June 2024 NetFoundry Platform Update: BrowZer for Web Application Security

June 2024 NetFoundry Platform Update: BrowZer for Web Application Security

NetFoundry | June 2024 NetFoundry Platform Update: BrowZer for Web Application Security

Overview

This bulletin covers product announcements from NetFoundry, details on features released between April 2024 & June 2024 and information on latest blogs & articles. Highlights include enhancements to edge router management, support for sticky routing and exciting updates on “BrowZer“, our solution for Web Application Security.

Product Update Highlights

Discover the latest product announcements, featuring  edge router management, support for sticky routing, and exciting updates to “BrowZer,” the cutting-edge Web Application security solution.

  • BrowZer features
  • Edge Router enhancements 
  • Sticky routing

Software management agent status for routers:

The software management agent resides on all routers in the NetFoundry Cloud network. The console and APIs now provide the status of the software management agent.

NetFoundry | Edit Your Edge Router

There are 4 states, namely Online / Offline & Registered / Unregistered. The status of the software management agent would be checked by our support team before initiating a network upgrade (the agent being online is a requirement to perform the network upgrade via automation), a support bundle pull etc.

API query URL ( For use from an API endpoint that is authenticated to the NetFoundry Cloud)  – 

Pls add your network ID to the API query

https://gateway.production.netfoundry.io/core/v2/software-deployment-states?networkId=yournetworkid&enabled=false&resourceType=EDGE_ROUTER

Includes the details of the edge router in the response:

https://gateway.production.netfoundry.io/core/v2/software-deployment-states?networkId=yournetworkid&enabled=false&resourceType=EDGE_ROUTER&embed=edge-router

enabled: A value of true means that the agent has registered.  A value of false means that the agent is not registered.
online:  A value of true means that the agent was connected the last time the ER was checked.  A value of false means that the agent was not connected at that time.

Force Sync of Router Status:

At times, the console would take a few minutes to report the latest status of the router from the ziti API. A “sync” option has been introduced in the edge router section that allows to “force” the sync on demand.

NetFoundry | Edit Your Edge Router

Advanced details for Services:

Power users of the console can now view the host.v1, intercept.V1 configs of the services.

NetFoundry | June 2024 NetFoundry Platform Update

The config types for advanced service config, the metadata and the explanation of the use of the meta data is provided in the config types section.

NetFoundry | June 2024 NetFoundry Platform Update
NetFoundry | June 2024 NetFoundry Platform Update

Sticky routing:  

To help our customers run applications that need the session requests to come from the same source (i.e the same IP), NetFoundry came up with a solution to route traffic via a specific terminator. The dialing identity (SDK) may pick the best terminator and continue to use the same terminator as long it is available. In the deployment scenario you can consider that the service is terminated on multiple ERs or identities and the dialing identity would reach the service via a single ER or single service hosting identity amongst the list of ERs or identities hosting the service. We have added support to Go SDK for retrieving and setting a token to provide stickiness on selected terminators. The feature is available in the latest ziti release and the Go SDK release 0.23.37

 

Other features and improvements :

  • IP reservation for controller movement is now feasible. Customers who intend to move the network controller from one provider to the other or one geo to another can get the IP address ahead of the movement and add to the firewall policy for whitelisting in advance. The reservation process is done by the NetFoundry Support team. 
  • NetFoundry’s Ziti Go SDKs now provide Circuit ID info for the service dials. This information is useful to correlate with the ckt ID from the controller or destination endpoint / ER for troubleshooting or analysis.

 

Updates on BrowZer for Web Application Security: 

Refer https://browzer.canny.io/changelog for details. Following are the key highlights.

BrowZer is a set of technologies which is capable of bootstrapping zero trust connectivity entirely in a browser, and without the need to install any client-side software. It is in beta release and available for trial.

  1. New browZer tool button for troubleshooting or gathering information from the browser that is accessing a “browZer” enabled app. You can set the log level and view details about the endpoint. The button is a replacement to the “hotkey” used earlier to bring up the widget. 
  2. Improved logging and error prompts
  3. Custom tags in the bootstrapper logging that allows customers to set values or variables in the logs
  1. Machine-to-machine (M2M) OIDC authentication support
  2. The BrowZer Bootstrapper component will now serve its artifacts (JS, CSS, WASM, SVG, images) from an in-memory cache after the first read from disk.
  1. The X-Powered-By HTTP Response header will now reflect BrowZer <VERSION>

 

Articles, updates and software releases:

 

Closing Thoughts and Free Trial (BrowZer Beta Program):

Watch our youtube channel and openziti channel for updates, demos and all exciting stuff on NetFoundry. If you are interested in our “Browzer” solution , zrok.io, additional use cases or if you have any feedback about these features, please contact us at customer.success@netfoundry.io. You can also reach out to us on the same email address if you would like to participate in the customer spotlight sessions. Or sign up for a FREE TRIAL on netfoundry.io. 

About NetFoundry

Networking was once a barrier to app innovation and automation with dependencies on after-the-fact security and performance engineering. NetFoundry is shifting the paradigm in cybersecurity by embedding zero trust networking and security as code.

Our NetFoundry Cloud solution embeds zero trust as software into apps, APIs, IoT devices, and other valuable assets rendering critical infrastructure invisible to the internet – and unreachable by potential attackers. It is the world’s first programmable, cloud native, zero trust network with near unlimited scale concurrency, and performance.  

NetFoundry Cloud represents a new art of the impossible by enabling developers, network engineers, DevOps, and cloud teams to programmatically control private, zero trust, high performance networking. NetFoundry Cloud is built on NetFoundry’s Ziti platform which is part of the OpenZiti project, the world’s most used and widely integrated open source networking platform.