Firezone logo light
Jamil Bou Kheir

Founder

May 2024 Update

Abstract illustration of Firezone traffic filters

In this update:

Continue reading below for more details.

Traffic restrictions

At Firezone our mission is to improve your organization's security. You've already been able to define Group-based access policies to restrict access to a particular host, but we've taken this a step further. You can now add port and protocol (ICMP, UDP, and TCP currently supported) restrictions on each Resource to define even more granular access controls.

Firezone traffic restrictions

Simply add the desired filters when creating or editing a Resource, and only that type of traffic will be allowed. This is useful for allowing access to some services running on a host but not all of them.

How it works

When you add traffic restrictions to a Resource, all Gateways that can serve that Resource will immediately receive the updated Resource configuration.

Restrictions are enforced at the Gateway level. If a user tries to access a service on the host not allowed by the restriction, the Gateway will simply drop the traffic, preventing it from ever reaching the service in question.

One popular use case for traffic restrictions is segmenting access to individual services on a host. To do this, simply create a Resource for each service on the host you want to allow access to, and add the appropriate traffic restrictions to each one. Create an Resource with the TCP/22 restriction to allow SSH access for your DevOps team, then add another Resource with the TCP/443 restriction to allow access to an HTTPS service for the rest of your organization.

Traffic restrictions are supported on all Resource types, including DNS, IP, and CIDR-based Resources, and can be enabled on the Team and Enterprise plans.

Blog: How DNS works in Firezone

Firezone's approach to DNS works a bit differently than one might expect. One question we get a lot is, "why do my DNS Resources resolve to different IPs with Firezone enabled?". Great question! We've written an in-depth explanation of this in this blog post.

How DNS works in Firezone

So if you've ever wondered why your DNS Resources resolve to different IPs with Firezone enabled, or if you're just curious about how DNS works in Firezone, go read the post!

Connectivity and reliability improvements

Last but not least, we've made several improvements to the way Firezone Clients stay connected to Gateways, even when switching WiFi networks or moving between cellular, WiFi, and ethernet connections.

Connections were already quite stable before, but could take a few seconds to resume when switching networks. We've made several improvements to the way Clients handle network changes to improve reconnection times considerably, to the point where you shouldn't notice any interruption at all.

We also added more Points of Presence (PoPs) in several regions to improve latency and reliability for users in those areas. See our updated PoP list for more details on where Firezone's Relay and control plane servers are available.

Firezone Newsletter

Sign up with your email to receive roadmap updates, how-tos, and product announcements from the Firezone team.

Sign up for our newsletter