Windows Client

The Windows GUI Client is designed for Windows computers where a user is present to authenticate with your identity provider interactively.

Prerequisites

  • Windows 10 or higher
  • x86-64 CPU
  • WebView2 (The installer will install this automatically if needed)

Installation

Download the .msi installer from our changelog page or from the direct link below:

After downloading, run the .msi to install the Firezone GUI Client.

To auto-start the Client when you log in, copy the "Firezone" shortcut from your desktop to %APPDATA%/Microsoft/Windows/Start Menu/Programs/Startup/

Usage

Signing in

  1. Run Firezone
  2. At the Welcome screen, click Sign in. This will open the Firezone sign-in page in your default web browser.
  3. Sign in using your account slug and identity provider.
  4. If your browser asks whether it should open Firezone links, check Always allow and open the link.
  5. When you see the Firezone connected notification, Firezone is running.

The Welcome screen only appears during your first sign-in. After that, you can click on the Firezone icon in the system tray to open the tray menu and sign in.

Accessing a Resource

When Firezone is signed in, web browsers and other programs will automatically use it to securely connect to Resources.

To copy-paste the address of a Resource:

  1. Right-click on the Firezone tray icon to open the menu.
  2. Open a Resource's submenu and click on its address to copy it.
  3. Paste the address into your browser's URL bar and press Enter.

Quitting

  1. Right-click on the Firezone tray icon to open the menu.
  2. Click Disconnect and Quit or Quit.

When Firezone is not running, you can't access private Resources, and the computer will use its normal DNS and Internet behavior.

If you were signed in, then you will still be signed in the next time you start Firezone.

Signing out

  1. Right-click on the Firezone tray icon to open the menu.
  2. Click Sign out.

When you're signed out, you can't access private Resources, and the computer will use its normal DNS and Internet behavior.

Upgrading

The Windows Client will automatically check for updates on launch and prompt you to upgrade when a new version is available.

To upgrade:

  1. Download the latest .msi installer package from "Installation" above.
  2. Quit the Client
  3. Install the new .msi

Diagnostic logs

Firezone writes log files to disk. These logs stay on your computer and are not transmitted anywhere. If you find a bug, you can send us a .zip archive of your logs to help us fix the bug.

To export or clear your logs:

  1. Right-click on the Firezone tray icon.
  2. Click Settings.
  3. Click Diagnostic Logs.
  4. Click Export Logs or Clear Log Directory.

Uninstalling

  1. Delete the "Firezone" shortcut from %APPDATA%/Microsoft/Windows/Start Menu/Programs/Startup/
  2. Quit Firezone.
  3. Open the Start Menu. Search for Add or remove programs and open it.
  4. In the Add or remove programs dialog, search for Firezone.
  5. Click on Firezone and click Uninstall.

Troubleshooting

Check if Firezone Client IPC service is running

In the Start Menu, search for "Windows Powershell". Open it and run this command:

Get-Service -Name FirezoneClientIpcService

Good output

Status   Name               DisplayName
------   ----               -----------
Running  FirezoneClientI... Firezone Client IPC

Bad output

Status   Name               DisplayName
------   ----               -----------
Stopped  FirezoneClientI... Firezone Client IPC

Check if Firezone is controlling DNS

In the Start Menu, search for "Windows Powershell". Open it and run this command:

Get-DnsClientNrptPolicy

Firezone Split DNS example:

Namespace                        : .
QueryPolicy                      :
SecureNameQueryFallback          :
DirectAccessIPsecCARestriction   :
DirectAccessProxyName            :
DirectAccessDnsServers           :
DirectAccessEnabled              :
DirectAccessProxyType            : NoProxy
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired   : False
NameServers                      : {100.100.111.1, fd00:2021:1111:8000:100:100:111:0}
DnsSecIPsecCARestriction         :
DnsSecQueryIPsecEncryption       :
DnsSecQueryIPsecRequired         : False
DnsSecValidationRequired         : False
NameEncoding                     : Utf8WithoutMapping

If Firezone's Split DNS is not active, the output will be empty.

Revert Firezone DNS control

If Firezone crashes and does not revert control of the system's DNS, you can revert it manually with this command:

Get-DnsClientNrptRule | where Comment -eq firezone-fd0020211111 | foreach { Remove-DnsClientNrptRule -Name $_.Name -Force }
  1. Right-click on the Start Menu
  2. Click "Terminal (Admin)" to open a Powershell terminal with admin privileges
  3. When UAC asks "Do you want to allow this app to make changes to your device?" click Yes
  4. Enter the above command and Check if Firezone is controlling DNS

Viewing logs

The Firezone Client is split into 2 main processes: An IPC service which runs the tunnel, and a GUI which allows the user to control Firezone.

  • IPC service logs are stored at %PROGRAMDATA%\dev.firezone.client\data\logs\, where %PROGRAMDATA% is almost always C:\ProgramData
  • GUI logs are stored at %LOCALAPPDATA%\dev.firezone.client\data\logs, where %LOCALAPPDATA% is, e.g. C:\Users\username\AppData\Local

Known issues

  • Firezone does not register itself with Windows as a VPN #2875

Need additional help?

See all support options or try asking on one of our community-powered support channels:

Or try searching the docs:
Found a problem with this page? Open an issue
Last updated: October 09, 2024