Firezone Blog

Action required: Windows MDM policies move to the machine scope in 1.5.13

Jamil Bou Kheir — Thu, 04 Jun 2026 00:00:00 GMT

Windows Client 1.5.13 reads MDM policy from the machine-scoped registry hive instead of the per-user hive. If you manage the Client with Intune or another MDM, learn how to import the updated ADMX template and migrate your policy.

The enterprise identity crisis: Who's Alice?

Jamil Bou Kheir — Mon, 11 May 2026 00:00:00 GMT

Alice signs in with Google and Okta. Same email address. Different identities. Which one got production access? In this post we answer this question and more by exploring the challenges of multi-provider identity in zero trust applications.

A New Look for Firezone

Brian Manifold — Tue, 14 Apr 2026 00:00:00 GMT

Announcing the new user interface for the Firezone portal, designed to be more intuitive, faster, and more accessible.

April 2026 Devlog

Jamil Bou Kheir — Thu, 30 Apr 2026 00:00:00 GMT

Filter-aware routing on clients fixes a long-standing overlapping-resource bug, the macOS menu bar app stays running under memory pressure, smarter RTT-aware relay selection, and improved Linux network-change detection.

March 2026 Devlog

Jamil Bou Kheir — Tue, 31 Mar 2026 00:00:00 GMT

A 25% reduction in client and gateway CPU usage from connlib performance optimizations, Google Workspace group filtering for directory sync, and smaller fixes for DNS forwarding and relay reliability.

February 2026 Devlog

Jamil Bou Kheir — Sat, 28 Feb 2026 00:00:00 GMT

Faster sign-ins from distant regions via regional read replicas, automatic tunnel-service recovery on Windows and Linux, OS-native connection-failure notifications on clients, and browser-based authentication for headless clients.

January 2026 Devlog

Jamil Bou Kheir — Sat, 31 Jan 2026 00:00:00 GMT

Multi-region infrastructure with database read replicas and Postgres clustering. Portal performance improvements with Bandit HTTP server and WebSocket rate limiting. Enhanced partition tolerance for gateways and relays.

December 2025 Devlog

Jamil Bou Kheir — Wed, 31 Dec 2025 00:00:00 GMT

Major portal architecture refactor collapsing umbrella apps, authentication system restructuring, relay connection reliability improvements, and database performance optimizations.

November 2025 Devlog

Jamil Bou Kheir — Sun, 30 Nov 2025 00:00:00 GMT

DNS over HTTPS support, Swift 6.2 upgrade for Apple clients, Wayland support for the Linux GUI client, and various Gateway reliability improvements.

Nov 28 2025 Incident Post-Mortem

Jamil Bou Kheir — Fri, 28 Nov 2025 00:00:00 GMT

On November 28, 2025, a PII leak incident occurred affecting a small number of user names and email addresses. This post-mortem details the incident, its impact, and the steps we're taking to prevent future occurrences.

Scheduled Maintenance - December 6, 2025

Firezone Team — Sat, 22 Nov 2025 00:00:00 GMT

Firezone will undergo scheduled maintenance on Saturday, December 6, 2025 from 8:00 PM to 10:00 PM Pacific Time to roll out major improvements to authentication, directory sync, and user and group management. We expect only a few minutes of downtime.

October 2025 Devlog

Jamil Bou Kheir — Fri, 31 Oct 2025 00:00:00 GMT

October delivered substantial improvements to Gateway observability, Linux networking stack refinements, and new deployment mechanisms. This month's work focused on implementing comprehensive flow logging, addressing routing conflicts through tiered routing tables, and introducing native Debian packages for easier deployments.

September 2025 Devlog

Jamil Bou Kheir — Tue, 30 Sep 2025 00:00:00 GMT

September brought significant improvements to Firezone's networking stack, administrative tooling, and cross-platform reliability. This month's work focused on optimizing relay performance through eBPF, improving DNS resolution behavior, and enhancing the admin portal's visibility into client and Gateway states.

Migrate your Internet Resource by March 15, 2025

Jamil Bou Kheir — Sun, 16 Feb 2025 00:00:00 GMT

We're making some changes to the way Internet Resources work to improve security and performance. Migrate your Internet Resources by March 15, 2025 to avoid any interruptions.

September 2024 update

Jamil Bou Kheir — Mon, 02 Sep 2024 00:00:00 GMT

In this update:

New feature: Internet Resources
New feature: REST API Beta
New feature: Improved wildcard matching for DNS Resources
Blog post: sans-IO: The secret to effective Rust for network services

sans-IO: The secret to effective Rust for network services

Thomas Eizinger — Tue, 02 Jul 2024 00:00:00 GMT

Firezone's data plane extensively uses the sans-IO design pattern. This post explains why we chose it and how you too can make use of it.

June 2024 update

Jamil Bou Kheir — Fri, 21 Jun 2024 00:00:00 GMT

In this update:

New feature: Conditional access policies
Blog post: Using Tauri to build a cross-platform security app
Blog post: Improving reliability for DNS Resources
New support page for getting help with Firezone.
New changelog page with release notes for every component we ship.

Improving reliability for DNS Resources

Jamil Bou Kheir — Thu, 20 Jun 2024 00:00:00 GMT

We're making some changes to the way DNS Resources are routed in Firezone. These changes will be coming in Client and Gateway versions 1.1 and later. Continue reading to understand how these changes will affect your network and what you need to do to take advantage of them.

Using Tauri to build a cross-platform security app

ReactorScram — Tue, 11 Jun 2024 00:00:00 GMT

We chose Tauri over other frameworks because it was the fastest way to get the Firezone Client working on Linux and Windows.

How DNS works in Firezone

Gabriel Steinberg — Wed, 08 May 2024 00:00:00 GMT

Firezone's approach to DNS works a bit differently than one might expect. One question we often get from new users is, "why do my DNS Resources resolve to a different IP address with Firezone enabled?". Great question -- read on to find out.

May 2024 update

Jamil Bou Kheir — Wed, 01 May 2024 00:00:00 GMT

In this update:

New feature: Traffic restrictions
Blog: How DNS works in Firezone
Connectivity and reliability improvements

April 2024 update: GA

Jamil Bou Kheir — Mon, 01 Apr 2024 00:00:00 GMT

Firezone 1.0 GA is now available! Also in this update:

Firezone 1.0 signups are now open
New Team plan with self-serve billing
Clients available for Windows, macOS, iOS, Android, and Linux
Network roaming support

March 2024 update

Jamil Bou Kheir — Fri, 01 Mar 2024 00:00:00 GMT

Firezone 1.0.0-pre.9 is released! In this update:

Windows and Linux betas
Directory sync for Microsoft Entra ID and Okta
Improved performance and stability

January 2024 update

Jamil Bou Kheir — Mon, 01 Jan 2024 00:00:00 GMT

Happy new year from the Firezone team!

After a long year of building, we're incredibly excited to announce 1.0 beta testing for Apple and Android platforms. Firezone 1.0 is an entirely new product with a brand new architecture that includes many of the features you've been asking for. To summarize just a few:

Enterprises choose open source

Jeff Spencer — Wed, 06 Dec 2023 00:00:00 GMT

More enterprises are turning to open source software (OSS) to reduce costs, improve efficiency, and extend their competitive advantage. The core technologies chosen by organizations often persist for decades, so decisions that IT leaders make today are bound to affect their organizations’ ability to function and adapt in the future — whether that’s one year, or 10.

Secure remote access makes remote work a win-win

Jeff Spencer — Fri, 17 Nov 2023 00:00:00 GMT

The number of employees working remotely is accelerating, so secure remote access should be a large part of any organization’s cybersecurity strategy. Secure remote access lets remote and hybrid employees work from anywhere in the world, on any device, without compromising your organization’s network, data, and system security.

Firezone 1.0

Jamil Bou Kheir — Sat, 15 Jul 2023 00:00:00 GMT

Firezone comes from humble roots.

When we launched on Hacker News nearly two years ago, we never envisioned Firezone to be more than a simple tool for managing your WireGuard configurations.

Release 0.6.0

Jamil Bou Kheir — Mon, 17 Oct 2022 00:00:00 GMT

Today, I'm excited to announce we've closed the first public issue on our GitHub repository, more than a year after it was originally opened: Containerization support! We're also releasing preliminary support for SAML 2.0 identity providers like Okta and OneLogin.

Release 0.5.0

Jamil Bou Kheir — Mon, 25 Jul 2022 00:00:00 GMT

As the first post on our new blog, we thought it'd be fitting to kick things off with a release announcement. So without further ado, we're excited to announce: Firezone 0.5.0 is here! It's packed with new features, bug fixes, and other improvements — more on that below.