Providing on-premise deployment, Defguard is valuable for organizations seeking to strengthen their security posture without depending on third-party cloud solutions that promise security but gather your data or use your company data for AI training
On-premise deployment protects data from AI
On-premise deployment protects data from AI
World's First WireGuard® VPN with 2FA/MFA - Defguard introduces unique Multi-Factor Authentication (MFA) for the WireGuard® VPN protocol, enhancing security with an added layer of user verification to support compliance with GDPR, HIPAA, PCI DSS, NIST, FISMA, and CMMC standards.
On-premise deployment protects data from AI
Our unique security approach in: architecture, Multi-Factor Authentication on WireGuard® protocol level, secure remote enrollment and onboarding provides a unique way to secure your data and applications.
Flexible Identity provider approach
- Enroll, access and manage your VPN with your current identity provider: Google, Microsoft, Okta, JumpCloud, Zitadel, Custom OIDC
- Synchronize your identity provider's Users and Groups. Disable or delete users based on your provider automatically.
- Want more cloud independence? Defguard has a built in Identity and SSO based on OpenID Connect, with group VPN access management
Enterprise ready
Enterprise ready
- Checked by professionals - defguard was thoroughly and comprehensively audited by one of the best security researchers ISEC (see full security audit).
- High Availability with multiple active-active gateways and failover for other components
- IPv6 support
- Deployment with packages, docker, Kubernetes and Terraform
- Integrated YubiKey Hardware keys management and provisioning
- Fully end-to-end tested
Easy management with beautiful UI
Effortless User Experience with secure and remote self-service onboarding and self-service management
Easy management with beautiful UI
Automatic and real time clients configuration synchronization
Easy management with beautiful UI
Control the users VPN client behavior (disable users to manage their devices, allow/block All Traffic through VPN, disable other then Defguard clients)
Easy management with beautiful UI
Beautiful and functional UI, both for management and client.
Open Source for trust and transparency
Looking for transparent and verifiable security solutions and not promises? As an open-source platform, Defguard offers full transparency, enabling organizations to verify security protocols and the actual code, ensuring trust through visible, verifiable security practices and not promises.
Integrations
- Automate processes that involve your organization's data using: API - all functionalities are exposed via REST API
- Webhooks - outgoing webhooks are a simple way for defguard to notify your systems of ongoing changes in identity management (user was added, deleted, modified) or hardware key provisioning (easily propagateGPG/PGP or SSH keys to your internal systems)
Portability & speed
We've implemented defguard in Rust for code portability, security, and speed. You can easily run defguard on various Linux-based systems on x86, arm, and other architectures (including Raspberry PI, OpenWRT, etc.) and Unix systems FreeBSD, OpenBSD, and others. We've prepared various Linux and OPNsense® (FreeBSD) but we are constantly working on other platforms.
Roadmap of what's to come
- We are fully transparent also with our roadmap and feature management - here is a detailed roadmap: https://github.com/orgs/DefGuard/projects/4/views/1
- Please take note, that our roadmap may change since we prioritize it according to our Enterprise clients needs - if you want to influence our roadmap, support us with Enterprise License purchase!
Mobile Clients
v 1.3- ACLs - VPN access management based on realtime conditions for users, groups, VPN location, …
- Observability & Access Logs
Site-to-site
v 1.4- Mobile clients with 2FA/MFA
- Site-to-site VPN management
NAT Traversal
v 1.5- Access resources without exposing them publicly