Virtual TUN adapter protects all applications on device
Overcome the toughest network conditions
The virtual Network Security Appliance features VLESS, XTLS-Reality, and XHTTP encapsulation of your packets, optimized for DPI, CGNAT, and mobile data (LTE/5G) connections.
Issue unique user IDs for unlimited users & devices on Windows, MacOS, Linux, iOS, and Android. Operating cost from $5/mo with 1 TB/mo of bandwidth included.
★★★★★
“State-of-the-art security with minimal network overhead and jitter for real-time applications”
Designed for mobile professionals and digital nomads
Deploy your Appliance
Choose your provider and deploy your Network Security Appliance with a few clicks. For a limited time, we cover the first year of your hosting costs. *
* up to a $60 value
Better than shared IP address pools
Complete network security appliance
Ensure strict data privacy across public networks (airports, cafes, short-term rentals) without performance degradation. Transport profiles natively align with TLS 1.3 encrypted HTTP/2 or HTTP/3 standards, ensuring your private cloud instance interfaces seamlessly with enterprise deep packet inspection (DPI) security environments.
✱
VLESS Transport Protocol
A lightweight, next-generation transport protocol designed for maximum throughput without the multi-layer encryption overhead found in legacy tunnel architectures.
✱
XTLS-Reality + XHTTP Signature
The XTLS framework optimizes the cryptographic handshake by aligning with standard HTTPS “Hello” parameters. XHTTP ensures packet delivery signatures match normal, compliant TCP web traffic.
✱
Unlimited Users & Devices
An intuitive interface for provisioning unlimited secure access configurations and automated QR profiles. Easily delegate access to authorized team members, while integrated client-side network kill-switches prevent accidental data exposure.
✱
Compatible with Hyper-Converged Sovereign Appliance
Split-tunneling is supported so you can access the WireGuard tunnel of your virtual office on the Sovereign Appliance while utilizing the high-performance transport layer of your Network Security Appliance.
✱
Business/Residential IPs Available (additional set up)
Through upstream configurations with Charter, Spectrum, T-Mobile, & Windstream, the Network Security Appliance supports cascading WireGuard tunnels where traffic exits through a high reputation US/UK/CA broadband IP (vs. datacenter IP).
✱
Optimized for performance
Our optimizations minimize the fragmentation of UDP packets such as DNS lookups and QUIC (HTTP/3) traffic to ensure the best performance possible for real-time applications such as WebRTC or YouTube streaming.
What IP address will I have?
The standard Network Security Appliance routes traffic through a dedicated datacenter IP, which you can rotate at any time inside your cloud provider’s control panel.
With the business/residential add-on, you can chain a third-party provider’s WireGuard profile (subscribed separately) as an upstream node. This allows your traffic to exit from a major broadband provider’s IP address while maintaining full XTLS-Reality obfuscation from your physical location.
Who is this suitable for?
The Network Security Appliance is engineered for mobile professionals, digital nomads, and privacy-conscious users looking to protect their data from “session hijacking” threats on public networks, while securing their baseline traffic from commercial “dragnet surveillance” by internet service providers.
Who has access to my data or traffic logs?
Only you. Because the Network Security Appliance deploys directly onto your personal cloud account (Akamai, DigitalOcean, or Vultr), you own the entire virtual infrastructure. We have zero visibility into your traffic, we maintain no central databases of your activity, and we cannot log your data. You retain 100% cryptographic control over your network node.
Do I need network engineering experience to set this up?
Not at all. We engineered the Network Security Appliance for a simple deployment. Once you choose your preferred cloud infrastructure provider, our automated script provisions the server and handles the complex cryptographic routing configurations for you in minutes. You are then presented with a clean, intuitive management interface to easily generate access profiles or QR codes for your devices.
$499 $439
set up
Network Security Appliance
High-performance transport security gateway using advanced VLESS, XTLS-Reality, and XHTTP encapsulation to protect remote workforce data sessions across unsecured public and hospitality networks.
Can be used with Sovereign Appliance or separately.
✓
Provision unlimited unique cryptographic identifiers (UUIDs) for remote team nodes
✓
Standard TLS handshake alignment to natively match normal TCP web traffic signatures
✓
Deep Packet Inspection (DPI) resilience across strict enterprise routing fabrics
✓
Ultra-low infrastructure overhead with cloud hosting starting from $5/mo
✓
Centralized provisioning hub to easily generate client subscription URLs and automated deployment QR codes
✓
Supports cascading upstream tunnels to exit traffic via an optional high-reputation US business residential IP