Overview

This bulletin covers announcements from NetFoundry, details on features released between July 2025 & October 2025 and information on latest blogs & articles. NetFoundry is thrilled to announce the launch of the "NetFoundry Frontdoor" and "zLAN" products. Key feature releases include Terraform & OpenTofu support and SCIM for endpoint lifecycle management. 

Launch of NetFoundry Frontdoor

NetFoundry Frontdoor: Zero-Trust Ingress Without Internet Exposure

NetFoundry’s Frontdoor is a next-generation zero-trust ingress solution designed to eliminate internet exposure for apps, APIs, and private backends. It provides a globally distributed, hardened frontend that acts as a zero-trust reverse proxy, ensuring that only fully authenticated, authorized, and encrypted connections ever reach your private resources.

Instead of relying on traditional “internet edge” architectures — public IPs, static ports, inbound firewall rules, and exposed attack surfaces — Frontdoor completely inverts the model. There are no inbound openings from the internet into your private network. Every connection is brokered by Frontdoor and delivered over an end-to-end encrypted, mutually authenticated (mTLS) channel directly to your services.

For organisations operating distributed services across cloud, on-prem, and Kubernetes environments, Frontdoor dramatically simplifies secure public exposure. The lightweight agent deploys easily as a Linux package in front of your workloads, providing instant zero-trust ingress without re-architecting your network or introducing operational complexity.

With Frontdoor, you expose your services — not your network.

With NetFoundry’s Frontdoor, organisations gain powerful control over how their public-facing resources are exposed and secured:

• Use your own domain or a NetFoundry-provided domain for your internet-facing endpoints, giving you full flexibility in how services are presented.

• Choose where your Frontdoor frontends are deployed based on performance, compliance, or geographic needs — ensuring the best experience for your users.

• Eliminate the need for dedicated public IPs for your applications or APIs. Frontdoor removes dependency on traditional internet-edge constructs.

• No inbound ports or IPs need to be opened on your firewall, significantly reducing attack surface and eliminating a major source of vulnerabilities.

• Add strong access authentication, integrating seamlessly with your preferred identity providers (IDPs), OAuth, or modern identity frameworks to enforce zero-trust access at the edge.

Frontdoor gives public reach to your apps, APIs and private backends with zero public exposure — simple, secure, and identity-driven.

Learn more about NetFoundry Frontdoor at - https://netfoundry.io/docs/frontdoor/intro 

NetFoundry Launches zLAN: Next-Gen Microsegmentation & Observability for OT Networks

NetFoundry has officially launched zLAN, a next-generation solution designed to help OT operators implement precise microsegmentation within their LAN environments while gaining deep visibility into operational traffic. zLAN brings modern zero-trust principles into traditionally flat, vulnerable OT networks—without requiring architectural overhauls.

What zLAN Delivers

🔍 Traffic Observation
Gain deep and continuous visibility into network traffic, enabling security teams to monitor flows, detect anomalies, and understand device behavior.

🛡️ Full Firewall Functionality
Apply comprehensive firewall policies—including allow/deny rules, segmentation policies, and OT-specific protections—to defend critical assets against unauthorized access and lateral movement.

🧭 Centralized Configuration & Policy Management
Manage firewall rules, zLAN devices, and segmentation policies from a single, unified console for simplified operations and consistent enforcement.

WAN + LAN Microsegmentation Combined

Every zLAN firewall includes NetFoundry ERT router capabilities, enabling organizations to unify:

• LAN microsegmentation (zLAN)

• WAN microsegmentation (NetFoundry Network Fabric)

This provides seamless end-to-end zero trust across OT sites, data centers, and cloud environments.

zLAN is now available as part of our NetFoundry On-Prem offering.
Learn more here: https://netfoundry.io/docs/zlan/intro

What’s Coming Next

We’re actively building advanced capabilities that will further expand zLAN’s power and applicability. Upcoming features include:

• Unified control plane for NetFoundry Network + zLAN

• L2 microsegmentation

• L2 visibility & traffic insights

• Dynamic routing integration

• L7 visibility & analytics

• Industrial protocol filtering and deep inspection

Full details on future capabilities are available here:
https://netfoundry.io/docs/zlan/intro#future-capabilities

Terraform Support Now Available on NetFoundry Cloud v8

NetFoundry has introduced full support for automating network deployments and operations using Terraform and OpenTofu. This enhancement enables customers to shift from direct API usage to a modern Infrastructure-as-Code (IaC) workflow, making it easier than ever to deploy, manage, and scale their zero-trust network infrastructure programmatically.

With this integration, customers can:

• Automate creation and lifecycle management of networks, services, policies, identities, endpoints, and more

• Apply version control and repeatable infrastructure patterns via IaC

• Standardize network provisioning across environments (cloud, on-prem, hybrid)

• Reduce configuration drift and manual errors

• Seamlessly integrate NetFoundry network automation into CI/CD pipelines

Provider References

Terraform Provider:
https://registry.terraform.io/providers/netfoundry/ziti/latest/docs

OpenTofu Provider:
https://search.opentofu.org/provider/netfoundry/ziti/latest

Getting Started Guide

A comprehensive guide — including instructions for creating the management identity, installing the Ziti CLI, configuring the provider, and using Terraform with practical examples — is available here:
https://support.netfoundry.io/hc/en-us/articles/41001773388429-Infrastructure-as-Code-IaC-with-Terraform-NetFoundry-Cloud-v8

SCIM Integration Support in NetFoundry Cloud

The ClientSync capability introduced in NetFoundry Cloud v7 has been significantly enhanced in NetFoundry Cloud v8, now offering full SCIM integration support.

Customers can seamlessly integrate their preferred identity providers — such as Entra ID, Google Workspace, Okta, and others — to automate identity and endpoint operations within NetFoundry.

What SCIM Support Enables:

• Automated endpoint provisioning on the NetFoundry console

• Full lifecycle management (edit, update, disable, remove) of endpoints

• Consistent and scalable identity governance across large environments

• Reduced operational overhead and manual provisioning errors

SCIM support brings modern identity automation to NetFoundry networks, enabling enterprises to manage thousands of endpoints with precision and ease.

Dynamic Proxy Support for K3s Edge Routers

NetFoundry Kubernetes Edge Routers (ERs) now support dynamic service configuration updates starting from Ziti version 1.7.0 and above.

Previously, any change to a service configuration (including added or updated port mappings) required:

1. Manual updates to the Helm chart

2. Redeployment of the Kubernetes Edge Router

With this enhancement:

• No redeployment is required

• No manual Helm updates are needed

• ERs dynamically adopt new or modified service definitions

• Operations become faster, safer, and significantly more DevOps-friendly

This improvement streamlines service onboarding and lifecycle management in Kubernetes environments.

New Global Regions for NetFoundry-Hosted Routers

NetFoundry Cloud has expanded its global fabric footprint, now spanning 154 cloud data centers worldwide. Customers can deploy NetFoundry-hosted public routers in newly added regions across all major cloud providers:

• AWS: 32 regions

• Azure: 39 regions

• Google Cloud: 42 regions

• Oracle Cloud: 41 regions

To deploy routers in any of these geos, simply select the desired region in the console. If you need support for a cloud region that’s available on AWS, Azure, GCP, or OCI but not yet listed in the NetFoundry console, please contact us — we can make it available.

Articles, updates and software releases:

Latest Blogs & Materials:

• Siemens partners with NetFoundry to launch Sinec Secure Connect for OT zero trust networking

• NetFoundry for AI - Private MCP Servers: The Missing Link in Secure Agentic AI Stacks

• Infrastructure as Code (IaC) with Terraform – NetFoundry Cloud v8 

• IDP Authorization for Ziti Desktop Edge for Mac (ZDE)

• How to Secure SPA API Calls Without Exposing Your Backend

Follow our ziti releases at - https://github.com/openziti/ziti/releases

Updated WDE released - https://github.com/openziti/desktop-edge-win/releases

Updated Linux tunneler released (check that your ERs and controller are on the same version as the tunneler) - https://github.com/openziti/ziti-tunnel-sdk-c/releases

Watch the announcements section for announcements about the NetFoundry cloud services. 

Closing Thoughts:

Refer our docs at https://netfoundry.io/docs and videos at our youtube channel & openziti channel for updates, demos and all exciting stuff on NetFoundry. If you have queries on the latest features, or have valuable feedback to share, we’d love to hear from you! Reach out to us at customer.success@netfoundry.io