FireTun verifies who connects, what device they use, and under what conditions — continuously, not just at login. Built on WireGuard. Multi-tenant by default.
A connection that succeeds passes every gate. A connection that fails never reaches the network.
Your IdP sends a one-time invite link. The agent installs, authenticates, and registers the device fingerprint — no shared keys, no manual configs, no installation manual. Offboarding is just as automatic.
Traditional VPNs grant full network access once you log in. ZTNA flips it: every connection is authorized on its own and re-evaluated continuously, against current identity, device, and context. If anything is off, it is denied.
Every connection is evaluated against the user’s current state in your IdP and the device’s current state, and re-checked continuously.
Up-to-date OS, active EDR, encrypted disk, no disallowed tools. Out of spec → quarantine.
Users only see what they are entitled to. No flat network. No lateral movement.
Every connection, attempt, and policy change recorded. Traceability for GDPR and Chile’s Law 21.719.
RZTP makes sure users and devices reach FireTun with verified identity from minute one. Nothing is configured by hand. Nothing is shared by email. Everything flows from your directory.
A new teammate gets a link, installs the agent, and is connected in seconds with their corporate identity.
Users and groups stream from your IdP. Role changes and offboardings propagate within minutes.
Every device registered with fingerprint, OS, and posture state. Real-time visibility, instant revocation.
Design your network as a map. Drag users, resources, policies. The wire-level config is generated automatically.
WireGuard with per-device keys that rotate automatically for the tunnel, and isolated per-tenant data keys in Vault. On direct (P2P) connections traffic flows peer-to-peer — we get telemetry, never its content.
Every policy can restrict protocol, port, schedule, country, and device posture. Group-driven, not user-driven.
Enforce posture and country policy per connection, re-checked continuously. Access control, posture and auditable traceability aligned with CMF’s RAN 20-10 and NCG 454.
Segment EHR systems per role. Quarantine non-compliant devices before they reach patient data.
Reach PLCs and HMIs over signed tunnels with device-level identity. No flat IT/OT bridge.
Enterprise-grade access security without a dedicated IT team. Configure it visually, connect it to your directory, and it scales with you as your team grows.
Every access decision is recorded with who, what, when, where, and on which device. Logs are tenant-scoped, exportable, and immutable.
Free for small teams. Dedicated tenant when you need more. No long contracts.