Windows Client

The Windows GUI Client is designed for Windows computers where a user is present to authenticate with your identity provider interactively.

Prerequisites

Windows 10 or higher
x86-64 CPU
WebView2 (The installer will install this automatically if needed)

Installation

Download the .msi installer from our releases page or from the direct link below:

Download the Windows .msi installer for x86-64

After downloading, run the .msi to install the Firezone GUI Client.

Usage

Signing in

Run Firezone
At the Welcome screen, click Sign in. This will open the Firezone sign-in page in your default web browser.
Sign in using your account slug and identity provider.
If your browser asks whether it should open Firezone links, check Always allow and open the link.
When you see the "Firezone connected" notification, the tunnel is ready.

The Welcome screen only appears for your first sign-in. After that, you can use the tray menu to sign in.

Accessing a Resource

When Firezone is signed in, web browsers and other programs will automatically use it to securely connect to Resources.

To copy-paste the address of a Resource you have access to:

Right-click on the Firezone tray icon to open the menu.
Open a Resource's submenu and click on its address to copy it.

Then you can paste the address into your browser's URL bar and press Enter.

Signing out

Right-click on the Firezone tray icon to open the menu.
Click Sign out.

when you're signed out, Resources will be inaccessible and your system will use its normal DNS and Internet behavior.

Quitting

Right-click on the Firezone tray icon to open the menu.
Click Disconnect and Quit or Quit.

The tunnel is now stopped. If you were signed in, the tunnel will restart automatically next time you open Firezone.

The tunnel is now stopped until you sign in again.

The Windows Client will automatically check for updates on launch and prompt you to upgrade when a new version is available. Simply download the latest .msi installer package above, quit the GUI, and install the new MSI over the existing version.

Diagnostic logs

Firezone writes log files to disk. These logs stay on your computer and are not transmitted anywhere. If you encounter a bug, sending us a zip archive of your logs may help us fix the bug.

To export your logs as a zip archive, or clear your log directory:

Right-click on the Firezone tray icon to open the menu.
Click "Settings".
Click "Diagnostic Logs".

Uninstalling

Quit Firezone.
Open the Start Menu. Search for Add or remove programs and open it.
In the Add or remove programs dialog, search for Firezone.
Click on Firezone and click Uninstall.

Troubleshooting

Check if Firezone is controlling DNS

In the Start Menu, search for "Windows Powershell". Open it and run this command:

Get-DnsClientNrptPolicy

Firezone Split DNS example:

Namespace                        : .
QueryPolicy                      :
SecureNameQueryFallback          :
DirectAccessIPsecCARestriction   :
DirectAccessProxyName            :
DirectAccessDnsServers           :
DirectAccessEnabled              :
DirectAccessProxyType            : NoProxy
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired   : False
NameServers                      : {100.100.111.1, fd00:2021:1111:8000:100:100:111:0}
DnsSecIPsecCARestriction         :
DnsSecQueryIPsecEncryption       :
DnsSecQueryIPsecRequired         : False
DnsSecValidationRequired         : False
NameEncoding                     : Utf8WithoutMapping

If Firezone's Split DNS is not active, the output will be empty.

Revert Firezone DNS control

If Firezone crashes and does not revert control of the system's DNS, you can revert it manually with this command:

Get-DnsClientNrptRule | where Comment -eq firezone-fd0020211111 | foreach { Remove-DnsClientNrptRule -Name $_.Name -Force }

Right-click on the Start Menu
Click "Terminal (Admin)" to open a Powershell terminal with admin privileges
When UAC asks "Do you want to allow this app to make changes to your device?" click Yes
Enter the above command and Check if Firezone is controlling DNS

Known issues

Web browsers that use DNS-over-HTTPS by default may not work with Firezone. See this guide to disable DNS-over-HTTPS if you're experiencing issues connecting to DNS Resources within your browser.
Firezone does not register itself with Windows as a VPN #2875
After clearing diagnostic logs, no more logs are written until the GUI and tunnel service each restart. #4764
In rare cases, Firezone gets stuck signing in #4765

Need additional help?

Try asking on one of our community-powered support channels:

Discussion forums: Ask questions, report bugs, and suggest features.
Discord server: Join discussions, meet other users, and chat with the Firezone team
Email us: We read every message.

Or try searching the docs:

Last updated: May 22, 2024