Install an Access Tier

Installs and configure the Cloud Secure Edge (CSE) Access Tier in your environment

  • Updated on May 16, 2024

Note: Netagent v2 has been released, simplifying the process of installing and configuring an Access Tier:
1. Use an API key with the access_tier scope for registration
2. All agent configuration is done via the Command Center API and UI

If you need to install Netagent v1, use the legacy v1 guides.


The Access Tier is an identity-aware proxy that mediates access between entities on the internet and your internal services. Each Access Tier has a public IP address that is reachable from the internet, and each accepts inbound connections on the following ports:

  • TCP 80 and TCP 443 (Hosted Web Services),
  • TCP 8443 (Infrastructure Services),
  • and UDP 51820 (Service Tunnels).

The core of the Access Tier component is the netagent binary - a light-weight, identity-aware proxy, written in Golang. Netagent runs on Linux servers and is designed to be similar in deployment to open-source proxies such as Nginx.


Download the latest netagent version here.

Choose an Installation Method

Can’t find what you’re looking for?

We’re happy to help. Contact our team.