Installing ZTNA Gateway

Deployment Models

You can install the ZTNA Gateway in two ways depending on your site's infrastructure setup.

Prepare the Environment

You need one or more public IP addresses to use the ZTNA Gateway.

Install ZTNA Gateway

Install Gateway on-premises

You can install the ZTNA Gateway on a physical system or a virtual machine.
Refer to Install Ubuntu OS to prepare Ubuntu OS 24.04.4 LTS.
If using a sensor install token, refer to Token-based Policy Server access for values to input.

Note

You can install the ZTNA Gateway on a virtual machine.
ZTNA supports various hypervisors such as VMware, VirtualBox, and XenServer.

Step 1: Switch to the root account

genian@genian:~$ sudo su
[sudo] password for genian:
root@genian:/home/genian#

Step 2: Update and upgrade packages

root@genian:/home/genian# apt-get update
root@genian:/home/genian# apt-get upgrade

Step 3: Install curl (required for installation)

root@genian:/home/genian# apt install curl

Step 4: Install ZTNA Gateway

curl -sSLk https://bit.ly/4fX6bQ8 | sudo PROMPT=1 SSHALLALLOW=1 SSHPORT=22 TARGET=GNS DEB=ztna LOCALE=en bash -

  • Log in to Web UI, go to [System] -> [System Management].

  • Select the newly added unapproved sensor and approve it via [Select Action] -> [Approve Unapproved Sensor].

Install Gateway in Cloud-Managed environment - Manual via CLI

Create an instance for ZTNA Gateway per your cloud provider's guide.
Use an Ubuntu 24.04 image for the instance.
If using a sensor install token, refer to Token-based Policy Server access for values to input.

After creating the instance, connect via SSH and follow the steps below.

Step 1: Switch the Ubuntu user account to the root account.

genian@genian:~$ sudo su
[sudo] password for genian:
root@genian:/home/genian#

Step 2: Update and upgrade packages

root@genian:/home/genian# apt-get update
root@genian:/home/genian# apt-get upgrade

Step 3: Install curl (required for installation)

root@genian:/home/genian# apt install curl

Step 4: Install ZTNA Gateway

curl -sSLk https://bit.ly/4fX6bQ8 | sudo PROMPT=1 SSHALLALLOW=1 SSHPORT=22 TARGET=GNS DEB=ztna bash -

  • Log in to Web UI, go to [System] -> [System Management].

  • Select the newly added unapproved sensor and approve it via [Select Action] -> [Approve Unapproved Sensor].

Install Gateway in Cloud-Managed environment - Automatic via Web UI

To use automatic installation through the Web UI, first register a Cloud Provider and a Site. Refer to Cloud Provider settings and Site settings.

  1. Access the Web UI console: https://(ZTNA Policy Server IP):8443/

  2. From the top menu, click System -> Cloud Provider Management.

  3. Click Tasks -> Create and enter credentials for each cloud.

  4. In the left menu, go to System -> Site and create a site.

  5. Go to System -> System Management, then Tasks -> Add ZTNA Gateway.

  • Site name: Specify the previously created site.

  • AMI / Image: Selected automatically based on site settings.

  • Instance Type: Choose instance type (recommended: t2.medium or higher, or cloud recommended spec).

  • Size: Set disk size (recommended: 64GB or higher).

  • Subnet ID: Automatically assigned based on site settings.

  • Key pair: Set the key pair for SSH to the Gateway instance.

  1. Click Check init to confirm initialization, then click Create.

  2. Verify instance creation in the cloud console (e.g., AWS EC2, Linode, OCI).

  3. In the Web UI, go to [System] -> [System Management], select the newly added unapproved sensor, and approve it via [Select Action] -> [Approve Unapproved Sensor].