Gateway Failover
Keep your team connected even when the cloud control plane is unreachable. Gateway Failover maintains a real-time synced local cache of users, resources, and access policies on every gateway — so CLI and GUI clients can authenticate, list resources, and create sessions directly through the gateway when the cloud API is offline.
Feature Details
Included Capabilities
Automatic failover — gateways detect cloud outages and activate local access within seconds
Cached RBAC data — users, teams, access policies, and ACL rules synced in real time
mTLS and token-based authentication — clients authenticate locally using certificates or cached CLI tokens
Full policy evaluation — IP conditions, time windows, and team-based rules enforced locally
Encrypted on-disk store — all cached data encrypted with AES-256-GCM at rest
Offline audit log — every failover action is recorded and flushed to the cloud on reconnection
Session reconciliation — failover sessions are synced back to the cloud for a unified audit trail
Works with shared and dedicated gateways — data isolation per organisation on shared gateways
Region-aware gateway assignment — agents and clients connect to the nearest available gateway
Client-side gateway caching — CLI/GUI clients remember gateway addresses for instant failover
Configurable grace period — define how long to wait before entering failover mode
Available on Business and Enterprise plans
Live Preview
Feature Overview
Secure Access — Overview
Zero Trust Access
Session Recording
Just-In-Time Access
Browser-Based
Getting Started
How It Works
1. Connect Identity Provider
Integrate with Okta, Azure AD, Google Workspace, or any SAML/OIDC provider in minutes.
2. Add Resources
Register your servers, databases, and web apps. Define role-based access policies.
3. Secure Access
Users access resources through the browser with identity verification, session recording, and audit logs.
Ready for Gateway Failover?
Deploy in minutes. No legacy VPN required. No credit card required.