Pricing

Great Security is Priceless

Personal Subscriptions Business NGFW Subscriptions SSE & SASE Subscriptions
Monthly
Annual

Plug and Secure SSE

$16.00 /per-user /month
tooltip

Per-User /Month

The number of users or staff members that need Zenarmor protection.
A minimum purchase of 10 users is required
+$50.00 /per-gateway /month
tooltip

Per-Gateway /Month

The license for each gateway deployed on the network, such as a perimeter gateway running OPNsense with Zenarmor installed.Note: If you deploy Zenarmor directly on the user’s endpoints, such as on Windows or MacOS, and do not utilize a gateway, this license is not required.
Must be purchased with user licenses; not sold separately.
Perfect for organizations of all sizes seeking web and application security, along with network visibility and control over their remote or distributed workforce.
Start Now!
Full TLS inspection
Customizable web filtering (SWG)
Cloud Access Security Broker (CASB)
Advanced security
Customizable reporting
Application & Ad control
Customizable policy-based filtering
Device ID & Asset discovery
SSO/SAML User authentication
RESTful API
Enterprise support
High Availability (HA)
Policies
Unlimited customizable
Deployment Options
Directly on user endpoints such as Windows, MacOS, and Linux.
On a gateway
Compare Plans

Plug and Secure SASE

$28.00 /per-user /month
tooltip

Per-User /Month

The number of users or staff members that need Zenarmor protection.
A minimum purchase of 10 users is required
+$50.00 /per-gateway /month
tooltip

Per-Gateway /Month

The license for each gateway deployed on the network, such as a perimeter gateway running OPNsense with Zenarmor installed.Note: If you deploy Zenarmor directly on the user’s endpoints, such as on Windows or MacOS, and do not utilize a gateway, this license is not required.
Must be purchased with user licenses; not sold separately.
This solution suits organizations of any size looking for web and application security, visibility, and control, while ensuring secure private access to resources for their remote or distributed teams. It is an excellent choice if you need a VPN or MPLS alternative in addition to web security.
Start Now!
Everything in Plug and Secure SSE, as well as:
Plug and Secure SSE + Zero Trust SDWAN
Zero Trust Network Access (ZTNA)
Tooltip for undefined

Endpoint to gateway Gateway to gateway
P2P Mesh Overlay Networks
Microsegmentation
Policies
Unlimited customizable
Deployment Options
Directly on user endpoints such as Windows, MacOS, and Linux.
On a gateway
Compare Plans

Get in Touch

Are you looking for a tailored and flexible solution that doesn't fit with our other subscription options? We're here to assist you. Don't hesitate to reach out to our sales team; we're eager to help. Just click “Start Now” to initiate the onboarding process.
Start Now!
In the meantime, for those proactive individuals ready to dive in, you can swiftly explore all the features and capabilities of Zenarmor before finalizing your purchase.

Get Edu Pricing

Zenarmor is committed to supporting Educational Institutions and Non-profit organizations by providing Zenarmor at special rates.
Read More

Become a Partner

Request information on the benefits of becoming a Zenarmor Partner.
Let's Start
Free
Start Now!
Plug and Secure Home
Start Now!
Business NGFW
Start Now!
Plug and Secure SSE
Start Now!
Plug and Secure SASE
Start Now!
Performance
Inspection Throughput (Per CPU Core)Up to 5 GbpsUp to 5 GbpsUp to 5 GbpsUp to 5 GbpsUp to 5 Gbps
Vertical Scalability
Horizontal Scalability
Visibility Watch
Near real-time reporting & logging
Drill-down Advanced Network Analytics
More than 60 pre-defined reports
Application visibility & reporting
Web/DNS/TLS Reporting
Reverse DNS Lookup for Reports
Custom Reports
Exporting Reports
Device Identification & Asset Discovery Watch
Security Watch
Protects all ports
Protect all users / devices
Auto-blocking based on Realtime Threat Intelligence
Malicious server filtering
Phishing server filtering
Protection against new Malware/Virus/Phishing outbreaks
Blocking newly registered/recovered/Dead/DynDNS sites
Automatic Botnet Filtering
Blocking DNS tunnels
Cloud Central Management Watch
Cloud ManagementUp to 3 NodesUp to 3 Nodes Unlimited Nodes Unlimited Nodes Unlimited Nodes
Centralized ReportingUp to 3 NodesUp to 3 Nodes Unlimited Nodes Unlimited Nodes Unlimited Nodes
Centralized Policies
Cloud Scheduled Reports
Number of Additional Admins Allowed per FirewallUp to 1 Unlimited Unlimited Unlimited
Role-based Firewall Management
Project SharingUp to 1 userUp to 3 users Unlimited Unlimited
Organization-Focused, Muti-Tenant Capable Management Dashboard Watch
Cloud Threat Intelligence
Cloud Web Categorization
Cloud Threat Intelligence
Automatic Botnet Detection
Filtering & Compliance
URL Blocking
Application Control
Ad Blocking
Policy Based Safe Search Enforcement
Number of categorized Web sites300+ Million300+ Million300+ Million300+ Million300+ Million
Customizable Web Categories / Whitelisting
Custom Application
DNS based content filtering
TLS/QUIC SNI based filtering
Web & URL Filtering Watch 3 Preset ProfilesFully CustomizableFully CustomizableFully CustomizableFully Customizable
Customized Landing Pages for Blocked Sessions Watch
Bypass Codes Feature Watch
Device Access Control Watch
User Based Filtering Watch
Identity and Access Management (Built-In Authentication, Google Cloud Identity, SAML 2.0 for Azure Entra ID, Google, Okta)
User based reporting (Captive Portal)Up to 5 devicesUp to 5 devices
User based reporting (AD/LDAP)Up to 5 devicesUp to 5 devices
User based filtering policies (Captive Portal)
User based filtering policies (AD/LDAP)
Policy Based Filtering Watch
Filtering policies according to Subnet / IP Addresses
Filtering policies according to User/Groups
Time-based/scheduled filtering
Filtering policies according to Interface / VLAN
Ability to create filtering exemptions
Number of policies Watch 1 (Default)Up to 5 policies (Default + 4) Unlimited Unlimited Unlimited
High Availability
HA with Configuration Synchronization
Hardware Bypass Support (requires bridge mode)
Transparent Policy Based TLS Inspection
Light-weight Certificate-Based TLS Inspection
Zenarmor performs light-weight certificate-based TLS inspection analysis in the early stages of the TLS session to determine the remote hostname, web category and application type. In this mode the encrypted payload remains encrypted.
Full TLS Inspection
Watch
Zenarmor performs Full TLS Inspection by decrypting the packet contents, doing thorough deep packet inspection, and then re-encrypting the packet contents. This mode offers the best visibility and security.

PLEASE NOTE: For this mode to work correctly, a trust certificate is required to be installed on devices requiring full TLS Inspection. This inspection always happens directly on your devices or gateways and NO information about the encrypted payload is recorded or stored by Zenarmor giving you ultimate privacy and control.
Cloud Access Security Broker (CASB) Watch
Granular Cloud Application Controls
Zero Trust Network Access (ZTNA) Watch
Encrypted P2P overlay networks
Encrypted Mesh overlay networks
Microsegmentation
Access Control based on users, groups, location and device posture
Reporting and Visibility
Integrations Watch
Reports streaming to external Elasticsearch Servers
Reports streaming to external Syslog Servers
Community ID Flow hashing
Number of Devices
Number of protected devices Unlimited Up to 200 devicesBased on PlanBased on PlanBased on Plan
Number of Endpoint Deployments
Watch
As of Zenarmor 1.18 you can deploy Zenarmor directly on your endpoint with all inspection happening directly on the devices network interface.
WindowsBased on PlanBased on Plan
MacOSBased on PlanBased on Plan
LinuxBased on PlanBased on Plan
API Watch
RESTful API access for configuration and management
Support Options
Community Forum Support
Bundled Basic Support
Business & Enterprise Support Options

Start with Zenarmor immediately.
For Free.

Start free trial