NetFoundry Docs
Secure Your Workloads with Identity-First Reachability™
Cloud SAAS
Cloud-managed zero-trust networking platform. Manage identities, policies, services, and routers from the console, or automate through the API.
- Enterprise-grade support (24×7)
- Fully managed by NetFoundry with 99.95% uptime SLA
- Guidance for resilient, scalable production architecture
- FIPS compliant
A hardened frontend for any HTTP service—no firewall changes, no client installs. Users authenticate via their existing IdP and access from any browser.
- Enterprise-grade support (24×7)
- Fully managed by NetFoundry with 99.95% uptime SLA
- Guidance for resilient, scalable production architecture
- FIPS compliant
AI Gateways
NetFoundry LLM Gateway is an OpenAI-compatible API proxy that routes requests across multiple LLM providers using zero-trust networking.
- Multi-provider routing to any OpenAI-compatible backend
- Semantic routing and load balancing
- Per-identity budgets and cost tracking
- Guardrails: PII detection, content safety, prompt injection
NetFoundry MCP Gateway enables secure, isolated access to Model Context Protocol (MCP) tools across distributed systems without exposing public endpoints.
- Single-command setup for any MCP server
- Permission filtering removes tools from registry entirely
- Per-client session isolation
- Identity-based access, with no open ports or VPN required
Self-Hosted Licensed
Run the full NetFoundry stack in your own environment. On-prem, air-gapped, or any cloud. You own the infrastructure.
- Enterprise-grade support (24×7)
- Self-deployed and managed, self-orchestrated
- Guidance for resilient, scalable production architecture
Software-defined micro-segmentation for OT networks. Deploy firewall agents on Linux machines, observe traffic flows, and enforce consistent policy from a central console.
- Deep OT/IT traffic visibility
- Identity-aware micro-segmentation
- Centralized zero-trust policy
Self-Hosted Open Source
The open-source zero-trust networking framework behind NetFoundry. Add zero trust to existing apps with tunnelers, or embed it directly with the SDK for the strongest posture.
- Community support
- Full overlay mesh: controller, routers, and SDKs
- Embed zero-trust in any application
Secure peer-to-peer sharing built on the OpenZiti mesh. Share services, files, or HTTP endpoints—no open ports, no NAT traversal tricks.
- Community support
- Self-host or use zrok.io
- No open ports or firewall rules