Tunneler intercept-only mode?

shawncp · February 27, 2026, 4:53am

Hi All,

I see that the tunneler clients can run in run-host mode that only allows host configurations (or at least does not allow intercept functionality), and can run in run mode that allow both host and intercept configurations.

Q: Is there a way to configure the tunneler to only accept intercept configurations?

Motivation: I would like to allow extended family access to some resources on my network while assuring them that the tunneler client does not allow me access to their phone/pc/etc. I have verified that the Android (Ziti Mobile Edge) and Linux (ziti-edge-tunnel) tunneler clients both allow me to do just that. Unhappily in addition and from a transparency perspective, the ZME Android client shows the host configuration as an intercept when it is in fact a host config.

Thank you!

TheLumberjack · February 27, 2026, 10:54am

Hi @shawncp, it's a long-standing idea/request that we just haven't been able to find the time to implement.

It's come up now and then in the years since that's issue was opened but it's something we continue to bring up every few months or so.

I'm sure we will get to it, but like all our other good ideas, it's just a properly/prioritization problem. Cheers

shawncp · February 28, 2026, 1:42am

Thank you @TheLumberjack for the reference. I have added a bump to the github issue.

Topic		Replies	Views
Explain about host and intercept Configs General Questions	2	322	February 26, 2024
Configuring Tunneler-enabled ziti-router intercepts Tunneler Apps	0	258	May 12, 2022
Tunneler-enabled ziti-router intercepts General Questions	1	373	September 8, 2021
How to use ziti-edge-tunnel run-host?	7	136	June 2, 2025
Questions about linux tunneler and linux router General Questions	12	72	January 8, 2025

Tunneler intercept-only mode?

Related topics