Evolving ZERO Endpoint
The trusted edge of the evolving ZERO fabric
The Evolving ZERO Endpoint is the physical or virtual edge node that connects a site, branch, datacentre, or cloud environment to the full capabilities of the evolving ZERO platform. It’s the same EVX hardware and software stack – but in this context, it’s delivering the complete ZERO SDWAN experience.
Where ZTNA and access gateways serve users and applications, the ZERO Endpoint is about sites. It forms part of the Secure Access Fabric, enforcing policy, routing encrypted traffic, and extending Zero Trust enforcement to the LAN, WAN, and cloud edge.
This is where Zero Surface Architecture becomes real at the network boundary – not just for user access, but for the entire flow of traffic in and out of a location.
What it does
Forms encrypted, policy-driven overlays to other endpoints and cloud services
Applies routing, segmentation, firewall, and QoS inline
Terminates and enforces ZTNA policies for hosted services (if needed)
Directs all internet-bound traffic through the Secure Web Gateway
Aggregates multiple circuits (via CaaS or BYO) into a resilient, bonded link
Observes, logs, and enforces policy for every flow
Not simply an SDWAN appliance, but a full Zero Trust enforcement point.
Why it matters
Traditional SD-WAN appliances route packets. Maybe they shape traffic. But they assume trust. They rarely enforce Zero Trust policy, and they depend on external systems for identity, inspection, and access control.
The Evolving ZERO Endpoint is different:
It starts with deny-all
It authenticates and inspects traffic inline
It integrates directly with identity providers, ZTNA, segmentation, and observability
It participates fully in the Up and Out Topology – zero lateral movement, zero open peers
This is not an edge router. It’s a new kind of Zero Trust control point for everything that touches the network.
Delivering ZERO SDWAN
Secure SD-WAN with encrypted overlays and multi-path routing
Zero Trust Segmentation at the network layer
Firewall-as-a-Service enforcing default-deny policies
Secure Web Gateway for outbound traffic control
ZTNA enforcement for inbound service access
Deployment options
Physical appliance (EVX hardware)
Virtual instance (for cloud or on-prem virtual infrastructure)
HA pairs for fault tolerance
Multiple WAN links with active-active aggregation
The Evolving ZERO Endpoint is how the Zero Surface Architecture meets the physical world. It’s the enforcement edge of the evolving ZERO fabric, and the delivery point for our top-tier service: ZERO SDWAN.
Whether you're replacing routers, upgrading WAN connectivity, or deploying Zero Trust across your network, this is the node that makes it all happen.