Skip to main content

DiscrimiNAT Firewall

A transparent NAT gateway alternative that allows product teams to discover and update narrow allowlists for their apps’ outbound connections, easily.

By domain names, not IP addresses

No CA certs or proxy config needed

TLS SNI spoofing detection

Multi-protocol: Kafka, TLS, SSH, etc

Monitor mode to discover FQDNs

Per app dry-run mode

Cloud native config and logging

Self service Terraform deployment

Built in Rust

Memory Safety

Thread Safety

High Performance


TRUSTED BY


what's being said

We really like the speed and simplicity of deployment using Terraform with the vendor-supplied modules, no need for console access,

CLOUD SECURITY ENGINEER | ENTERPRISE
on AWS and GCP

Thank you for your continuous help and support, it is greatly appreciated. The provided example was especially useful.

SRE | CORE BANKING
on AWS

I totally like the way that you solved the egress configuration as an annotation on firewall rules. This makes them nicely autonomous.

CTO | CONSULTING
on GCP

Again, thanks for the help and for the product. I've deployed the solution in multiple environments already and it is working fine.

CLOUD ARCHITECT | RETAIL
on GCP
Deep spoofing checks
including DNS
Maintenance free operation
with 0% false positives
Built in TLS and
SSH best practices
Micro Segmentation
enabler for ‘Zero Trust’
No per GB ‘data’
charges with our NAT
two½ minute demo

where we are

3 Charles Babbage Rd
Cambridge CB3 0GT
United Kingdom