access.
The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other policies.
It means that you are able to prioritize the Timus ZTNA rules by yourself.
It allows for more granular control over access rights, ensuring the right people have the right access at the right time.
The security model of this zero trust approach protects your organization against potential threats by increasing network security.
This article shows administrator how to create Timus ZTNA's behavior-based administrator sign-in policies and apply them to your network.
Timus ZTNA's policies provide a distinctive and enhanced access control approach to expand your business while maintaining the fundamental aspects of your network security: Infrastructure, Application and Data, User and Device.
To protect your organization and users against today's ever more sophisticated cyber security threats, you can create User/Administrator-based sign-in policies in Timus Manager that automatically respond to any predefined risk level.
On the Admin Sign-in Policies page, you can view the following left to right:
The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other Admin Sign-In policies.
It means that you are able to prioritize the Timus ZTNA rules by yourself.
You cannot Deactivate or Delete the default administrator sign-in policy.
On the Source tab,
On the Condition tab,
When "All Selected Behaviors" is chosen, all selected behaviors such as Untrusted IPs, New Device, and Breached E-mail Address must be active simultaneously for the policy to take the action.
When "Any Selected Behavior" is chosen, at least one of the selected behaviors must be triggered the policy to take the action.
You can consider All Selected Behaviors like "AND &&" and Any Selected Behaviors like "OR ||" as in coding language.
Experience the user-friendly interface of Timus by hovering over the info icons on the policy creation screen:
When you add a behavior to the policy with the add behavior button on the screen and hover over that behavior, you can view the brief explanation about the behavior you added:
In the Action tab,
Decide what action the system should take when a behavior triggers the policy. The actions defined in the system are as follows:
You can set multiple actions for multifactor authentication with Timus ZTNA.
The actions you select are numbered in the tab shown on the left.
So, in a scenario where the first authentication step fails, you can enable another action for login attempts and send authentication setup instructions to administrators who have not completed the setup process.
On the Alerts and Notifications tab, you can configure the policy to send Alerts and Notifications each time it is triggered.
Cloud Gateway management has been completely reengineered in version 1.30.0—not just redesigned, but fundamentally rethought to align with real-world needs. This version introduces a scalable, observable, and operationally sound foundation for managing your network edge across distributed environments.
Previously, managing a Cloud Gateway meant navigating shared creation flows, fragmented configuration areas, and external troubleshooting tools. This made even basic operations more complex, and made advanced ones unnecessarily error-prone. There was no unified structure—just a set of loosely connected functions.
With this release, that fragmented experience is replaced by a modular, transparent, and fully integrated architecture. Each gateway is now created through a dedicated flow. Every operational aspect—DNS, traffic filtering, routing behavior, interface configuration, diagnostics—is surfaced in its own clear section. Instead of scattering control, the system now delivers it.
More importantly, Cloud Gateway management now speaks the same language as your network. Real-time telemetry, centralized IP planning, role-based interface provisioning, and structured failover logic come together in one place. You no longer have to guess how the system behaves under load or during routing shifts—you can see it, act on it, and trust it.
📍 To access this screen, go to Sites from the left-side menu
The Sites screen remains your central hub for managing Cloud Gateways and IPsec Connectors. It displays essential metrics such as region, gateway health, throughput, and the number of connected devices.
Column | Description |
---|---|
Name | The display name you assigned to the site |
Region | The cloud region where the Cloud Gateway is hosted |
Type | Displays the gateway type (Controller for Cloud Gateways)
|
Health | Displays the real-time connection quality to the Timus Cloud |
Throughput | Real-time upload and download bandwidth |
Networks | Total number of interfaces defined on the gateway |
Devices | Number of actively connected endpoints |
Status | Current operational state of the gateway |
You can manage each gateway through the ••• menu, with options to:
In previous versions, clicking Create New opened a shared modal for both Cloud Gateways and Connectors — often resulting in errors or incorrect selections.
In this version:
Click Create Site to start provisioning a new Cloud Gateway.
Field | Description |
---|---|
Type | Cloud Gateway |
Title | Required — enter a unique name to identify the gateway |
🆕 The Gateway Version is assigned automatically to ensure consistency across your deployment and reduce manual errors.
Once saved, your gateway will appear in the Sites list, ready for further configuration.
Click Details to open the configuration screen. Each section is organized into its own tab for clarity and modular management.
Tab | Purpose |
---|---|
Overview | View real-time metrics like latency, throughput, and connection health |
DNS | Manage global DNS servers, static records, and internal Split DNS |
Advanced Filtering | Enable and configure Web Filter, Application Filter, and Antivirus |
Firewall Settings | Adjust packet-level behaviors like ICMP and multicast |
Diagnostics | Troubleshoot with live tools like Ping, Traceroute, and DNS Lookup |
Logs | Browse structured log entries |
Maintenance | Schedule updates and define safe upgrade windows |
Advanced Settings | Optimize network performance at the protocol level |
Each tab contains feature-specific tools and settings designed to work independently and in combination.
Overview
The Overview tab provides real-time telemetry and metadata for your gateway.
Metric | Description |
---|---|
Health | Stability and reachability to the Timus Cloud |
Throughput | Real-time upload and download speeds |
Latency | Round-trip time to cloud services |
Jitter | Latency variation over time |
Loss | Packet loss percentage |
View time-series graphs for metrics such as:
You can filter the view by interface and time range for granular troubleshooting.
Field | Description |
Region | Hosting region of the gateway |
Type | Cloud Gateway |
Application Filter | Whether traffic identification is active |
Web Filter | Whether category-based filtering is applied |
Antivirus | Whether HTTP(S) download scanning is enabled |
Gateway Version | Current software version |
Status | Operational status of the gateway |
Every Cloud Gateway comes with pre-provisioned interfaces:
Column | Description |
---|---|
Name | Identifier for the interface |
Type | Physical or tunnel |
Role | LAN, management, or other custom-defined use |
IP / Network | IP address and subnet |
Status | Interface state |
Bound Interfaces | Related virtual or bonded interfaces |
Addressing Mode | DHCP or Static assignment |
Description | Optional purpose or note |
Interface Configuration:
Manage your interfaces in one place. Assign roles, set IP configurations, and view system-level details like MTU and MAC address.
Go to Interfaces & IP Management Guide
Use the following configuration tabs to control how your Cloud Gateway filters, resolves, logs, and responds to traffic across your environment.
The Diagnostics tab provides built-in tools that help you investigate connectivity problems, resolve DNS issues, and monitor live network activity—all directly from the Cloud Gateway.
Unlike client-side tests, these diagnostics run at the edge of your network, offering a more accurate and authoritative view of what’s happening.
To get started, choose a test from the Diagnostic Tool dropdown. Each tool has its own fields and outputs, shown dynamically as you switch between options.
Use this tool to validate DNS resolution from the gateway’s perspective. It checks whether the configured DNS servers are responding correctly to queries.
Field | Description |
---|---|
Domain Name | Enter the domain (e.g., example.com ) to resolve. The gateway returns the resolved IP address or failure reason. |
✔️ Ideal for testing Split DNS behavior or resolving internal/external domain failures.
This tool offers a real-time view of network usage per interface. It includes bandwidth statistics and detailed flow-level visibility.
Field | Description |
---|---|
Interface | Select the interface to monitor. |
IP | (Optional) Filter by source or destination IP to narrow down results. |
Once started, the gateway shows:
Use this to identify anomalies, monitor policy effects, or debug bottlenecks in specific interfaces.
This classic test sends ICMP Echo Requests to a remote host, helping you confirm reachability and measure latency.
Field | Description |
---|---|
IP Address or Domain | Enter a hostname or IP address (e.g., 8.8.8.8 ). Response times and status will be returned. |
A reliable way to test internet access or upstream availability from the gateway itself.
Traceroute shows the full path a packet takes from the gateway to a destination, including each intermediate hop and the delay it introduces.
Field | Description |
---|---|
IP Address or Domain | Input a remote host or IP to trace. You’ll see a hop-by-hop list of routers and latency values. |
Helps you identify routing issues, delays, or unreachable segments.
The Firewall Settings tab gives you granular control over how the Cloud Gateway processes certain types of low-level network traffic. These settings operate below policy-level enforcement and directly influence how the firewall engine reacts to broadcast, multicast, UDP, ICMP, and IPsec-related flows.
This section is especially useful for fine-tuning network behavior in environments where bandwidth usage, attack surface, or protocol edge cases must be carefully managed.
Each setting includes an on/off toggle and, where supported, an optional logging feature that writes matching packet data to the traffic logs.
⚠️ These options affect how traffic is handled at the system level. Misconfiguration can lead to dropped sessions or reduced network visibility. Use with care.
Setting | Description |
---|---|
Drop broadcast traffic packets | Prevents Layer 2/3 broadcast traffic from entering or passing through the gateway. Optional logging shows dropped packets in the traffic logs. |
- Recommended for environments where broadcasts are unnecessary or may pose a security risk. | |
Drop multicast traffic packets | Filters out multicast traffic commonly used by discovery protocols or group communication apps. Optional logging provides insight into multicast activity and misconfigured services in the traffic logs. |
- Helpful in reducing noise and limiting unwanted traffic exposure. | |
Increase firewall UDP timeout | Extends the default timeout period for UDP flows. |
- Useful in media-heavy environments where VoIP or video traffic may otherwise time out prematurely. | |
Enable ICMP redirection | Allows the gateway to issue ICMP Redirect messages to endpoints. |
- Typically disabled for security, but may be required in specialized routing setups. | |
Enable ISAKMP/IKE fragmented packet handling | Enables support for fragmented IPsec Phase 1 packets. |
- Important when dealing with VPN peers that send large or split IKE payloads. |
If logging is enabled for broadcast or multicast drops:
💡 Enable logging during testing or diagnosis, then disable it in stable environments to conserve resources.
The Advanced Filtering tab gives you full control over how outbound traffic is inspected and restricted at the application layer. These policies are applied globally—across all interfaces—and help ensure that your network remains secure, compliant, and aligned with usage expectations.
By enabling this feature set, you can:
Whether you're securing a single branch or managing multiple distributed sites, Advanced Filtering provides a unified inspection layer directly on the gateway—no external proxy or agent required.
The Web Filter allows you to define which types of web traffic should be inspected and controlled based on destination port and protocol.
Field | Description |
---|---|
Web Filter | Toggle to enable or disable web domain filtering. |
- When enabled, domains are inspected and evaluated against the configured rules. | |
Protocol | Select from HTTP , HTTPS, or define custom variants. |
- Use custom options to target non-standard ports. | |
Port | Define the destination port (e.g., 80 , 443 , 8080 , 8443 ) to be filtered. |
- Only traffic on these ports is inspected. | |
Add | Adds the selected protocol-port pair to the active inspection list. Multiple entries can be configured. |
Use category-based filtering to block access to social media, adult content, or risky domains across all traffic passing through the gateway.
The Application Filter enables deep packet inspection to classify traffic by application protocol, even when ports or encryption obscure the destination.
Field | Description |
---|---|
Application Filter | Toggle to enable or disable app-layer visibility. |
- The gateway will inspect and classify traffic by application type, regardless of port or encryption. |
Recommended for environments where productivity monitoring or app usage insights are important—especially where traditional port-based filters fall short due to encrypted or obfuscated traffic.
The Antivirus engine scans filtered traffic for known malware and threats.
Field | Description |
---|---|
Antivirus | Toggle to enable or disable threat detection. |
- The engine scans content for known threats before allowing it to pass through to the user. |
Ideal for networks that lack strong endpoint protection or allow guest/BYOD access.
The Sites → Details → Networks tab introduces a redesigned and centralized interface management system for Cloud Gateways. This update replaces fragmented configurations from previous versions with a unified, policy-driven model that simplifies control, improves visibility, and reduces the risk of misconfiguration.
Each Cloud Gateway includes three core interfaces by default:
he table provides a detailed overview of each interface:
Column | Description |
---|---|
Name | System-assigned interface name |
Type | Interface type (e.g., Physical, Tunnel) |
Role | Interface function, such as WAN or LAN |
IP / Network | Assigned IP address and subnet |
Status | Current operational status |
Bound Interfaces | Physical link associated with tunnels |
Addressing Mode | Static or DHCP |
Description | Short explanation of the interface’s purpose |
The ••• menu on each row allows:
port0
(WAN)tun0
, wg0
)🆕 Static IP assignment now occurs within the DHCP tab of each tunnel interface—streamlining workflows and eliminating fragmented logic.
port0
– Physical InterfaceThe WAN interface configuration is read-only and provides full metadata visibility.
1. Configuration
Field | Description |
---|---|
Description | Default system label |
Status | Operational state |
Interface Type | Physical |
Role | WAN |
MTU | Maximum packet size |
Address Assignment | DHCP |
MAC Address | System-assigned hardware address |
Access Restriction | Toggle ping/web access |
🆕 Previously hidden details like MTU and MAC address are now visible to improve diagnostics and audit readiness.
🚫 The DHCP tab is disabled for WAN interfaces, as they don’t provide DHCP services.
tun0
, wg0
Tunnel interfaces connect remote users or networks securely. Version 1.30.0 replaces per-device IP assignments with centralized management.
1. Configuration
Field | Description |
---|---|
Description | A short information of the interface |
Interface Type | Tunnel |
Tunnel Type | OpenVPN or WireGuard |
MTU | Maximum packet size |
Interface | Parent physical interface |
Address Assignment | Static |
IP Address / Netmask | Subnet allocated for tunnel clients |
Protocol / Port | Tunnel protocol and listening port |
Cipher / Compression (OpenVPN only) | Encryption tuning |
SSL Inspection | Toggle HTTPS inspection |
Application Filter | Toggle app-level visibility |
Enable DNS | Use this interface’s DNS |
Access Restriction | ICMP/HTTP control |
2. DHCP 🆕
This tab allows you to manage tunnel-level DNS and Static IP Reservations.
DNS Configuration:
Field | Description |
---|---|
Domain Name Servers | DNS servers offered to tunnel clients |
Search Domains | Auto-suffix domains for resolution |
IP Reservation:
Field | Description |
---|---|
Type | Reservation type: Device |
Device Name | Select from known clients |
IP Address | Reserved IP inside tunnel subnet |
🆕 This method ensures accuracy, avoids IP conflicts, and simplifies audits—replacing manual per-device entries from previous versions.
This guide helps you configure your database to accept connections from devices using the Timus connect. It includes how to find the Timus IP and properly allow it in your database setup.
Edit pg_hba.conf
and add:
# TYPE DATABASE USER ADDRESS METHOD host all all <Timus_IP>/32 md5
Then restart PostgreSQL:
sudo systemctl restart postgresql
This article will help you establish a site-to-site IPsec connection between Timus Networks and Cisco Meraki.
Navigate to:
Security & SD-WAN > Configure > Site-to-site VPN
Click Add a peer to begin setting up the connection.
IPsec Tunnel to Timus
IKEv1
Timus Gateway Public IP
Timus Gateway Public IP
Your Pre-shared Key
Static
192.168.249.0/24
All Networks
AES256
SHA256
2
28800 seconds
AES256
SHA256
Disabled
3600 seconds
Ensure the local LAN you want to share over the tunnel is Enabled:
10.105.0.0/23
Parameters:
Miscellaneous:
Phase 2 configuration of Timus:
The Administrator Sign-In Policies screen allows you to enforce context-aware authentication rules for Timus Manager administrators using behavior-based Zero Trust principles. These policies help you protect your infrastructure, applications, and sensitive data by dynamically responding to sign-in attempts based on risk factors and behavioral context.
📍 To access this screen, go to Zero Trust Security → Administrator Sign-In Policies
The main table lists both default and custom sign-in policies:
Column | Description |
---|---|
Name | Name of the policy |
Description | Summary of its purpose |
Status | Current status of the policy |
Policies higher in the list are evaluated first. You can reorder them using drag & drop to change priority.
Click Create New to open the policy builder. You’ll configure the policy using four tabs:
Specify the administrators this rule applies to:
Define the sign-in context in which the policy is enforced:
Field | Description |
---|---|
Risk Level | Any , Low , Medium , or High |
Behavior Conditions | Select one or more behavior conditions (see supported types below) |
Behavior Match Logic | All Selected Behaviors (AND) or Any Selected Behavior (OR) |
Schedule | Limit policy to specific times/days if needed |
Behavior Type | Purpose |
---|---|
New Device | Detects sign-ins from previously unseen devices |
Out of Radius | Flags sign-ins from locations outside usual geographic range |
New Country | Detects logins from new countries based on past activity |
Impossible Travel | Detects geographically implausible login movement |
Last Sign-In Date | Triggers if administrator hasn’t signed in recently |
Untrusted IP | Flags risky IPs (proxy, botnet, TOR, abuse score, etc.) |
Breached Email | Flags email addresses found in breach databases |
Consecutive Failures at Same Account | Detects brute-force attempts on a single user |
Consecutive Failures at Any Account | Detects credential stuffing attempts across administrators |
Specify how the system should respond if the policy conditions are met:
Option | Behavior |
---|---|
Allow | Permit access |
Deny | Deny access |
MFA - Email | Require email-based OTP |
MFA - Authenticator App | Require app-based TOTP |
Deny and Block IP | Deny access and blacklist the IP address |
You can configure multi-step MFA (e.g., Email + App fallback) to strengthen layered authentication.
Improve incident visibility and team coordination with real-time alerts:
Success
, Failure
, Timeout
Success
, Failure
, Timeout
The Zero Trust Security → Behaviors screen lets you define dynamic conditions that detect suspicious, risky, or non-compliant activity across your organization. These behaviors are not standalone actions—they act as conditions that can be reused across multiple Sign-In Policies.
They help you enforce adaptive access decisions based on context such as:
📍 To access this screen, go to Zero Trust Security → Behaviors
Each Behavior Type represents a category of detection logic. Within each type:
Each behavior includes a ••• where you can:
Behavior Type | Options |
---|---|
Default | View or Duplicate |
Custom | View, Edit, Duplicate, or Delete |
This allows you to use system-provided templates or customize logic to match your organization's risk model.
lick Create Behavior to open the configuration modal. You’ll be asked to:
Once created, behaviors become available as conditions when building Sign-In ****Policies.
Available Behavior Types
Type | What It Detects |
---|---|
New Device | Sign-ins from previously unseen devices |
Out of Radius | Location-based anomalies outside past proximity |
New Country | Sign-ins from countries not seen in recent history |
Impossible Travel | Improbable travel speeds between sign-in locations |
Last Sign-In Date | Long periods of account inactivity |
Untrusted IP | Risky or anonymous IP addresses (VPN, proxy, abuse) |
Breached Email | Email address found in public breach data |
Consecutive Failures – Same Account | Repeated failed logins to one account |
Consecutive Failures – Any Account | Failed logins across multiple accounts |
Device Posture Check | Whether a device passed or failed posture validation (User Sign-In policies only) |
Once created, behaviors can be added as conditions to any Sign-In Policy—enabling dynamic access control based on context.
During sign-in or access evaluation:
“Allow access only if the device is trusted, and the IP is not untrusted.”
This adaptive model replaces static rules with real-time, context-aware security enforcement.
The Rules → Categories screen helps you organize both domains and applications into manageable groups, so you can apply traffic policies more efficiently and consistently across your organization.
With this version, this screen was redesigned to combine and enhance two powerful concepts:
You can now enforce access control at two levels:
📍 To access this screen, go to Rules → Categories
Website categories help you manage access to groups of domains instead of defining individual entries. You can use these categories in firewall rules, especially in environments where you want to:
🔸 Website Categories Table
Column | Description |
---|---|
Title | The name of the website category |
Type | Predefined or Custom |
Total Entries | Number of domains in the category (only for Custom ) |
The Whitelist category is fixed at the top and allows you to bypass all filtering rules for the included domains. Any domain listed here is always allowed.
Use the search bar at the top of the screen to look up any domain. If the domain exists in a category, the result will show which one. This is especially helpful for:
Click Create New to add a custom website category. Each category can then be managed using the ••• to:
You’ll see two management tabs:
This new section introduces application-based traffic classification, giving you visibility and control over apps detected through your network activity—even when domain filtering is not enough.
These categories are:
Column | Description |
---|---|
Title | The name of the application category |
Total Applications | Number of applications in the group |
View | Opens a detail modal showing the list of applications |
You can reference both Websites, Website Categories, Applications, and Application Categories under the Destination field when creating Firewall Rules.
This gives you:
The Rules → Firewall screen allows you to define how your organization handles network traffic. By configuring Allow or Deny actions based on source, destination, service, and time schedule, you can enforce strict access controls and secure your environment—whether you’re blocking suspicious activity, protecting internal systems, or managing internet usage.
📍 To access this screen, go to Rules → Firewall
The Firewall Rules table lists all firewall rules in the order they are evaluated—top to bottom. The first matching rule is applied, so rule order directly impacts behavior. You can drag and drop rules to reprioritize them.
Column | Description |
---|---|
ID | Unique identifier assigned to each rule |
Type | Indicates whether the rule is created by your team (Client ) or delivered by your partner as a security baseline (Global ) |
Source | Defines the traffic origin (e.g., IP, User, Device, Tag, or Interface) |
Action | Choose to Allow or Deny traffic |
Destination | Defines the target (e.g., IP, Application, Website Category) |
Service | The type of traffic or protocol (e.g., HTTP, DNS, or a custom service) |
Description | Short label explaining the rule’s purpose |
Status | Current status of the rule |
Click Create New to open the rule configuration screen. Here’s a breakdown of the key:
Field | Description |
---|---|
Description | (Required) A meaningful name for identifying the rule |
Action | (Required) Choose whether to Allow or Deny matching traffic |
Status | (Required) Enable or disable the rule upon creation |
Sources | Default is Any. You may specify multiple entries, including: Network, Site, IP, Location, User, Team, Device, Tag, or Interface (with Gateway 14.0.0) |
Destinations | Default is Any. You may specify: Network, Interface (with Gateway 14.0.0), Site, IP, Location, Website Category, Application, Application Category, User, Team, Device, Tag, or Keywords |
Services | Select from predefined or custom service definitions |
Custom Source Port | (Optional) Define a specific port range if necessary |
Clear Sessions | Forcefully end current sessions that match this rule’s source, ensuring immediate enforcement |
Enable Logging | Log matching traffic in Network Activity → Firewall |
Schedule | Apply the rule only during specific hours or days (default: Everyday) |
Once saved, the rule is added to the table and takes effect immediately—according to its position in the list.
Click the ••• next to any rule to:
You can select multiple rules and use the Actions menu to:
The Type column indicates whether a rule is created by you (Client
) or pushed by your partner as part of a managed security baseline (Global
). This enables consistent enforcement of critical protections across environments, while maintaining flexibility.
Type | What it means |
---|---|
Client |
Fully editable rules created in your own portal |
Global |
Non-editable rules delivered by your security provider or partner |
Global
rules are designed to help standardize and strengthen network security across all managed tenants—particularly useful for:
You can:
Global
rules to adjust their evaluation priorityThey do not override your own rules—they simply provide a secure starting point.
The Rules → Forwarding screen enables you to expose internal services—such as web servers, VoIP, or RDP endpoints—to external access by securely forwarding traffic through specific interfaces and port configurations.
By creating forwarding rules, you control which incoming traffic is allowed into your network and where it should be delivered internally, supporting both operational flexibility and strong perimeter defense.
📍 To access this screen, go to Rules → Forwarding
Each row in the Forwarding Rules table defines how inbound traffic is processed and redirected:
Column | Description |
---|---|
Source | Where the external request originates (IP or Device) |
Destination Service | The protocol and port(s) being targeted from the outside |
Destination Interface | The interface receiving the incoming request |
Forward | The internal IP where the traffic will be redirected |
Forward Service | Protocol and port(s) used by the internal service |
Description | Short explanation of the rule's purpose |
Status | Current status of the rule |
Click Create New to define a new rule.
Field | Description |
---|---|
Description | (Required) Name to identify the rule in your list |
Status | (Required) Enable or disable the rule on creation |
Source | (Required) Specify the origin of the request—IP address or device |
Destination Service | (Required) Protocol (TCP/UDP) and external port(s). Accepts single ports (80 ) or ranges (8000–8100 ) |
Destination Interface | (Required) The interface through which the request enters (e.g., port0 , wan1 ) |
Forward | (Required) The internal IP address receiving the traffic (e.g., 192.168.1.20 ) |
Forward Service | (Required) Protocol (TCP/UDP) and internal port(s). Accepts single ports or ranges |
Map to Ports | (Optional) When enabled, maps incoming and forwarded ports one-to-one. Useful for services like VoIP or gaming |
Schedule | (Optional) Apply the rule only during specific hours or days (default: Everyday) |
Once configured, click Save.
Click the ••• next to a rule to:
The User Sign-In Policies screen allows you to enforce context-aware authentication rules using Timus ZTNA. These policies go far beyond simple password checks—leveraging device posture, sign-in origin, behavioral anomalies, and risk signals to determine whether access should be allowed, challenged with MFA, or blocked entirely.
📍 To access this screen, go to Zero Trust Security → User Sign-In Policies
The main table lists both default and custom sign-in policies:
Column | Description |
---|---|
Name | Name of the policy (e.g., Deny New Country Sign-Ins ) |
Description | Summary of its purpose |
Status | Current status of the policy |
Policies higher in the list are evaluated first. You can reorder them using drag & drop to change priority.
Click Create New to open the policy builder. You’ll configure the policy using four tabs:
Specify the users or environments this rule applies to:
Specify how the system should respond if the policy conditions are met:
Field | Description |
---|---|
Authentication Method | Choose from Any , Connect App , or User Portal |
Risk Level | Any , Low , Medium , or High |
Behavior Conditions | Select one or more behavior conditions (see supported types below) |
Behavior Match Logic | All Selected Behaviors (AND) or Any Selected Behavior (OR) |
Schedule | Limit policy to specific times/days if needed |
Behavior Type | Purpose |
---|---|
New Device | Detects sign-ins from previously unseen devices |
Out of Radius | Flags sign-ins from locations outside usual geographic range |
New Country | Detects logins from new countries based on past activity |
Impossible Travel | Detects geographically implausible login movement |
Last Sign-In Date | Triggers if user hasn’t signed in recently |
Untrusted IP | Flags risky IPs (proxy, botnet, TOR, abuse score, etc.) |
Breached Email | Flags email addresses found in breach databases |
Consecutive Failures at Same Account | Detects brute-force attempts on a single user |
Consecutive Failures at Any Account | Detects credential stuffing attempts across users |
Device Posture Check | Evaluates posture policy (e.g., antivirus disabled, no encryption) |
Select how the system should respond:
Option | Behavior |
---|---|
Allow | Permit access |
Deny | Deny access |
Ban | Deny access and lock account to prevent further attempts |
MFA - Email | Require email-based OTP |
MFA - Authenticator App | Require app-based TOTP |
Deny and Block IP | Deny access and blacklist the IP address |
Ban and Block IP | Lock account and blacklist the IP address |
You can configure multi-step MFA (e.g., Email + App fallback) to strengthen layered authentication.
Improve incident visibility and team coordination with real-time alerts:
Success
, Failure
, Timeout
Success
, Failure
, Timeout
Behavior-aware authentication lets you:
The Customization section under Configurations allows you to personalize system-wide settings such as interface language, timezone, and email branding. These options ensure the system behaves in line with your organization's preferences—both visually and regionally.
You can also define a short organization name (alias) that will appear in email notifications sent to users, providing a more branded and contextual experience.
📍 To access this screen, go to Settings → Configurations → Customization
Field | Description |
---|---|
System Language | Sets the interface language for the entire system. This affects UI labels, messages, and menu items. |
System Time Zone | Defines the default timezone used for logs, reports, alerts, and scheduled activities. |
Enable Customization | When enabled, allows you to define a custom alias that replaces the organization name in system-generated emails. |
Organization Alias | A short name or abbreviation of your company that will appear in emails. Only editable when customization is enabled. |
The Email Server screen lets you configure how Timus sends system-generated emails such as password reset links, alerts, and scheduled reports. By default, emails are sent using Timus's built-in mail service. If you prefer using your organization's own email infrastructure, you can enable a custom SMTP server.
📍 To access this screen, go to Settings → Configurations → Email Server
At the top of the screen, you'll see a checkbox labeled Use Custom SMTP Server.
Once enabled, you’ll need to complete the following:
Field | Description |
---|---|
Sender Account | The email address that system messages will appear to come from |
Password | The password for the sender email account. Used to authenticate with your mail server |
SMTP Server Address | Your organization’s SMTP host (e.g., smtp.yourdomain.com ) |
Port | The port your SMTP server listens on. Common ports: 465 (SSL), 587 (TLS), or 25 (None) |
Connection Type | Select the type of connection: SSL/TLS or None |
StartTLS | If you select None for the connection type, the StartTLS checkbox appears. Enable this if your server supports it |
When you save your settings, Timus will send a test email. If you don’t receive it or the sender address doesn't match, the setup may be incorrect.
The Productivity screen allows you to manage how user application activity is categorized and classified across your organization. This is where telemetry data collected from endpoints becomes meaningful, enabling customized productivity analysis and reporting.
Timus Connect collects application activity data through telemetry, which must be enabled per user. If telemetry is disabled, this screen will remain empty.
Classifications and categories shown here directly affect how app usage appears in productivity reports. Adjusting them helps tailor reporting to your organization’s real-world workflows.
Once telemetry is active, applications used by your team will automatically appear in this list.
📍 To access this screen, go to Settings → Configurations → Productivity
Column | Description |
---|---|
Application | The name of the tracked application, as detected by the endpoint. |
Predefined Category | A default category (e.g., Business , Communication , Entertainment ) assigned by Timus AI. |
Selected Category | The currently active category used for reporting. Initially matches the predefined one, but can be edited. |
Predefined Classification | AI-generated productivity classification: Productive , Unproductive , or Neutral . |
Selected Classification | The value used in your reports. You can change this to reflect your organization’s expectations. |
Team | Shows All if the rule applies globally, or Custom if specific team-based overrides exist. |
Edit | Opens the configuration modal to update classification and category settings. |
Clicking Edit on any row opens a detailed configuration modal for that application.
You can:
This gives you full flexibility to reflect your organization’s work habits. Team-specific settings override global ones—but only for those users.
These changes only affect new data going forward. Historical reports remain unchanged.
The API Access screen allows you to securely generate client credentials (Client ID and Client Secret) to integrate external systems or services with Timus. These credentials are used to authorize and authenticate API calls from third-party applications.
Whether you're building a custom dashboard, automating user provisioning, or integrating identity providers, this screen is where you manage the tokens required to make those secure connections.
📍 To access this screen, go to Settings → Configurations → API Access
Each card represents an existing API access configuration and includes:
Column | Description |
---|---|
Title | A label you set to identify the integration |
Expiration Date | When the token will become invalid |
Client ID | The public identifier for the integration |
Client Secret | The private token used for authentication (can be revealed and copied) |
You can manage multiple configurations at once, each tied to a different use case.
Click Create New to open the setup modal. You'll need to provide two values:
Field | Description |
---|---|
Title | Name of your integration. Keep it descriptive to distinguish between tokens (max 70 characters) |
Application Type | Select the system you’re integrating: |
Active Directory
: Use this when integrating with your AD setup.Custom
: Use this for internal tools, scripts, or other services not listed. |Need help integrating with Active Directory?
Once saved, a Client ID and Client Secret will be generated. Use these in your external application’s API headers for secure communication.
The Alerts screen offers a real-time overview of important security events across your environment. These alerts are generated when defined risk conditions or infrastructure anomalies are detected—allowing you to respond quickly to emerging threats or system issues.
Whether a user fails authentication, an administrator signs in from a risky location, or a gateway goes offline, you’ll find it here—centralized and prioritized.
📍 To access this screen, go to Insights → Alerts
Alerts are automatically created based on key events, including:
Each row in the Alerts table summarizes a single alert:
Field | Description |
---|---|
Title | The name of the triggered sign-in policy or affected system |
Type | The alert source |
Result | The outcome of the triggering event |
Severity | Risk level assigned to the event |
Date | Timestamp of when the alert was generated |
Alerts are updated in real time and displayed chronologically by default.
Click the ••• on any alert row to:
You can export all visible alerts by clicking the Export button at the top right of the screen.
Your export reflects any filters or sorting applied to the table at the time of download.
The Events screen provides a comprehensive audit trail of identity-based activities across your environment. Events captured here include user and administrator sign-ins, authentication steps, policy enforcement outcomes, and behavior-based triggers—giving you full visibility into who did what, when, and from where.
This screen is essential for enforcing Zero Trust principles, monitoring anomalies, and investigating incidents across both workforce and administrative actions.
📍 To access this screen, go to Insights → Events
Events are classified into two core types:
Each entry in the table includes:
Column | Description |
---|---|
User / Administrator | The account associated with the event |
Public IP | The source IP address from which the action originated |
Type | The type of event |
Authentication | Method and step (e.g., Password, OTP) |
Result | The event outcome |
Risk Level | Risk rating assigned to the event based on contextual signals |
Location | Geographic location inferred from the public IP |
Date | Timestamp of the event |
Click the ••• → View next to any event.
Field | Description |
---|---|
User / Administrator | Identity associated with the event |
Public IP | Source IP of the connection |
Origin | Where the event occurred (e.g., Connect app, Manager portal) |
Risk Level | Final risk score assigned |
Event Type | Category of activity |
Policy Name | The access policy that was evaluated (if applicable) |
Behaviors | Behavior(s) that caused the policy to trigger (if applicable) |
Authentication | Methods used in the authentication flow |
Location | Geolocation of the IP |
Date | Exact timestamp of the event |
If the event includes Untrusted IP behavior, additional IP Intelligence fields are shown:
Field | Description |
---|---|
Proxy | Indicates if a proxy service was used |
VPN | Flags traffic from known VPN providers |
TOR | Detects traffic from the TOR network |
Fraud Score | Third-party fraud risk score |
Abuse Velocity | Rate of abuse history from this IP |
Recent Abuse | Whether recent malicious activity was reported |
Bot Activity | Indicates known bot-related behavior |
Click Export to download the current table view as a CSV file.
Applied filters and sorting are reflected in the export.
The Automated Reports feature helps you track key metrics across your network by generating scheduled, customizable reports. Using templates and flexible scheduling options, you can automatically deliver reports that highlight user activity, bandwidth usage, threat patterns, and more—directly to the right recipients via email.
With Automated Reports, you don’t need to build reports from scratch every time. You save time, reduce manual effort, and keep your team informed with clear, consistent insights—automatically.
📍 To access this screen, go to Insights → Automated Reports
Templates define the structure and content of your reports. Before you can generate any reports, you need to set up at least one template.
Templates are organized into two types:
Each template includes widgets, which are visual or tabular components used to present data in the report.
To build a custom report layout:
To customize a widget:
You can edit any template later by clicking the ••• → Edit option.
After preparing your template, follow these steps to create a report:
To generate a report manually:
If you added recipients, the report will also be delivered to their email inboxes.
The Insights → Device Posture Reports screen helps you monitor the effectiveness of your device posture enforcement policies. This feature provides visibility into posture check results across users, devices, and policies—enabling you to detect recurring compliance issues, identify frequently failing attributes, and evaluate endpoint health over time.
Reports on this screen are automatically generated as long as your posture check policies are active and devices are sending telemetry through the Timus Connect Agent or integrated EPP solutions.
📍 To access this screen, go to Insights → Device Posture Reports
The screen is divided into three main sections:
Need help setting up your posture check policies or integrating external data sources?
The Overview tab provides a high-level summary of posture performance across your environment.
Use this view to identify widespread issues—such as common misconfigurations or telemetry gaps—before they impact your posture enforcement strategy.
The Devices tab allows you to drill into posture check results for a specific endpoint.
Passed
/ Failed
)Click Details to view the full Device Posture Check Report for that run. It includes:
Passed
/ Failed
)This detailed view helps you pinpoint the exact reason for failure—such as outdated antivirus, unsupported OS, or missing telemetry.
The Posture Checks tab displays results grouped by posture check policy, giving you a policy-centric view of enforcement success.
You’ll also see a run-level table with:
This screen shows:
This screen shows:
Passed
/ Failed
)These breakdowns are useful for detecting systematic errors in posture configurations or integration gaps in endpoint telemetry.
The Insights → Productivity Reports screen provides a powerful lens into how time and digital tools are used across your organization. Designed for managers, team leads, and IT administrators, this feature transforms activity data into meaningful insights—enabling you to identify high performers, uncover inefficiencies, and build a culture of focused productivity.
📍 To access this screen, go to Insights → Productivity Reports
Reports are automatically generated when:
Looking to define productivity rules or manage classifications?
The Users tab provides individual-level insights into application usage and productivity. It allows you to evaluate how each person spends their time and whether their digital habits align with team and company goals.
You'll see the following breakdowns:
The Teams tab aggregates user activity to provide a comprehensive overview of group-level productivity. Whether you're managing departments or functional teams, this view helps you spot trends and take informed action.
You'll be able to compare:
Click Details next to any team to explore:
Use this data to balance workloads, restructure roles, or support underperforming teams.
The Applications tab reveals how individual apps impact productivity across your organization. This view is especially useful for application lifecycle management, IT budgeting, and usage enforcement.
Categories include:
Click Details next to any application to explore:
These insights help optimize software investments, improve training, and enforce digital policies.
To export flow logs in .csv
format, click the Export button in the top-right corner in the Users, Teams, or Applications tabs.
The Network Activity screen provides a real-time view of all traffic events in your environment—both allowed and blocked. It helps you detect suspicious behavior, troubleshoot network issues, and understand how your infrastructure is being used.
📍 To access this screen, go to Insights → Network Activity → Firewall
The Traffic tab shows log-level entries for every traffic event evaluated by your firewall rules. Each row reflects a specific rule match, giving you granular visibility into connections and policy enforcement.
Field | Description |
---|---|
Date | Timestamp of when the traffic event occurred |
Source | Originating IP address |
Source Port | Port used by the source |
Destination | Target IP address |
Destination Port | Port used on the destination |
Protocol | Communication protocol (e.g., TCP, UDP) |
Site | The site where the traffic was logged |
Action | Whether the traffic was Allowed or Denied |
Rule ID | The rule that triggered this log |
Hover the info icon (🛈) at the end of each row to open a detailed panel.
Details include:
These insights help answer questions like:
• Why was this traffic blocked?
• Who attempted the connection?
Click Export to download the current table view as a CSV file.
Applied filters and sorting are reflected in the export.
The Flows tab is a new feature introduced in this version, offering a deeper layer of visibility by analyzing full session-based connections—not just rule matches.
This feature is available only on gateways where Application Filter is enabled. It allows you to monitor real-time connections, identify risky or unknown applications, and understand bandwidth usage across ongoing sessions.
Unlike traditional logs that record single events, Flow Logs track the entire lifecycle of a connection—from initiation to closure—while enriching each flow with:
This is especially valuable for detecting encrypted, unknown, or non-domain-based traffic that may bypass classic rule logic.
Field | Description |
---|---|
Date | Start time of the connection |
Duration | Length of the session |
Source | IP that initiated the connection |
Source Port | Port used by the source |
Destination | Target IP address |
Destination Port | Port on the destination |
Application | Detected application |
Category | Application group (e.g., Business, Streaming) |
Site | The site observing the flow |
Protocol | Communication protocol |
State | Active , Expired , or Closed |
Risk Score | None , Low , Medium , High , Severe , Critical , Emergency |
Hover over the info icon (🛈) to view detailed attributes for a flow:
Click Export to download the current table view as a CSV file.
Applied filters and sorting are reflected in the export.
Flow visibility gives you actionable insights into live or recent activity—making it easier to detect bandwidth abuse, malware behavior, or unauthorized app usage.
We have a wealth of ways to answer your questions or solve your issues. You can use our brand-new help center, submit a ticket in the help portal, email your issues, or chat with us.
Regular Support: Mon - Friday, 8:00 am EST - 5 pm EST
Chat Support: Mon - Friday, 9:00 am EST - 5 pm EST
Severity 1 Support: 24/7
Chat:
Web Form:
Email:
Support Portal
Waiting on Partner
Still Issue
Our solution is not designed or optimized to run alongside another VPN on the same operating system. Running two VPNs simultaneously can lead to a range of issues, including:
To ensure optimal performance, stability, and security, we recommend using only one VPN or secure access solution at a time on any given device.
This article explains the AADSTS53003
error encountered when using DUO MFA with Microsoft Entra ID (formerly Azure AD) under Conditional Access policies. The issue stems from policy configuration in Entra ID and how it interacts with DUO’s custom control mechanism. This is not related to infrastructure or service functionality on the Timus Networks side.
AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.
This error means Microsoft Entra is enforcing a Conditional Access (CA) policy that blocks token issuance due to unmet conditions (e.g. MFA, device compliance, IP location).
common
endpoint instead of a tenant-specific endpoint.AADSTS53003
error.https://login.microsoftonline.com/common
with https://login.microsoftonline.com/<your-tenant-id>
.No action can be taken on the Timus Networks side to resolve this issue. This is not a service-level problem, but rather a result of how Conditional Access evaluates the token request in combination with DUO’s authentication method.
To clarify: This issue must be addressed jointly by your internal Entra ID administrators and DUO MFA configuration. The enforcement behavior and token issuance logic are fully governed by Microsoft Entra and how it recognizes external MFA solutions. Timus Networks has no control or authority to override these decisions.
Overview:
This article provides troubleshooting steps to resolve common issues related to high CPU and RAM usage, as well as functionality disruptions in the Timus Connect application. It aims to assist in identifying and addressing problems that may arise due to antivirus or endpoint protection software blocking key executables or interfering with the application's native operations. By following these guidelines, users can ensure smooth performance and prevent potential conflicts that could lead to prolonged processes or system slowdowns.
To ensure full compatibility and performance of the Timus Connect application, it is critical that all related executable files are properly whitelisted in both Antivirus (AV) and Endpoint Protection Platform (EPP) tools.
Failing to whitelist these files may cause:
Modern AV/EPP solutions may block more than just the executable file. They often inspect runtime behavior, command-line parameters and system-level API calls. Therefore, it is essential to allow not only the executables but also their full runtime behavior.
The following files must be excluded from scanning, behavioral analysis, and execution restrictions:
C:\Program Files\Timus Connect\Timus Connect.exe
C:\Program Files\Timus Connect\Uninstall Timus Connect.exe
C:\Program Files\Timus Connect\resources\elevate.exe
C:\Program Files\Timus Connect\resources\service\timus-connect-service.exe
C:\Program Files\Timus Connect\resources\service\timus-helper-service.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\certutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\modutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\pk12util.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\shlibsign.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\certutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\modutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\pk12util.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\shlibsign.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\openssl.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\openvpn.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\openvpn_2.4.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\tapctl.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\tuntap_win\tapctl.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\tuntap_win\tapinstall.exe
C:\Program Files\Timus Connect\resources\service\lib\win\telemetry\timus-telemetry.exe
C:\Program Files\Timus Connect\resources\service\lib\win\wireguard\amd64\timus-wireguard-tunnel-service.exe
C:\Program Files\Timus Connect\resources\service\lib\win\wireguard\amd64\wg.exe
To ensure full functionality, perform whitelisting at two levels:
For maximum compatibility:
Timus Connect
folder to cover future updatesClient UI:
.exe
files and the full folder pathPowerShell (for bulk deployment):
Add-MpPreference -ExclusionPath "C:\Program Files\Timus Connect"
Microsoft Defender for Endpoint (MDE Console):
Control Center:
Client:
Management Console:
Note: SentinelOne client does not support local UI configuration—central management only.
Cloud Console:
Control Manager:
.exe
under Timus Connect pathClient:
SEPM Console:
Client:
ePolicy Orchestrator (ePO):
Client Console:
ESET PROTECT Console:
.exe
files and foldersClient Interface:
Portal:
Control Manager:
C:\Program Files\Timus Connect\
and all executable pathsClient:
FortiEDR Console
Log in to the FortiEDR Management Console
Navigate to Policies → Endpoint Policies
Select your policy → Edit
In the left pane, choose Exclusions → File and Folder Exclusions
Click Add → browse to C:\Program Files\Timus Connect\
Select all .exe
files and their parent folders under that path
Save changes → Publish updated policy
FortiClient (Client Interface)
Open FortiClient on the endpoint
Click Settings (gear icon) → Antivirus
Scroll to Exclusions → Manage Exclusions
Click Add Exclusion → Browse to C:\Program Files\Timus Connect\
Select all .exe
files (include subfolders) → OK
Click Apply to activate exclusions
Orion Console (Server-Side)
Log in to the Orion Web Console
Go to Settings → All Settings
Under SAM Settings, click Manage File & Directory Monitors
Select any monitor that might scan Timus files → Edit
In Excluded Paths, click Add and enter: C:\Program Files\Timus Connect\
Click Save and Apply
SolarWinds Agent (Client-Side)
Open the SolarWinds Agent local UI (e.g. http://localhost:17778/
)
Click Settings → File & Directory Exclusions
Click Add Exclusion → browse to: C:\Program Files\Timus Connect\
Check Include subfolders
Click OK, then Save or Apply
elevate.exe
), create or manage services, and perform tunneling operations using OpenVPN and WireGuard.If you continue to experience high CPU, RAM usage, or functionality issues after whitelisting the executables, it may be helpful to run the System File Checker (SFC) and DISM commands to repair potential system file corruption. Follow these steps:
sfc /scannow
DISM /Online /Cleanup-Image /RestoreHealth
These steps can help resolve underlying system issues that might be contributing to performance problems or functionality disruptions.
Please note - Huntress currently does not support traditional software exclusions in the way antivirus or endpoint protection platforms might (e.g., excluding a specific folder or process from scanning). We recommend putting the machine in maintenance mode when installing our application.
AVs and EPPs | Exclude by Path | Behavioral Exclusion | Folder-Level Exclusion |
---|---|---|---|
Windows Defender | ✅ | ❌ | ✅ |
BitDefender | ✅ | ✅ | ✅ |
SentinelOne | ✅ | ✅ | ✅ |
CrowdStrike | ✅ | ✅ | ✅ |
Trend Micro | ✅ | ❌ | ✅ |
Symantec | ✅ | ❌ | ✅ |
McAfee ENS | ✅ | ✅ | ✅ |
ESET | ✅ | ❌ | ✅ |
ThreatLocker | ✅ | ✅ |
✅ |
Datto AV/EPP | ✅ | ✅ |
✅ |
FortiEDR | ✅ | ✅ |
✅ |
SolarWinds | ✅ | ❌ |
✅ |
Overview
This article provides a step-by-step guide for resolving JavaScript errors when installing or launching the Timus Connect application on Windows. These errors are commonly caused by missing permissions or interference from endpoint security tools like BitDefender, Windows Defender, SentinelOne, and ThreatLocker. You’ll also learn how to properly configure exclusions and allowlisting to ensure smooth installation and operation.
Uncaught Exception: Error: EPERM: operation not permitted, mkdir ‘C:\ProgramData\Timus Connect’
This error indicates that the installer was unable to create a required folder due to permission issues or security software interference.
A similar error may also occur when attempting to create:
C:\Program Files\Timus Connect
Before proceeding, ensure the following:
Timus-Connect.exe
) must be run with elevated privileges.Timus-Connect.exe
→ Select Run as administratorTo prevent EPERM errors:
mkdir "C:\ProgramData\Timus Connect" mkdir "C:\Program Files\Timus Connect"
⚠️ Only grant the minimum permissions required. Avoid giving "Everyone" access.
C:\ProgramData\Timus Connect
C:\Program Files\Timus Connect
Timus-Connect.exe
Timus-Connect.exe
, C:\ProgramData\Timus Connect
, and C:\Program Files\Timus Connect
Timus-Connect.exe
Windows Security → Virus & Threat Protection → Exclusions
C:\ProgramData\Timus Connect
C:\Program Files\Timus Connect
Timus-Connect.exe
Timus-Connect.exe
via:Manage ransomware protection → Allow an app through Controlled folder access
Timus-Connect.exe
in Application Control policiesC:\ProgramData\Timus Connect
C:\Program Files\Timus Connect
⚠️ Re-enable protection immediately after installation
If wildcard rules are supported, allow:
*.timusnetworks.com
*.timuscloud.com
Otherwise, allow:
auth.timuscloud.com
user.timuscloud.com
device.timuscloud.com
config.timuscloud.com
my.timusnetworks.com
Ensure the following are allowed:
Port | Protocol | Purpose |
---|---|---|
443 | TCP & UDP | HTTPS communication |
53 | UDP & TCP | Local DNS (127.0.2.1:53) |
1195 | UDP | OpenVPN |
1196 | UDP | WireGuard |
7505 | TCP (localhost) | OpenVPN management (127.0.0.1) |
49202 | TCP (localhost) | Local Connect Service |
49204 | TCP (localhost) | Connect Helper Service |
If behind a proxy, configure it to allow Timus-Connect.exe
access to these domains over port 443.
This article explains how to troubleshoot IPsec tunnel issues and interpret related error codes for effective diagnosis and resolution.
Start by reviewing the View IPsec Logs article to locate IPsec logs within the Timus Manager.
Here are the IPsec error codes for both Initiators and Responders, along with their corresponding fixes.
Failure Type | Error (Initiator) | Error (Responder) | Fix |
IPsec connection issue | Peer not responding |
Peer not responding |
Ensure UDP ports 4500 and 500, as well as the ESP protocol (50), are allowed on both Timus and MSP's on-prem firewalls. |
Phase 1 DH mismatch | NO_PROPOSAL_CHOSEN |
MODP mismatch |
Match MODP/DH group |
Phase 1 identifier mismatch | AUTHENTICATION_FAILED |
no peer config found |
Match IKE IDs |
Phase 1 mode mismatch | AUTHENTICATION_FAILED |
Aggressive Mode PSK disabled |
Use same mode (Main or Aggressive) |
Phase 1 encryption mismatch | NO_PROPOSAL_CHOSEN |
AES 128 vs AES 256 mismatch |
Match IKE encryption |
Phase 1 hash mismatch | NO_PROPOSAL_CHOSEN |
missing HMAC in initiator proposal |
Match hash (HMAC) algorithms |
Phase 1 PSK mismatch |
invalid HASH_V1 and could not decrypt payloads
|
invalid ID_V1 and could not decrypt payloads
|
Use matching pre-shared keys |
Phase 2 encryption mismatch | NO_PROPOSAL_CHOSEN |
ESP AES mismatch (128 vs 256) |
Match Phase 2 encryption (ESP proposals) |
Phase 2 network mismatch | INVALID_ID_INFORMATION |
no matching CHILD_SA config found |
Match Phase 2 local/remote subnet definitions |
Phase 2 PFS mismatch | NO_PROPOSAL_CHOSEN |
no acceptable DIFFIE_HELLMAN_GROUP found |
Match PFS settings (enable/disable or same group) |
Phase 1 and Phase 2 are online on Timus, but subnets are not communicating | No errors will be visible in the Connector Logs, as this issue originates from the firewall configuration rather than the IPsec service itself. |
No errors will be visible in the Connector Logs, as this issue originates from the firewall configuration rather than the IPsec service itself. |
Timus: • Check if 'Create firewall rules automatically' is enabled during Phase 1 and 2 setup. • Ensure no firewall rules are blocking IPsec Phase 2 subnets or overwriting auto-created IPsec rules in Timus Manager.” On-Prem Firewall: • Ensure that static routings are configured correctly. • Ensure proper firewall rules for IPsec Phase 2 subnets and correct interface selection. |
Phase 1 Local IDs and Remote IDs mismatch (this happens once the IPsec on the on-prem devices run behind the main router |
remote host is behind NAT and IDir '1.1.1.1' does not match to '2.2.2.2'
|
remote host is behind NAT and IDir '1.1.1.1' does not match to '2.2.2.2'
|
The log shows Remote ID (1.1.1.1 ) mismatches with the expected internal IP (2.2.2.2 ); ensure NAT-T is enabled, configure NAT for IKE/ESP, and set Remote IP to public (e.g., 1.1.1.1 ) and Remote ID to internal (e.g., 2.2.2.2 ). |
Certain Endpoint Protection (EPP) and network security solutions can interfere with Timus Connect by modifying the system’s routing table. This interference disrupts VPN functionality, particularly for users relying on IPsec tunnels, split tunneling, and other VPN-related configurations. Additionally, kindly review the routing table to confirm there are no unusual entries that could be contributing to the issue.
When Todyl (SGN Connect) is installed and actively running, it overrides routing tables to establish its own connection priorities. This can conflict with the routes set by Timus Connect.
Example of Routing Table Showing Interference (Windows):
Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.0.x.x (Todyl) 192.168.1.x x
EPP and network security software, such as Todyl (SGN Connect) and similar tools, manipulate routing tables to enforce security policies. These modifications may unintentionally disrupt Timus Connect’s intended network routes.
Disable or Uninstall Todyl (SGN Connect):
Restart Timus Connect Application:
ipconfig /all
to check active adapters, then use route print
to view routing tables.netstat -nr
to check routing tables.Example of Correct Routing Table for Wireguard (Windows):
Network Destination Netmask Gateway Interface Metric 0.0.0.0 128.0.0.0 192.168.249.x 192.168.249.3 x 128.0.0.0 128.0.0.0 192.168.249.x 192.168.249.3 x
If you encounter this issue, consider reviewing your routing table configurations using your terminal. First, check the active adapters by running ipconfig /all
(Windows) or ifconfig
(MacOS). Then, inspect the routing table using:
route print
netstat -nr
Check for any entries inserted by security software. If another VPN or EPP is overriding the routing table, Timus Connect may not function as expected. Ensuring that only one VPN solution is managing network routes is crucial for maintaining proper connectivity.
This document outlines the details of your 30-Day Satisfaction Guarantee period with Timus Networks. It provides clear instructions on how to manage your subscription and, should you choose not to proceed, how to initiate a cancellation directly within the Partner Portal.
At Timus Networks, we are confident in the value and performance of our SASE solution. To ensure your complete satisfaction, every new partner engagement begins with a 30-Day Satisfaction Guarantee period. This probationary period is designed to allow you to thoroughly evaluate the Timus platform's capabilities, integrate it into your operations, and experience its benefits firsthand, all with the assurance of our dedicated support.
Our goal is for you to clearly see how Timus Networks can enhance your service offerings and protect your clients.
During this initial 30-day period, your access to the Timus Networks system is completely free. You are not limited to a specific number of gateways or users; the entire platform is fully available for your use. Feel free to add as many gateways and users as needed for your comprehensive evaluation directly from the "Manage Subscription" screen within your Partner Portal. This allows for a thorough assessment of our solution's scalability and performance in your real-world environment.
Our Customer Success team will conduct regular health checks to ensure the quality of your deployment and facilitate optimal product absorption. This proactive engagement helps us address any early questions and ensure you're getting the most out of Timus.
Should you choose to proceed with Timus Networks after this period, and per your signed agreement, your subscription will automatically convert on the 30th day to a 12-month annual commitment with convenient monthly payments, provided your payment information is on file. This seamless transition ensures uninterrupted service and access to our discounted annual rates.
Should you determine that Timus Networks is not the right fit for your needs within this 30-day period, we have empowered our MSP/MSSP partners to directly manage their subscription cancellation through the Partner Portal. This ensures you retain full control over your account.
Please note: Email notifications are not sufficient for initiating a cancellation. To ensure a clear and documented process, cancellation requests must be triggered through the Partner Portal by following the steps below. Our team will then process your request promptly.
This document outlines the details of your 30-Day Satisfaction Guarantee period with Timus Networks. It provides clear instructions on how to manage your subscription and, should you choose not to proceed, how to initiate a cancellation directly within the Partner Portal.
At Timus Networks, we are confident in the value and performance of our SASE solution. To ensure your complete satisfaction, every new partner engagement begins with a 30-Day Satisfaction Guarantee period. This probationary period is designed to allow you to thoroughly evaluate the Timus platform's capabilities, integrate it into your operations, and experience its benefits firsthand, all with the assurance of our dedicated support.
Our goal is for you to clearly see how Timus Networks can enhance your service offerings and protect your clients.
During this initial 30-day period, your access to the Timus Networks system is completely free. You are not limited to a specific number of gateways or users; the entire platform is fully available for your use. Feel free to add as many gateways and users as needed for your comprehensive evaluation directly from the "Manage Subscription" screen within your Partner Portal. This allows for a thorough assessment of our solution's scalability and performance in your real-world environment.
Our Customer Success team will conduct regular health checks to ensure the quality of your deployment and facilitate optimal product absorption. This proactive engagement helps us address any early questions and ensure you're getting the most out of Timus.
Should you choose to proceed with Timus Networks after this period, and per your signed agreement, your subscription will automatically convert on the 30th day to a 12-month annual commitment with convenient monthly payments, provided your payment information is on file. This seamless transition ensures uninterrupted service and access to our discounted annual rates.
Should you determine that Timus Networks is not the right fit for your needs within this 30-day period, we have empowered our MSP/MSSP partners to directly manage their subscription cancellation through the Partner Portal. This ensures you retain full control over your account.
Please note: Email notifications are not sufficient for initiating a cancellation. To ensure a clear and documented process, cancellation requests must be triggered through the Partner Portal by following the steps below. Our team will then process your request promptly.
To cancel your Timus Networks subscription during the 30-Day Satisfaction Guarantee period, please follow these instructions:
Once these steps are completed in the Partner Portal, our team will receive your cancellation request and process it accordingly.
For any questions regarding your Satisfaction Guarantee period or the cancellation process, please do not hesitate to contact our Partner Success team.
Explore our most popular video tutorials on our YouTube channel.
Manage your network, add tunnels, users, rules and licenses from a multi-tenant cloud portal with Timus.
Connect to offices or protect SaaS apps through private gateways with a single static IP address.
The Timus firewall sits in the cloud and intercepts all encrypted user traffic.
Timus uses zero-trust secure remote access and least privilege principles before granting any access to the network and data to protect against hackers, criminals, and ransomware. Additionally, Timus uses a best-of-breed DNS filter (at the network level) protecting users from zero-day threats and malicious sites from wherever they may encounter it (any device, application, protocol or port). A user is protected against all of the below: Malicious software including drop servers and compromised websites, including drive by downloads and adware Fraudulent phishing websites that aim to trick users into handing over personal or financial information Command and Control botnet hosts Sites which serve files or host applications that force the web browser to mine cryptocurrency Domains which have been registered in the last 30 days and in the last 24 hours Parked sites & domains that may no longer be controlled by the original owner
The Timus solution is superior to traditional VPNs for secure remote access. User verification is hardened with behavioral and contextual analysis. Multi-factor authentication (MFA) can be deployed adaptively (ie. when signing in from a new device, new country, etc), improving user experience. Timus ZTNA can work with another IAM solution or standalone. Timus has one of the richest behavioral checks in the industry for Zero Trust Verification.
Timus provides dedicated gateways with static IP addresses. An MSP can whitelist the Static IP in SaaS applications for controlled access and security.
WireGuard and OpenVPN tunneling protocols are supported.
The tunnel for secure connections can be configured to pass all user traffic, or just part of it, through the tunnel. Split tunnel configurations can be created in Manager->Settings-Tunnel Configuration page. Default configuration is all traffic passes through the tunnel. Timus Connect agent gets the tunnel configuration valid for the user and context, and passes traffic through the tunnel accordingly. This feature is currently available only for Windows and macOS releases of Timus Connect app.
Still have questions? Explore our in-depth documentation for comprehensive guides and detailed solutions.
Go to documentation