Every major Zenarmor release tells a story about where enterprise security is heading, and version 2.5 is no different. This release is squarely focused on three things that security and IT leaders have been asking for: deeper integration with the tools already living in their security stack, faster and more scalable deployment operations, and the kind of real-time threat awareness that lets teams act before damage is done.
Zenarmor 2.5 ships with four new capabilities, a meaningful set of platform improvements, and a handful of targeted bug fixes. Whether you are running a lean IT team at a mid-market company or managing a complex distributed environment across hundreds of sites and thousands of endpoints, this release has something that will make your day-to-day operations meaningfully better.
Let's get into it.
What's New in Zenarmor 2.5
CrowdStrike Integration for Zero Trust Network Access (ZTNA) Device Posture Check
The Challenge
For years, organizations's VPN / ZTNA solutions and their endpoint detection and response (EDR) platform operated in separate silos. A device could be flagged as compromised or high-risk in CrowdStrike Falcon, yet that same device would continue to have full access to internal networks and applications because the two systems had no way to communicate with each other. Security teams were left manually correlating data across platforms, often after the fact, and policy enforcement lagged dangerously behind the actual risk posture of devices on the network.
This is not a theoretical problem. In environments where contractors, BYOD devices, and remote workers are the norm, the attack surface exponentially increases as the device count increases. A device that fails a posture check should lose access immediately, not at the next manual review cycle.
The Zenarmor Solution
Zenarmor 2.5 introduces CrowdStrike integration for ZTNA device posture checks. Zenarmor now synchronizes device Zero Trust Assessment (ZTA) scores directly from CrowdStrike Falcon continuously. Administrators can build Private Access Policies that use these synchronized ZTA scores as "a dynamic" enforcement criteria, meaning access to private network resources is granted or denied based on continuously updated device health data pulled straight from CrowdStrike.
If a device's ZTA score falls below a defined threshold, access is automatically restricted without manual intervention. The policy enforces itself.
Why This Matters
True Zero Trust is not a static configuration; it is a continuous evaluation loop. By pulling real-time posture data from CrowdStrike Falcon, one of the most widely deployed EDR platforms in the enterprise, Zenarmor ensures that access decisions reflect the device's actual security state at any given moment.
For organizations already running CrowdStrike as part of their security stack, this is a force multiplier. You are not adding a new tool or a new process. You are connecting two systems you already trust and letting them work together to automatically enforce the access policy. That is the kind of integration that reduces alert fatigue, closes enforcement gaps, and makes your existing security investments work harder.
Automated Provisioning of Gateways at Scale
The Challenge
Scaling security infrastructure across a distributed environment is one of the more demanding operational challenges IT and security teams face today. Whether an organization is expanding into new branch offices, standing up retail locations, extending to edge computing nodes, or securing cloud-hosted workloads, the pace of that growth demands tooling that can keep up. In environments where speed matters, a new branch office needs to be secured before it goes live, and a new cloud region needs to be protected before workloads are migrated to it. Security must adapt to the pace of the business, not lag behind.
As organizations grow their Zenarmor deployments to match that pace, the natural next step is to enable administrators to provision multiple gateways in a single, coordinated operation rather than sequentially, reducing the time between infrastructure expansion and full security coverage. That is exactly what this update delivers.
The Zenarmor Solution
Zenarmor 2.5 updates the one-liner installation script to support bulk gateway operations. Administrators can now install or add multiple gateways in a single operation, dramatically reducing the time and effort required to bring new infrastructure online. What previously required individual attention for each gateway can now be handled in one coordinated step.
Why This Matters
Organizations with large branch footprints or who are aggressively expanding their footprint can now attach Zenarmor protection with greater ease and consistency across every gateway in their environment. For MSSPs and partners managing multiple client environments, this is particularly impactful. Onboarding a new client or expanding an existing deployment now happens in a fraction of the time, with the confidence that every gateway is configured correctly from day one.
It also reinforces one of Zenarmor's core architectural advantages over cloud-only SASE: the ability to instantly deploy security exactly where you need it, on your infrastructure, on your timeline, without waiting for a vendor to provision capacity in a cloud POP that may or may not be geographically optimal for your users.
Real-Time Threat Alert Notifications for SSE and Higher Subscriptions
The Challenge
Visibility without action is just noise. Security teams are already drowning in data, and the last thing anyone needs is another dashboard to check. The real problem is not a lack of information; it is a lack of timely, targeted, actionable signals. When something important happens on the network, whether it is a spike in blocked malware detections, a command-and-control callback attempt, or a policy violation pattern that suggests a compromised device, security teams need to know about it immediately, not when they happen to log in and run a report.
For distributed organizations where a single administrator might be responsible for monitoring dozens of gateways and hundreds of endpoints, the manual review model simply does not scale. Threats move faster than scheduled check-ins.
The Zenarmor Solution
Zenarmor 2.5 introduces automated email-based threat-alert notifications for SSE and SASE-tier subscriptions. Administrators can now define specific criteria,, and patterns that matter to their environment, and Zenarmor will automatically send alerts when those conditions are met. This is not a generic notification system. It is a configurable alerting framework that lets administrators focus on the signals that are most relevant to their specific threat model and compliance requirements.
Alerts are designed to drive immediate action, giving administrators the context they need to investigate and respond quickly rather than hunting through logs after the fact.
Why This Matters
The gap between detection and response is where breaches happen. By pushing real-time alerts to administrators based on criteria they define, Zenarmor significantly narrows that gap. A security team that knows about a threat within minutes of detection is in a fundamentally different position than one that discovers it hours later during a routine review.
This capability also has real compliance implications. Many regulatory frameworks, including those governing financial services, healthcare, and critical infrastructure, require documented evidence of timely threat detection and response. Automated alerting with configurable thresholds provides both the operational capability and the audit trail to support those requirements.
For lean security teams managing complex environments, this is the difference between being reactive and being proactive. And in security, being proactive wins.
Zenarmor Endpoint Application on Docker Containers for ZTNA and SASE Subscriptions
The Challenge
Containerized environments present a unique security challenge. As organizations accelerate their adoption of Docker and Kubernetes for application workloads, the security tooling available for those environments has struggled to keep pace. Traditional endpoint agents are designed for operating systems, not containers. Cloud-only SASE solutions can protect traffic leaving the network, but they cannot provide inline security inspection and Zero Trust private access for workloads running inside containerized infrastructure without forcing all traffic out to a cloud POP and back, introducing latency and creating architectural complexity that undermines the efficiency gains containers are supposed to deliver.
For organizations running containerized workloads in on-premises data centers, edge locations, even ephemeral networks or private cloud environments, this creates a genuine blind spot. The workloads are there, the traffic is flowing, but the security coverage is either absent or dependent on a cloud detour that defeats the purpose.
The Zenarmor Solution
Zenarmor 2.5 extends the SASE application to Docker containers and is available to ZTNA and SASE subscribers. Organizations can now deploy Zenarmor SASE directly as an endpoint within containerized environments, bringing the full suite of Zenarmor's security and private access capabilities to Docker workloads without requiring a separate physical or virtual appliance. This means containerized applications can participate in private secure networks, have their traffic inspected and controlled by policy, and be managed through the same Zenconsole interface as every other endpoint in the organization.
Why This Matters
This is a natural and important extension of Zenarmor's Plug.SASE.Everywhere philosophy. Security should follow the workload, not the other way around. As more organizations shift critical workloads to containers, the ability to deploy Zenarmor natively in those environments ensures that security coverage keeps pace with evolving infrastructure.
It also highlights a fundamental limitation of cloud-only SASE architectures. A vendor whose security model depends on routing traffic through their cloud infrastructure cannot protect workloads that should never leave your environment in the first place. Zenarmor's decentralized, deploy-anywhere model means that containerized workloads in a data center, a manufacturing-floor edge node, or a development cluster receive the same level of protection as a remote worker connecting from a hotel in another country.
Improvements Worth Noting
Beyond the headline features, Zenarmor 2.5 ships with several improvements that will make a real difference in day-to-day operations.
Improved Performance on Secure Private Networks. Latency between secure private network peers has been meaningfully reduced, resulting in faster and more reliable connections. For organizations relying on Zenarmor's Zero Trust overlay networks for real-time collaboration, voice, or latency-sensitive applications, this is a direct quality-of-life improvement.
Bulk Gateway Updates Across the Organization. Administrators can now push updates to all gateways in their organization in a single operation. Combined with the bulk provisioning capability introduced in this release, this makes large-scale gateway fleet management significantly more efficient. Consistency across your gateway estate is no longer a manual effort.
Endpoint Application Update via CLI. For Linux environments and headless deployments, users can now update their endpoint applications directly from the command line with the --update-app helper command. This is a small but meaningful improvement for teams managing endpoints in server or containerized environments where a GUI is not available.
Subscription Expiration Visibility in the Subscriptions List. An info icon now appears next to subscriptions approaching expiration, giving administrators an at-a-glance warning before service interruption occurs. It is a simple addition, but the kind of operational detail that prevents avoidable disruptions.
Simplified macOS Uninstallation. Zenarmor endpoint applications on macOS can now be removed by dragging the app to the Trash, with the engine fully uninstalled in the process. Clean, simple, and consistent with how macOS users expect software removal to work.
Subscription-Aware Policy Configuration. The policy configuration page now displays only the features available under the user's current subscription tier. This reduces confusion and streamlines the configuration experience, particularly for organizations managing multiple subscription types across their environment.
Bug Fixes
Zenarmor SASE 2.5 also resolves several issues that have been affecting specific environments and use cases:
- Multiple DNS records being generated in Microsoft Active Directory environments for Windows endpoints registered to Secure Private Networks have been resolved.
- Category and Signature labels in the blocked sessions details pane within Gateway Live Sessions and Centralized Live Sessions are now fully visible.
- Certain CASB applications that could not be blocked are now correctly enforced.
- HTML tags displaying incorrectly in warning messages on the OPNsense UI have been fixed.
- Applications incorrectly labeled as "Dynamic Classifier" during Live Sessions are now identified correctly.
Closing Thoughts
Zenarmor SASE 2.5 is a release that rewards organizations that are thinking seriously about how their security infrastructure needs to evolve. The CrowdStrike integration for device posture is a statement about where ZTNA is going: toward continuous, automated, data-driven enforcement that does not depend on manual oversight or static rules. The bulk provisioning and bulk update capabilities are a statement about how security operations need to scale: efficiently, consistently, and without creating a deployment tax that slows down the business. The Docker endpoint support is a statement about the future of the workload: wherever it runs, security follows.
If you are already a Zenarmor customer, updating to 2.5 is fast & straightforward. If you are evaluating Zenarmor for the first time, this release is a strong representation of what the Plug.SASE.Everywhere approach looks like this in practice: instant, simple, comprehensive, flexible, and built for how modern organizations actually operate.
For full release notes, visit zenarmor.com/docs/support/release-notes.
