Zenarmor SASE 2.2 Release - The Breakthrough Release for MSPs, MSSPs & ISPs: Delivering Full SASE Edges on Existing Gateways and CPEs

Enterprises, mid-market teams, and service providers all face the same challenge: securing more users, devices, and locations without adding more hardware, latency, or operational burden.

Zenarmor SASE 2.2 release strengthens our SASE Anywhere Architecture" with new capabilities that deliver stronger enforcement, better visibility, and simpler operationsespecially for MSPs, MSSPs, and ISPs/Telcos.

1. OpenWRT Support: Turn Routers Into Full SASE Edges

The headline feature in Zenarmor 2.2 release is native OpenWRT support.

Most ISP-provided routers and CPEs already run OpenWRT or a variant. Zenarmor can now be installed directly on those deviceswith no new hardware, no PoP dependency, and no traffic rerouting.

For ISPs & Telcos, this unlocks:

• Offer SASE / cybersecurity as a value-added service on top of existing connectivity
• Extend advanced security and reporting to SMB and mid-market customers without shipping a second box
• Protect IoT and "unmanaged" devices that sit behind the router and can't run an agent
• Avoid backhauling traffic to a centralized PoP just to inspect it, keeping latency low and UX strong

For MSPs/MSSPs:

Easier rollout of managed SASE, secure SD-WAN overlays, and IoT/OT protection on customer sites

Bottom line: With the Zenarmor SASE Anywhere Architecture", OpenWRT support turns the already-deployed, widely used, low-cost router platform into a fully capable SASE edge at scale.

2. Device Posture Check: Real Zero Trust Enforcement

Traditional ZTNA policies look at who you are and where you are connecting from. Zenarmor 2.2 adds a crucial third dimension: what state your device is in right now.

Zenarmor 2.2 adds device posture verification into access decisionsensuring Zero Trust overlays only establish when the device is healthy and Zenarmor SSE protection is running.

This prevents "trusted but unprotected" endpoints from accessing sensitive environments and gives MSPs and ISPs a differentiated, posture-aware access servicesomething traditional VPN/overlay tools cannot offer.

3. GEO-Aware Reporting & Data Residency

Data residency is built-in by design.

When an organization is created, Zenarmor automatically keeps telemetry in-region (EU stays in EU, US stays in US).

This helps enterprises meet sovereignty expectations, and MSPs/ISPs avoid compliance risks across their multi-region customer base.

4. Scheduled Reporting: One Report, Many Audiences

Central teams can now generate organization-wide reports and schedule them for the right recipients:

• Daily or hourly: Security operations
• Daily summaries: Executives
• Weekly/monthly: Compliance teams

Perfect for MSPs/MSSPs managing multiple tenants and ISPs offering bundled security services.

5. Precision Traffic Control: Site-Specific TLS & Split DNS

Not every customer wants "decrypt everything" TLS inspection. Many mid-market organizations and service providers want a more surgical approachand this capability was a direct customer request.

Site-Specific TLS Inspection:

Enable deep inspection only for selected domainsideal for high-risk targets or sensitive services without forcing decrypt-everything policies.

Split DNS for ZTPA:

Define internal domains and use internal DNS servers only for those, simplifying ZTNA/ZTPA app access and reducing manual DNS workarounds.

6. Administrative Lock-Down on Endpoints

Admins can now control:

• Whether users can uninstall the agent
• Whether inspection can be disabled
• Whether temporary bypass is allowed

This is critical for MSPs and ISPs delivering managed security, and for mid-market enterprises preventing "shadow exceptions."

What Zenarmor 2.2 Means for You

For Mid-Market & Enterprise:

Stronger Zero Trust access, automatic data residency, role-appropriate reporting, and tamper-resistant endpoints.

For MSPs/MSSPs:

Differentiated SASE/SSE services, centralized reporting, posture-aware access, and controlled agent behavior at scale.

For ISPs/Telcos:

Instant SASE on existing OpenWRT-based CPEs, new revenue opportunities, and SASE benefits without traditional PoP architectures.

Next Steps

Existing customers and partners can now enable device posture checks, GEO-aware reporting, and OpenWRT deployments.

MSPs, MSSPs, and ISPs: Contact our team for lighthouse implementations and packaging options for your customers.

Zenarmor's ONE.APP. SASE" already runs across every edgewhether in the cloud, at the edge, or on endpointsand with the 2.2 release, that reach now extends to the edge gateways and routers already deployed in branches, customer sites, and home or home-office networks, delivering meaningful new value for ISPs, MSPs/MSSPs, and distributed enterprises worldwide.

For details of the release please check the documentation: Zenarmor SASE 2.2 Release