A Unified, L7-Aware, Zero-Config Remote Access VPN for both Humans and Workloads to Access any Private/Internal Resource behind NAT from Anywhere as well as Protected Public Resources such as SaaS APIs and Databases

Identity-based, Application-layer/L7-aware, Context-aware ABAC Access via Control Policy-as-Code using CEL and Open Policy Agent (OPA)

Lightweight, Private access using VPN-like Zero-Config Client-based ZTNA over WireGuard/QUIC Tunnels with Automatic Private DNS for Teams as well as for Workloads such as Containers and AI agents.

Provide Dynamic Secretless Access to HTTP-based Resources without sharing API Keys, PostgreSQL and MySQL Databases without sharing Passwords, SSH Servers without Managing Keys and Certificates

Public Clientless BeyondCorp access for both Human via their Browsers and Workload Users via Standard OAuth2 Client Credentials Flow

A Scalable Platform Built on top of Kubernetes for Automatic Horizontal Scalability and Availability

Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. The Cluster is furthermore fully Programmable over gRPC.

OpenTelemetry-ready Layer-7 Aware, Real-Time Visibility and Auditing to Your Log Management and SIEM Providers

Eliminate Traditional VPN Problems: Use a Single Stable Route instead of Injecting Countless Routes into Your Users' Clients. Effortless Dual-Stack Networking Regardless of the Support at the Upstream. Seamless, Unified, Automatic Private DNS.