defguard
  • Introduction
  • User documentation (help)
    • Configuring VPN
      • Defguard Desktop Client
        • Update instance
      • Other WireGuard® Clients
        • Configuring a device for new VPN Location manually
    • Password change / Reset
    • Enrollment & Onboarding
      • With internal Defguard SSO
      • With external SSO (Google/Microsoft/Custom)
    • Setting up 2FA/MFA
    • Desktop Client
    • CLI Client
  • Admin & features
    • Deploying your instance
      • One-line install script
      • Standalone package based installation
      • Docker images and tags
      • Docker Compose
      • Kubernetes
      • Upgrading
      • Gateway
        • Running gateway on MikroTik routers
      • Securing gRPC communication
      • OpenID RSA key
      • Configuration
      • Pre-production and development releases
      • High Availability and Failover
      • Health check
    • Features & configuration
      • Zero-Trust VPN with 2FA/MFA
        • Create/manage VPN Location
        • Network overview
        • Executing custom gateway commands
        • Multi-Factor Authentication (MFA/2FA)
          • MFA Architecture
        • Remote desktop client configuration
        • DNS and domains
      • Remote user enrollment
        • User onboarding after enrollment
      • SSO (OpenID Connect)
        • Portainer
        • Grafana setup
        • Proxmox
        • Matrix / Synapse
        • Django
        • MinIO
        • Vault
      • SMTP for email notifications
      • YubiKey Provisioning
      • Webhooks
      • Forward auth
      • SSH Authentication
      • Network devices
      • Gateway notifications
      • New version notifications
  • Troubleshooting Guide
    • Sending support information
    • Client Windows installer exit codes
    • Client "All traffic" connection issues
    • WebAuthn security keys
  • Enterprise Features
    • License
    • Enteprise features
      • Automatic (real time) desktop client configuration & sync
      • External OpenID providers
        • Google
        • Microsoft
        • Zitadel
        • Keycloak
        • JumpCloud
        • Okta
        • Custom
      • External OIDC secure enrollment
      • VPN & Client behavior customization
      • REST API
      • Access Control List
        • ACL Aliases
      • LDAP and Active Directory integration
        • Configuration
        • Settings table
        • Two-way LDAP and Active Directory synchronization
  • Tutorials
    • Step by step setting up a VPN server
      • Adding additional VPN locations
  • In depth
    • Roadmap
    • Architecture
      • How do VPN statistics work
      • Security concepts
  • For Developers
    • Contributing
    • Environment setup
    • Translations (core/web)
      • Switching language
      • Adding translations
  • Translations (client)
    • Adding translations
  • Contact us
    • Community & Support
Powered by GitBook
On this page
  • Adding a new network device
  • Displaying network device configuration and enrollment token

Was this helpful?

Edit on GitHub
  1. Admin & features
  2. Features & configuration

Network devices

PreviousSSH AuthenticationNextGateway notifications

Last updated 4 months ago

Was this helpful?

Network devices are like regular user devices but can only be managed by admins and have access to only one network. They are designed to be used with the .

Adding a new network device

In order to add a new network device, navigate to the network device menu (select it from the menu bar at the left).

While in the network device menu, click the "Add new" button. You will be presented with a popup prompting you to select your method of setting up the network device.

  • Defguard Command Line Client - choose it to automatically configure your device with the

  • Manual WireGuard Client - choose it if you don't want to use the Defguard CLI client. You will need to configure your network device manually with a WireGuard config file.

Using the Defguard CLI client

After selecting the first option you will be presented with the initial setup screen.

You can specify here the following settings:

  • Device name - the name used to identify the device, keep it unique in regard to other network devices. This name will be displayed on the network device list,

  • Location - the network to which the device should have access,

  • Assigned IP Address - automatically suggested IP address, you may change it as needed,

  • Description - the description to help you identify the device, it will be displayed in the device list.

Using the Manual WireGuard client

The screen here is similar to that of the CLI client configuration, except for the additional public key field.

The fields are as follows:

  • Device name - the name used to identify the device, keep it unique in regard to other network devices. This name will be displayed on the network device list,

  • Location - the network to which the device should have access,

  • Assigned IP Address - automatically suggested IP address, you may change it as needed,

  • Description - the description to help you identify the device, it will be displayed in the device list.

If you already have a public key for your device, insert it into the public key field. Otherwise, select the option to generate the key pair.

On the next screen you will be presented with the WireGuard configuration file. Copy, download or scan it to import it to your WireGuard client.

Displaying network device configuration and enrollment token

After you've configured your network device, you can display its enrollment token again, by interacting with the following menu:

  • Selecting "Generate auth token" will re-generate the enrollment token and will allow you to enroll your CLI client again. Use it if you want to manually pull the newest network configuration for your client.

  • Selecting the "View config" option will display the WireGuard configuration file (without the private key, as Defguard doesn't store it).

After you've finished setting those values, proceed to the next step. You will be presented with an enrollment command. Learn more about further steps from the .

CLI client documentation
Defguard CLI client
Defguard CLI client