Connecting & everyday commands | QuickZTNA User guide

After install and ztna login, day-to-day use is a handful of commands. This page is the task-oriented tour; the CLI reference has every flag.

Connect, disconnect, status

sudo ztna up          # connect (alias: ztna connect)
ztna status           # connection state, your tailnet IP, peers
sudo ztna down        # disconnect (alias: ztna disconnect)

ztna status --json is the stable, scriptable view. Add --active to show only active peers.

See your peers and addresses

ztna peers            # peers with direct/relayed path, latency, endpoint
ztna ip               # this device's tailnet IP
ztna ip prod-db-01    # a peer's IP by name
ztna whois 100.64.0.6 # which machine/user owns a tailnet IP

Use your system’s own ping/ssh against the names and IPs ztna status shows to test reachability.

Names & DNS

MagicDNS lets you reach peers by hostname instead of IP. Check the resolver:

ztna dns status       # is MagicDNS enabled, the search domain, resolver bind

Need a TLS certificate for a service on your tailnet hostname?

ztna cert                       # uses this machine's registered name
ztna cert my-server.myorg.ztna  # explicit domain

Multiple organizations (profiles)

If you belong to more than one org — or run separate work and personal tailnets — use profiles:

ztna profile list
ztna profile create work
ztna switch                 # interactive org picker
ztna switch acme-corp       # switch org by slug
ztna switch --profile work  # switch by profile name

Logs & updates

ztna log              # recent daemon log (use --follow to stream, -n N for more lines)
ztna update --check   # is a newer client available?
ztna update           # download and apply

Enable unattended updates with ztna set --auto-update.

Adjusting settings without a restart

ztna set changes settings on the running client:

ztna set --hostname web-03
ztna set --tags prod,linux,web
ztna set --shields-up         # block all incoming connections
ztna set --ssh                # enable the SSH server on this device

Exit nodes, routes & split tunnel — route traffic through a peer or reach a subnet.
CLI reference — every command and flag.
Troubleshooting — when something doesn’t connect.

Frequently asked questions

How do I see whether I'm connected and who my peers are?

Run 'ztna status' for connection state, your tailnet IP, and the peer list, and 'ztna peers' for per-peer detail including whether each connection is direct or relayed. Both accept --json for scripting.

Can one machine belong to more than one organization?

Yes, via profiles. 'ztna profile create/list/delete' manages saved connection profiles, and 'ztna switch' moves between organizations or profiles without logging out.