NetFoundry Pricing
Start using the leading zero trust networking NaaS and platform
NetFoundry Pricing
Free trial
Spin up a zero trust native overlay in minutes - for an entire WAN or a single application or use case-
NetFoundry will help you spin up a dedicated, private overlay, and turn the keys over to you. This is suitable for testing use cases like VPN replacement, PAM, IoT connectivity, zero trust SD-WAN, AI and MCP networking, SRA, cloud connectivity.
Business
Universal zero trust including replacing VPN, SD-WAN, SRA, PAM, VDI, ZTNA. Connect OT, IoT or IT.-
Zero trust for any use case including: mobile, APIs, OT, IoT, remote management, B2B, Kubernetes, multi-cloud, 3rd party access, PAM, microsegmentation, AI networking and MCP server networking.
NaaS and self-hosted, on-prem options.
24x7 support
Partner
Ideal for partners to embed or OEM zero trust into applications, software, and products. Includes white-label and on-prem options.-
Embed zero trust networking in your products - to sell new products, or to improve sales of existing products.
Includes OEM and white-label. On-prem, hybrid and cloud models.
Enables zero trust remote access, identity based microsegmentation, E2EE, mTLS and global connectivity. Replace VPN, firewall, private APN, PAM - connect without infrastructure and IP address dependences.
24x7 support
NetFoundry NaaS & on-prem zero trust platform
Zero Trust Native Network Overlays, Extended Anywhere
Each overlay is private and dedicated. Infrastructure is managed by NetFoundry as NaaS, or use NetFoundry’s zero trust platform to self-host your overlay, including at air-gapped sites. Extend overlays via:
+ NetFoundry zero trust endpoints for every major OS, as host-based agents, containers, VMs or gateways
+ NetFoundry zero trust SDKs to embed zero trust endpoints in software
+ Connectivity via NetFoundry’s distributed proxies, firewall connections, TLS or mTLS
All-batteries included solution – the network overlay is zero trust native to make deployments simple:
Built-in PKI, as a service
X.509 based PKI, including enrollment, revocation, renewal. Other CAs optional but supported (RFC 7030). X.509s are core identities (IdP integrations optional but supported).
IdP flexibility
Use NetFoundry’s built-in PKI with pre-integrated MFA and posture to identify and authenticate each session. Or, use any OAuth or OIDC complaint IdP.
Full mesh, HA, high performance NaaS
NetFoundry NaaS overlays dynamically optimize over 100 PoPs, with HA, load balancing & auto-scaling. You get end-to-end control and visibility, including geofencing.
On-prem, air-gapped & hybrid
Run your overlay locally, including air-gapped and sovereign sites, with NetFoundry’s On-premises Platform. Or, use a hybrid overlay with NetFoundry sites and other sites.
End-to-end encryption (E2EE)
Encryption keys are specific to each session and sovereign to the endpoints, stored in HSMs on compatible devices. NetFoundry therefore doesn’t have access to your keys.
FIPS compliant encryption option
NetFoundry supports FIPS compliant encryption as a pluggable option and uses libsodium by default. Other cipers can be plugged-in. Gov Cloud, FedRamp and CIS support.
Network Access Control (NAC)
Next-gen NAC identifies, authenticates and authorizes every session before it is given overlay access. The NAC solution extends anywhere, including B2B, multinetwork and OT.
Identity-based visibility
Every session is identified by human, device or server identities (not IPs). Telemetry correlates identities, services, data. View in NetFoundry Console, SIEM or your UI via NetFoundry APIs.
Easily embed zero trust into your products and software
NetFoundry APIs and SDKs enable developers to easily embed zero-trust security and connectivity.
Your software plugs into virtualized, composable, zero trust native networks, managed by NetFoundry as NaaS across over 100 PoPs, or self-hosted, including in on-premises sites.
This unlocks and unblocks sales which previously required VPN, private APN, firewalls, static IP addresses, NAT, CNAT and infrastructure.
Operations teams for customers and providers replace fragmented control and visibility with centralized, simple identities, networking and connectivity.
