Secure Access Fabric
The encrypted, intelligent overlay that powers Zero Trust and SDWAN.
The Secure Access Fabric is the encrypted, policy-driven network overlay at the core of the evolving ZERO platform. It connects users, sites, clouds, and workloads – while enforcing Zero Trust access, segmentation, and intelligent routing across every connection.
Built on WireGuard, OpenVPN, and QUIC, the fabric provides modern, high-performance connectivity without legacy VPNs, MPLS, or rigid hub-and-spoke topologies. It supports both Layer 3 IP routing and Layer 2 bridging, integrates with identity providers, and enables real-time policy enforcement at every edge – whether through a physical or virtual EVX appliance, or the Secure Access Client.
More than just a tunnel mesh, the fabric includes routing intelligence, traffic classification, flow monitoring, observability, and service chaining. It is the foundation of both ZTNA and SD-WAN in the platform – and every packet flows through it.
Fabric protocols
Core capabilities of the fabric
Zero Trust access enforcement
Each connection point acts as a policy enforcement edge. Users and devices authenticate and are granted least-privilege access, with no implied trust or lateral movement.
Layer 2 & Layer 3 support
Choose between routed (L3) or bridged (L2) fabric modes depending on the environment – flexible enough for VLAN-heavy sites or routed WAN topologies.
Dynamic routing & path selection
Fabric nodes exchange reachability data via BGP or internal routing logic. Paths are chosen dynamically based on policy, performance, and health.
High Availability & resilience
Redundant nodes, failover tunnels, and policy sync ensure session continuity and platform resilience.
Bi-directional Quality of Service (QoS)
Traffic is classified and shaped in real time. Critical applications are prioritised, background traffic is de-prioritised, and bandwidth usage is enforced per class.
Integrated service stacking
ZTNA, FWaaS, SWG, ZT Segmentation can be layered directly into fabric nodes – without additional appliances
Link aggregation & failover
Aggregate multiple WAN links per site for bandwidth and resilience. Failover happens automatically without interrupting sessions.
Flexible connection methods
Connect to the platform with an EVX (physical or virtual), the Secure Access Client, or IPsec tunnels from your existing router or firewall.
Explore each module
Evolving ZTNA
Enable least-privilege access to apps without exposing them to the internet – no VPNs, no attack surface.
Evolving Zero Segmentation
Lock down east-west movement – isolate every device, enforce least-privilege access, and stop threats from spreading.
EVX – Zero Trust Appliance
Deploy edge-based policy and enforcement in every location – unify routing, segmentation, and security at the edge.
Evolving SDWAN
Direct and protect traffic intelligently – steer based on policy, identity, and performance across all links.
Evolving Secure Web Gateway
Protect users from web threats with inline inspection, policy controls, and real-time filtering — on any network.
Evolving CASB
Gain visibility and control over cloud app usage, enforce policies, and protect data in SaaS environments.
Secure Cloud On-ramps
Connect to your cloud environments securely – via tunnels, private interconnects, or edge fabric deployments.
SASE/SSE
Converged cloud-delivered security with optional networking – Zero Trust, SWG, ZTNA, FWaaS, and more.