NetFoundry Platform
Transforming Connectivity with Zero Trust Overlay Networking

Platform Overview
The NetFoundry Platform is a powerful software stack for secure networking and connectivity. It enables customers to rapidly build and manage zero trust overlay microsegmented networks (AppNets) at scale with ease. Developers and product teams use our SDKs to embed AppNets into applications or utilize our tunnelers for zero trust integration.
Highlights
- Secure Networking
- Zero Trust Overlay
- AppNets at Scale
- Easy Integration
- Developer SDKs
NetFoundry Platform
Ziti Controller
Ziti Overlay Network Routers
Overlay Mesh – Smart Routing
High Availability – Self Healing
Ziti Edge SDKs
Ziti Edge Tunnelers
Ziti Edge browZer
Ziti Edge zrok
Ziti Edge Reverse Proxy
Ziti Edge for Devices
AppNet Builder
AppNet Manager
Telemetry and Reporting
NetFoundry Fabric

Ziti Controller
Centralized Zero Trust management for overlay networks.
Ziti Overlay Network Routers
Overlay Mesh – Smart Routing
High Availability – Self Healing
Ziti Edge SDKs
Ziti Edge Tunnelers
Ziti Edge browZer
Ziti Edge zrok
Ziti Edge Reverse Proxy
Centralized Zero Trust management for overlay networks.
Ziti Edge for Devices
Facilitates secure communication between IT, OT, IIoT, and other edge devices.
NetFoundry Edge

NetFoundry Console

AppNet Builder
AppNet Manager
Telemetry and Reporting
The first zero trust native overlay networks
NetFoundry is the first to build zero trust into the network. Spin up zero trust native overlays, in minutes, for a single AI application or an entire WAN.
Deploy for IT, OT or IoT
Includes agents for Windows, Linux, macOS, iOS, Android, containers, VMs, eBPF daemons. Pre-built into proxies, browsers, modems, edge servers, firewalls. Use SDKs to integrate into any software.
Reliability and performance
NaaS includes HA, dynamic optimization, ingress and egress load balancing, across over 100 PoPs, with 24×7 enterprise support and SLAs. On-premises includes features and tools to get 99.999% uptime.
On-premises, hybrid or NaaS
Deploy in air-gapped sites, OT, multicloud and everything in between. Every overlay is zero trust native with all zero trust functionality built in and prebuilt integrations. NaaS spans over 100 sites.
NetFoundry’s built-in identity (X.509-based) means identity based controls, policy and telemetry replace dependencies on IPs and NAT. Posture and MFA is built-in, as is support for any OAuth or OIDC IDP.
No inbound access
Software-defined, zero trust native overlays makes IT, OT, IoT or AI unreachable from underlay networks. Close all inbound ports and eliminate all VPNs.
Authorize before connect
NetFoundry includes identity, continuous authentication and authorization for users, admins, devices, servers, workloads, AI agents and MCPs. Strong auth is required before overlay access.
Mutual TLS (mTLS) is built-in for every overlay segment. End to end encryption (E2EE) with keys sovereign to the endpoints means nobody has access to your data. Choose ciphers, including FIPS 140 compliant and libsodium.
JIT, one-time and persistent access
Just-in-time (JIT), one-time and persistent access models, based on authorized identities. Integrated with workflow and ticketing (JIRA, ServiceNow, Zendesk, etc.), or use NetFoundry APIs for your own custom integration.
End to end zero trust
Extend zero trust beyond the firewall to applications or hosts. NetFoundry enabled servers have no listening ports – unreachable from underlay networks – only available to strongly authorized sessions.
Open source foundation
NetFoundry open sourced its core zero trust software into the OpenZiti project, and continues to maintain the project. It is an open core model – only enterprise, government and OEM functions are separate.
FedRamp & Government Cloud
NetFoundry is deployed in FedRamp and Government Cloud environments, as well as on-premises and air-gapped sites. Includes supporting CJIS, HIPAA, PCI and FIPS 140.
EU CRA
The simplest way to meet EU CRA requirements for connected products. Directly integrate zero trust networking into your product, eliminating VPNs.
Highlights
- Enhanced Security
- Simplified Management
- Improved Performance
- Increased Agility
- Cost Efficiency
Modern Zero Trust Networking
