Secure remote access.
That scales.

Firezone is a fast, flexible VPN replacement built on WireGuard® that eliminates tedious configuration and integrates with your identity provider.

Trusted by organizations like

Upgrade to zero-trust access in minutes.

Replace your obsolete VPN with a modern zero trust upgrade. Firezone supports the workflows and access patterns you're already familiar with, so you can get started in minutes and incrementally adopt more zero-trust patterns over time.

Flexible

Control access to VPCs, subnets, hosts by IP or DNS, and even public SaaS apps.

Secure

Users and groups automatically sync with your identity provider, so access is revoked as soon as employees leave.

Granular

Restrict access even further with port-level rules that allow access to some services but not others, even on the same host.

Protect your resources

Achieve compliance without the headache.

Connections are always end-to-end encrypted with keys that rotate daily, and are directly established between your Users and Gateways, so we can never see your data. Firezone's advanced Policy Engine logs who accessed what and when, so you can easily demonstrate compliance with internal and external security audits.

Read about Firezone's architecture

Add two-factorauth to WireGuard.

Looking for 2FA for WireGuard? Look no further. Firezone integrates with any OIDC-compatible identity provider to consistently enforce multi-factor authentication across your workforce.

Auth diagram
Connect your identity provider

Bandwidth problems.

Eliminate throughput bottlenecks that plague other VPNs. Firezone's load-balancing architecture scales horizontally to handle an unlimited number of connections to even the most bandwidth-intensive services. Need more speed? Just add more Gateways.

Scale access to your VPCs

Say goodbye to firewall configuration.

Firezone securely punches through firewalls with ease, so keep those ports closed. Connections pick the shortest path and your attack surface is minimized, keeping your most sensitive resources invisible to attackers.

Make your resources invisible

Runs everywhere your business does.

macOS
Windows
Linux
Android
ChromeOS
iOS

Clients are available for every major platform, require no configuration, and stay connected even when switching WiFi networks.

Download Client apps

Gateway
Gateway
Gateway
Gateway
FIREZONE_TOKEN=<your-token> \
 ./firezone-gateway

Gateways are lightweight Linux binaries you deploy anywhere you need access. Just configure a token with your preferred orchestration tool and you're done.

Deploy your first Gateway

Open source for transparency and trust.

How can you trust a zero-trust solution if you can't see its source? We build Firezone in the open so anyone can make sure it does exactly what we claim it does, and nothing more.

Firezone stars
ROSS Index - Fastest Growing Open-Source Startups in Q2 2022 | Runa CapitalLeave us a star

Yes, you can use Firezone to

secure DNS for your workforce

Here are just a few ways customers are using Firezone:

VPN Replacement

Remote employees can securely access office networks, cloud VPCs, and other private subnets and resources from anywhere in the world, on any device.

  • Easy to use, no training required
  • Authenticate with virtually any IdP
  • Highly available Gateways
  • Modern encryption and authentication

Infrastructure Access

Empower engineers and DevOps to manage their team’s access to technical resources like test/prod servers both on-prem and in the cloud.

  • Service accounts and headless clients
  • Multiple admins per account
  • Docker and Terraform integrations
  • Automatically sync users and groups from your IdP

Internet Security

Route sensitive internet traffic through a trusted gateway to keep remote employees more secure, even when they’re traveling or using public WiFi.

  • Native clients for all major platforms
  • Enforce MFA / 2FA
  • Filter malicious or unwanted DNS requests
  • Monitor and audit each attempted connection

Homelab Access

Securely access your home network, and services like Plex, security cameras, a Raspberry Pi, and other self-hosted apps when you’re away from home.

  • Easy to setup and simple to manage
  • Authenticate with Magic link or OIDC
  • Reliable NAT traversal
  • Invite friends and family to your private network
See more use cases

See how Firezone compares

TwingateTailscaleFirezone logo
Open sourcePartial
Built on WireGuard®
Load balancingPartial
Automatic failover
NAT hole-punching
Resource-level access policies
Google directory sync
Entra directory sync
Okta directory sync
DNS-based routingPartial
Mesh networking
Annual invoicing

Last updated: 4/22/2024

Ready to get started?

Give your team secure access to company resources in minutes.