Installing and using the Key9 Proxy server for Windows

Updated by Bryan Jones


This document covers the setup of the Telos Alliance Key9 License Server Proxy for Windows on a computer in your facility. Many Telos products require this for licensing; however, no individual product support is covered in this document.

If you need a Linux version, please see our Installing and using the Key9 Proxy server for Linux document.


Some Telos Alliance products require a license to operate. These licenses activate (or deactivate) features allowing flexibility in your operating model and allowing for software updates, priority support, etc. These licenses are controlled by a cloud-located activation server, meaning your products must have access to this server.

Often the networks to which these products are connected are purposely not connected to the internet. For this reason, Telos Alliance offers this proxy server which can reside on a computer that DOES have access to the internet.

Here's a diagram of a typical configuration.


  1. Click here to download the Key9 Proxy and save it to a folder with read/write permissions.
  2. Open a command prompt with Administrative rights and navigate to the download folder.
You may need to right-click on your command prompt icon and choose Run as administrator. Administrative privileges are required to install the proxy as a service.
  1. Create a configuration file. From the command prompt run;
    >key9proxy.exe --config
    You must type YES to agree to the EULA (End User License Agreement) to continue.
    1. Specify the Listen Interface and port. The default is [] which means listen for license requests on any network interface.
    2. Specify the server address.
    3. Specify the service user. Can be left blank.
  2. Run the proxy in test mode.
>key9proxy.exe --test

You will see the message;

Telos Alliance License Server Proxy v1.0.3. Copyright (C) 2023 TLS Corp.

I: 12:02:33 Started on windows-service
I: 12:02:33 Waiting client connections on

  1. Install as a service so the proxy server starts when the system is rebooted.
    key9proxy.exe --install
  2. Start the service
    key9proxy.exe --start


After the proxy server is installed, configured, and tested, you will need to configure all telos alliance products to point to the proxy server instead of the cloud license server.

The product configuration depends on the product. VXs does this through an unlinked web page.

If you modify the configuration file, you will need to restart the service before the new options will take effect.

When configuring the service, you may leave the username as blank.

It is safe to briefly take the proxy server down even if the products use it. The license refresh mechanism will retry later.

key9proxy.exe offers additional command line options. Executing the program without arguments will display help texts with the available options.


  • Use ping to see if the cloud license server responds. The primary cloud server address is
  • Use tracert to determine if the server is reachable.
  • Use telnet to find out if a TCP connection may be established on the license server or on the proxy server: telnet <ip-address> <port> where <ip-address> is the address of the machine and <port> is usually 42131. For example, telnet to should allow you to connect.

When a firewall is present, the only requirement is to allow outgoing TCP connections to on port 42131. There is no need to open incoming ports since the products and the proxy always reach outward to the license server. The license server will never make an inbound connection. While most firewalls allow outgoing connections by default, for some customers, this has to be explicitly allowed.

How did we do?