Skip to main content

Frontdoor overview

Secure HTTP access without firewall changes

Managing firewall rules and port forwarding for self-hosted apps is a pain. Every service needs its own hole punched through your firewall, tracked, maintained, and left open, whether you're using it or not. It's brittle, it's tedious, and you're always one misconfiguration away from trouble.

NetFoundry Frontdoor changes the game

Install the agent, turn it on, and your service is instantly exposed to the world through a hardened frontend—no firewall changes, no port forwarding, no DNS gymnastics. Your users access your app through their existing identity provider (Google, Microsoft, Okta) with no client software install required. You get complete control: expose services using an ephemeral URL that can change when you want or keep them running 24/7. Add OAuth to your services via your favorite IdP, or leave the service open to anyone with the link.

The moment you turn off the agent, your service disappears from the internet. No lingering open ports, no forgotten firewall rules, no cleanup required. It's frictionless security. Securely expose any HTTP-based resource you need, when you need it, exactly how you want it, without opening new holes in your firewall.

With NetFoundry Frontdoor exposing your APIs, internal line-of-business apps, externally facing documentation or customer portals, is easy, fast, and best of all secure.

How Frontdoor works

Any Network
🌐
Clientless Access
Standard HTTP connection - no VPN, agents, or client software
Any device, anywhere
No install friction
Mutual TLS Option
Public Internet
🛡️
Hardened Frontend
Global traffic proxy with WAF
Universal IdP Authentication
MFA Enforcement
TLS Termination
Flexible DNS
Zero Trust Overlay
🔐
🔒 END-TO-END ENCRYPTION
NO OPEN PORTS
Identity-Aware Tunnel
Streaming HTTP with full encryption
Your Private Environment
Frontdoor Agent
Lightweight zero trust connector
🎯
HTTP Services
Web apps, APIs, any HTTP resource
Securely exposed to the internet
Your private web server securely reachable from the internet
Secure Data Flow

Highlights

  • Implement in under an hour: Get started quickly without needing to reconfigure your existing networks or firewalls.
  • Simple security: Allow NetFoundry to handle common application gateway tasks. The hardened frontend protects against cross site scripting, SQL injection attacks, and denial of service attacks without any effort from you.
  • Flexible DNS: Keep your existing web URL and custom branding, or use a NetFoundry-provided URL.
  • Clientless access: Your users don't need VPNs or any special client software; they just use their standard web browser.
  • Universal IdP integration: Add IdP-based authentication to any application, even if the app doesn't natively support it.
  • No Firewall updates: Make your applications available from the internet without needing to update firewall rules.
  • Reduced costs: Lower potential cybersecurity insurance costs by adding modern IdP and MFA-based logins to all services.

Use cases

  • APIs: Web hooks, customer data access, REST/GraphQL endpoints, partner integrations, microservices communication, third-party service callbacks
  • Development and DevOps tools: CI/CD pipelines (Jenkins, GitLab CI), monitoring dashboards (Grafana, Prometheus), build servers, container registries, development environments
  • Database management interfaces: Securely expose phpMyAdmin, pgAdmin, MongoDB Compass, and other database admin tools without public internet exposure
  • Documentation sites: Internal documentation, knowledge bases, API documentation, technical wikis, developer portals
  • Customer-facing applications: Support portals, client dashboards, partner applications, external collaboration tools
  • Internal websites: Share company intranets, staging environments, or internal-only portals without exposing them to the public internet
  • Infrastructure management interfaces: Lock down access to the web-based admin consoles for your Wi-Fi networks, firewalls, routers, and switches
  • IoT and device management: Device configuration interfaces, IoT dashboards, fleet management consoles
  • Self-hosted applications: Securely provide access to internal SaaS platforms, such as self-hosted CRMs, wikis, or project management tools

Expandability

Need to go beyond public internet access and embrace zero-trust even more? Explore the NetFoundry platform and the secure, zero-trust overlays available to deploy with ease.

  • Add end-to-end zero trust: Easily upgrade to include end-to-end encryption, mTLS, and fully private, dedicated networks for internal or external users.
  • Integrate secure remote access: Add just-in-time (JIT), one-time, and continually authenticated access for privileged users and administrators.
  • Extend to any connection type: Go beyond web apps to add secure, identity-based connectivity for IoT devices, APIs, and server-to-server communications.

Hit next to get started with Frontdoor!