Pricing
Choose your plan
Starter
Free
Features
- no user and location limit
- VPN locations and users management with built-in IdP/SSO
- VPN connection-level Multi-factor authentication (MFA/2FA)
- VPN Client for desktop and mobile (all platforms)
- Remote user enrollment
- Activity & Audit logs
Support: Support is provided by the community using GitHub Discussions. Read more
Limited features access Starter includes all features from Team limited to 5 users and 1 VPN location.
Team
€59
Everything in Starter, plus:
up to 85 users
up to 3 VPN locations
External OIDC (Google, Microsoft, Okta, JumpCloud)
Two-way LDAP & Active Directory sync
Secure remote enrollment via OIDC
Multi-Factor Authentication on desktop & mobile with external OIDC
Biometric MFA on mobile and desktop (using mobile device)
Real-time clients configuration updates
Automated device enrollment & provisioning
Firewall rules management with Access Control Lists
Activity & Audit log streaming to SIEM
Restrict “All traffic” mode, enforce predefined routes
REST API integration with external tools
Support: Support is provided by the community using GitHub Discussions. Read more
Business
€129
Everything in Team, plus:
- up to 250 users
- up to 5 VPN locations
Support:
- Email and ticket-based support – covering setup, configuration, and troubleshooting of the Defguard platform.
- Response time – inquiries are handled on a best-effort basis, without a guaranteed SLA.
Enterprise
Contact us
Everything in Business, plus:
- Custom VPN users number
- Custom VPN locations number
- Service VPN Locations on system boot level
- Pre-logon VPN mode
- Always-on VPN mode
Enterprise Support
- Pre-scheduled video-calls for issue resolution
- Deployment / Roll-out assistance
- Guaranteed response within 1 business day
- Custom MSA & SLA
- Pay by invoice
- Multi-year agreements
- Offline license on request
Trial Enroll into Defguard PoC and recieve a 30 day Defguard Trial license with evaluation support.
Roadmap Privileges Participation in shaping Defguard’s roadmap, with priority consideration for requested features.
Compare Features
| Feature | Starter | Team | Business | Enterprise |
|---|---|---|---|---|
| Account Limits | ||||
| Users | 5 | 85 | 250 | Custom |
| VPN Locations | 1 | 3 | 5 | Custom |
| 🔐 Enterprise Authentication & Identity | ||||
| Built-in Identity Provider (SSO) OpenID Connect provider for user authentication | ✓ | ✓ | ✓ | ✓ |
| External OIDC Authentication Login via Google, Microsoft, Okta, JumpCloud, or custom providers | — | ✓ | ✓ | ✓ |
| VPN-Level MFA (Internal) True connection-level multi-factor authentication | ✓ | ✓ | ✓ | ✓ |
| VPN-Level MFA (External SSO) MFA enforced per VPN location with external IdP (Desktop & Mobile) | — | ✓ | ✓ | ✓ |
| Secure Remote Enrollment via OIDC External OIDC for secure user enrollment and client configuration | — | ✓ | ✓ | ✓ |
| Two-way LDAP & Active Directory Sync Bi-directional synchronization with LDAP / AD | — | ✓ | ✓ | ✓ |
| Biometric MFA Use mobile device biometrics for desktop VPN authentication | ✓ | ✓ | ✓ | ✓ |
| 🖥️ Client & VPN Management | ||||
| Desktop & Mobile VPN Clients Native apps for Windows, macOS, Linux, iOS, Android | ✓ | ✓ | ✓ | ✓ |
| Real-time Client Configuration Sync Automatic, instant configuration updates to all clients | — | ✓ | ✓ | ✓ |
| Admin-only Device Management Prevent users from managing their own devices | — | ✓ | ✓ | ✓ |
| Enforced Defguard Client Usage Block configuration of non-Defguard WireGuard clients | — | ✓ | ✓ | ✓ |
| Client Traffic Policies Configure and enforce VPN client traffic behavior | — | ✓ | ✓ | ✓ |
| Service VPN Locations VPN connections established at system boot level | — | — | — | ✓ |
| Pre-logon VPN Mode Establish VPN before user login | — | — | — | ✓ |
| Always-on VPN Mode Persistent VPN connection that auto-reconnects | — | — | — | ✓ |
| 🛡️ Security & Compliance | ||||
| Access Control Lists (ACL) Define and enforce granular network access rules | — | ✓ | ✓ | ✓ |
| Activity & Audit Logs Comprehensive logging of all system activity | ✓ | ✓ | ✓ | ✓ |
| Log Streaming to SIEM Stream logs in real-time to external SIEM systems | — | ✓ | ✓ | ✓ |
| 🔌 Integrations & Automation | ||||
| Remote User Enrollment Self-service user onboarding and device setup | ✓ | ✓ | ✓ | ✓ |
| REST API Access Integrate Defguard with external systems and tooling | — | ✓ | ✓ | ✓ |
| 💬 Support | ||||
| Community Support | ✓ | ✓ | ✓ | ✓ |
| Email & Ticket Support | — | — | ✓ | ✓ |
| Priority Support & SLA | — | — | — | ✓ |
| Video Call Support | — | — | — | ✓ |
| Deployment Assistance | — | — | — | ✓ |
| 💳 Billing & Terms | ||||
| Pay by Credit Card | — | ✓ | ✓ | ✓ |
| Pay by Invoice | — | — | — | ✓ |
| Custom MSA & SLA | — | — | — | ✓ |
| Multi-year Agreements | — | — | — | ✓ |
Frequently Asked Questions
Yes. Defguard provides a 14-day evaluation license at no cost, allowing you to test the full capabilities of our enterprise VPN solution, including WireGuard®, MFA/2FA, and SSO integration.
This trial is ideal for proof-of-concept testing or evaluating Defguard in your environment. Request your evaluation license here.
All purchased and active annual subscriptions automatically renew once for the following year on the same pricing and terms as originally purchased.
For example, if you purchase an annual subscription in 2025, it will renew in 2026 at the same price and conditions you originally agreed to. From 2027 onwards, if annual subscription pricing or terms have changed, the updated pricing/terms will apply starting from the next billing cycle.
In short: this policy guarantees one renewal under the original terms for your annual subscription, after which any new pricing or updated terms will take effect.
Request a license for your non-profit organisation.
If you're a non-profit organization or an open-source project, we'd love to support you. Click the button to email us with a short explanation of your mission.