1. NetFoundry
  2. Docs & Guides
  3. Tech Bulletins

NetFoundry Platform Update July 2025

Overview

This bulletin covers announcements from NetFoundry, details on features released between April 2025 & June 2025 and information on latest blogs & articles. NetFoundry is thrilled to announce the series A venture round; details of which are linked in the blogs section. Highlights include the launch of traffic analysis feature and the ability to extend zero trust networking to non-identity aware devices. 

1:1 NAT for intercept and host IP addresses

With ziti network versions 1.6.1 and above, the service configurarion supports 1:1 NAT between the intercept and host addresses. This new capability allows network admins to use subnets in the intercept address as part of service config. Each IP in the intercept range will be natted to the respective IP in the host IP range.  Work to support this feature in the NetFoundry Cloud console UI is in progress. Till then customers can use the " Advanced Configuration Type" service to  use this feature.

Note that the prefix length has to match between the intercept and host addresses, else only the addresses that match the translation range will be translated. addresses outside of the translation range will not be translated.

Example:

{
 "forwardAddress": true,
 "forwardAddressTranslations": [
    { "from": "192.168.1.0", "to": "172.16.4.0", "prefixLength": 24 },
    { "from": "10.0.0.0", "to": "10.10.0.0", "prefixLength": 16 }
 ],
 "allowedAddresses": [
   "192.168.1.0/24",
   "10.0.0.1/16"
 ],
 "forwardPort": true,
 "allowedPortRanges": [
   {
     "low": "1024",
     "high": 2048
   }
 ],
 "forwardProtocol": true,
 "allowedProtocols": [
   "tcp",
   "udp"
 ]
}

 

Extending microsegmentation to non-identity-aware devices

The " Allowed Source Address" feature has been launched to help OT administrators deal with machines that are unable to support the installation of software clients or tunneling agents that enforce identity-based access. This enhancement enables administrators to enforce access control beyond the identity level, down to the level of specific source IP addresses of individual machines behind the tunneler or a router. The following article covers the details about this feature including a demo & config examples. 

Traffic Analysis - Enhancement to NetFoundry Cloud Metrics

The new traffic analysis report under the "Metrics" section provides data for upto a week on the individual ingress IP / port and egress IP / Port information. This report is derived from the circuits established during the  "service dial" when identities access services in a network.

This feature would be highly useful for customers who wish to move from flat networks to microsegmented networks with least privilege access via NetFoundry. The feature would provide admins, details of specific identities, source IPs / ports  & estination IPs / ports used in a network without investing in an additional solution for traffic analysis.

Select the period for analysis:

Select the service that you would like to analyze. You can also analyze by Ingress or Egress traffic:

                     

 

Articles, updates and software releases:

Latest Blogs & Materials:

NetFoundry raises Series A venture round

Extending microsegmentation to non-identity-aware devices

EU Cyber Resilience Act: A Compliance Guide for B2B Financial Services Technology Providers

Latest Solution Recipes:

Closing Thoughts:

Watch our youtube channel and openziti channel for updates, demos and all exciting stuff on NetFoundry. If you have queries on the latest features, or have valuable feedback to share, we’d love to hear from you! Reach out to us at customer.success@netfoundry.io

 

 

Articles in this section

See more
Was this article helpful?
1 out of 1 found this helpful