[mwest217]

How does this compare with e.g. Tailscale?

[jamilbk]

Good question! The main difference is how access is managed. Instead of configuring ACLs, you define policies which are a 1:1 mapping between a user group (manually created or synced from your IdP) and the resource you want to allow access for. Another difference is how our load balancing / failover system works - it's automatic across all the Gateways in a particular Site.

[SeriousM]

For me as very simple customer with a few devices, is that a benefit? I didn't configured any acls in my little vpn town.

[jamilbk]

For simple access needs, in Firezone you would likely configure a CIDR resource and grant the Everyone group access to it, which mimics the setup of a traditional VPN. It is a couple extra clicks, though.

[mrbluecoat]

There's a chart on the homepage comparing to Tailscale and Twingate.

One difference not listed is MDM support. https://www.firezone.dev/kb/deploy/clients#provision-with-md... just tells you where to find the app but there's no parameters for configuring Firezone via zero-touch.

It's also not clear if Gateways can serve as Exit Nodes for egress clients (like a traditional VPN).

Lastly, Firezone Clients support only DNS over UDP/53 at this time. DNS-over-TLS and DNS-over-HTTPS upstream servers are not supported yet.

[jamilbk]

We don't support full-tunnel yet, but it's just around the corner. Track this issue if you're interested in its progress: https://github.com/firezone/firezone/issues/2667