Distribute Clients
Firezone provides native clients for all major platforms. Use these clients on end-user devices, servers, and any other machine that needs access to your protected Resources.
Installation
See our client app guides for basic installation and usage instructions for the Firezone Client that are appropriate for all Firezone users. Or continue reading below for MDM deployment and headless mode instructions suited for Firezone admins wishing to deploy the clients at scale across their organization.
Provision with MDM
Provisioning the Firezone client onto end-user devices should work out of the box using any of the major MDM vendors using the appropriate distribution method below. If you find an exception, please open a GitHub issue so we can prioritize appropriately.
| Platform | Distribution Method |
|---|---|
| Android / ChromeOS | The Android / ChromeOS client is available exclusively from the Google Play Store. |
| Linux | The headless and GUI Linux clients are available from our changelog page. |
| iOS | The iOS client is available exclusively from the Apple App Store. |
| macOS | The macOS client is available either from the Apple App Store or as a standalone distributable. |
| Windows | The Windows client is available as a standalone MSI installer from our changelog page. |
Allowlisting the macOS System Extension
The macOS client version 1.4.0 and higher includes a System Extension that must be enabled in order to function. For MDM-managed devices, the System Extension can be allowlisted to eliminate the need for the user to perform this step manually.
Follow one of the guides below for your MDM provider:
Use 47R2M6779T for the team identifier and
dev.firezone.firezone.network-extension for the extension bundle identifier.
Headless mode operation
The Firezone Client can run in headless mode on Linux, Android, and ChromeOS platforms using a Service Account token. This mode is useful for deploying the Client on servers, IoT devices, and other headless devices where a user may not be present to keep the Client authenticated.
See the table below for achieving headless mode operation on each platform:
| Platform | Headless Mode Operation |
|---|---|
| Android / ChromeOS | Set the token key using an MDM provider that supports Android managed configurations. If the token is set and valid, Firezone will automatically connect and authenticate using this token when the Client is started. |
| Linux | See the Linux Headless Client guide. |
| macOS / iOS | Not yet supported. |
| Windows | See the Windows Headless Client guide. |
Need additional help?
See all support options or try asking on one of our community-powered support channels:
- Discussion forums: Ask questions, report bugs, and suggest features.
- Discord server: Join discussions, meet other users, and chat with the Firezone team
- Email us: We read every message.