Replace your Business VPNs and Traditional Remote Access Tools with a Modern, FOSS, Self-Hosted, Unified ZTNA Solution

A Unified Architecture for both Humans and Workloads to Access Private/Internal Resources behind NAT Scattered Across Multiple Clouds and Environments as well as Protected Public Resources such as SaaS APIs and Databases

Provide Dynamic Secret-less Access to HTTP-based Resources without sharing API Keys, PostgreSQL and MySQL Databases without sharing Passwords, SSH Servers without Managing Keys and Certificates

Access Control at the Application-layer (L7) (e.g. HTTP paths and methods, Kubernetes namespaces and verbs, PostgreSQL queries, etc...) using Identity-aware Proxies (IAPs) via Context-aware Policy-as-Code via CEL and OPA

Private access using VPN-like Zero-Config Client-based ZTNA over WireGuard/QUIC Tunnels with Automatic, Centralized Private DNS

Public client-less BeyondCorp access for both Human via their Browsers and Workload Users via Standard OAuth2 Authentication Flow

A Scalable Platform Built on top of Kubernetes for Automatic Horizontal Scalability and Availability

Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. The Cluster is furthermore fully Programmable over gRPC.

Seamlessly integrate any OpenID Connect or SAML 2.0 SSO Provider as well as GitHub OAuth2.

OpenTelemetry-ready Layer-7 Aware, Real-Time Visibility and Auditing to Your Log Management and SIEM Providers

Eliminate Traditional VPN Problems: Use a Single Stable Route instead of Injecting Countless Routes into Your Users' Clients. Effortless Dual-Stack Networking Regardless of the Support at the Upstream. Seamless, Unified, Automatic Private DNS.