Skip to main content

NetFoundry zLAN

NetFoundry zLAN is a micro-segmentation solution for operational technology (OT) networks. It deploys software-based firewall agents on Linux machines and manages them centrally through a web console, giving you traffic visibility and consistent policy enforcement across your OT environment.

zLAN requires NetFoundry Self-Hosted, NetFoundry's supported, maintained, and extended version of OpenZiti.

What's included

  • Firewall management: Deploy firewall agents on Linux machines and manage them from the zLAN console. Each firewall supports multiple interfaces, VLANs, and independent rule sets.
  • Firewall rules: Create allow and deny rules by traffic type (HTTP, HTTPS, SSH, RDP, LDAP, or custom TCP/UDP), direction, source, destination, and port range.
  • Network discovery: Passively observe traffic flows across all your firewalls. Filter by source, destination, port, and protocol, and create rules directly from discovered flows.
  • Routing: Configure static routes or enable dynamic routing protocols (OSPF, EIGRP) per interface. Enable VRRP for high-availability failover.
  • Rule import and export: Move rule sets between firewalls using CSV, JSON, or YAML files.
  • Offline deployment: Install in air-gapped environments using a self-contained bundle that requires no internet access.

How it works

Each zLAN firewall agent is an OpenZiti router that connects to the OpenZiti controller over TLS. For a deeper look at the architecture, see the OpenZiti architecture overview.

Start here

Start with Get started with NetFoundry zLAN to deploy your first firewall.