Skip to main content

Frontdoor overview

Managing firewall rules and port forwarding for self-hosted apps is a pain. Every service needs its own hole punched through your firewall, tracked, maintained, and left open, whether you're using it or not. It's brittle, it's tedious, and you're always one misconfiguration away from trouble.

NetFoundry Frontdoor changes the game. Install the agent, turn it on, and your service is instantly exposed to the world through a hardened frontendβ€”no firewall changes, no port forwarding, no DNS gymnastics. Your users access your app through their existing identity provider (Google, Microsoft, Okta) with no client software install required. You get complete control: expose services using an ephemeral URL that can change when you want or keep them running 24/7. Add OAuth to your services via your favorite IdP, or leave the service open to anyone with the link.

The moment you turn off the agent, your service disappears from the internet. No lingering open ports, no forgotten firewall rules, no cleanup required. It's security through simplicity: expose what you need, when you need it, exactly how you want it.

How Frontdoor works​

Insecure Network
🌐
Standard Browser
No VPN or client software required
πŸ‘€
Your Users
Public Internet
πŸ›‘οΈ
Hardened Frontend
Global traffic proxy with WAF
Universal IdP Authentication
MFA Enforcement
TLS Termination
Flexible DNS
Zero Trust Overlay
πŸ”
πŸ”’ END-TO-END ENCRYPTION
NO OPEN PORTS
Identity-Aware Tunnel
Streaming HTTP with full encryption
Your Private Environment
⚑
Frontdoor Agent
Lightweight zero trust connector
🎯
Your Web Server
Cloaked from the internet
Your private web server securely reachable from the internet
Secure Data Flow

Highlights​

  • Implement in under an hour: Get started quickly without needing to reconfigure your existing networks or firewalls.
  • Flexible DNS: Keep your existing web URL and custom branding, or use a NetFoundry-provided URL.
  • Clientless access: Your users don't need VPNs or any special client software; they just use their standard web browser.
  • Universal IdP integration: Add IdP-based authentication to any application, even if the app doesn't natively support it.
  • MFA for any app: Enforce multi-factor authentication for any service, strengthening security for legacy and modern apps alike.
  • Cloaked web servers: Make your applications unreachable from the internet, allowing you to set web server firewall rules to deny all inbound traffic.
  • Reduced costs: Lower potential cybersecurity insurance costs by adding modern IdP and MFA-based logins to all services.
  • User-centric visibility: See exactly who is accessing what application by their actual user name, not just ambiguous IP addresses.

Use cases​

  • Self-hosted applications: Securely provide access to internal SaaS platforms, such as self-hosted CRMs, wikis, or project management tools.
  • Internal websites: Share company intranets, staging environments, or internal-only portals without exposing them to the public internet.
  • Infrastructure management interfaces: Lock down access to the web-based admin consoles for your Wi-Fi networks, firewalls, routers, and switches.

Extensibility​

  • Add end-to-end zero trust: Easily upgrade to include end-to-end encryption, mTLS, and fully private, dedicated networks for internal or external users.
  • Integrate secure remote access: Add just-in-time (JIT), one-time, and continually authenticated access for privileged users and administrators.
  • Extend to any connection type: Go beyond web apps to add secure, identity-based connectivity for IoT devices, APIs, and server-to-server communications.

Hit next to get started with Frontdoor!