Defguard 2.0 stable | High Availability, new UX, more secure and easier to use.

Hey!
Defguard 2.0 stable is here! 🎉
After months of development, alpha and beta testing, and hundreds of pull requests from the team - the final 2.0 release is ready for production. This is the biggest release in Defguard's history: a completely rebuilt UI, a new security architecture, High Availability, automatic component adoption, and much more.

🔒 Security first
Before shipping, 2.0 was fully pentested by our security partner ISEC alongside Striga.AI. All major findings were resolved prior to release. The full report will be published on our pentesting page shortly.
New in this release: mTLS for all gateway and proxy communication - mutual TLS now secures every internal component connection end-to-end.
What's new in Defguard 2.0
- Setup & adoption wizards - new instance wizard, migration wizard, and automated component adoption. Point Core at a gateway address and it handles discovery, certificate issuance, and configuration automatically.
- Completely redesigned UI/UX - rebuilt from the ground up by a professional designer. Cleaner tables, contextual help on every settings page, and a new onboarding flow.
- High Availability - deploy multiple gateways per location in active-active configuration for resilient, uninterrupted VPN connectivity.
- Built-in SSL termination - no reverse proxy needed. Core and Edge auto-provision and manage TLS certificates, including automatic Let's Encrypt renewal.
- Static IP assignment - assign fixed IP addresses to users and devices across all networks, from the user list or device context menu.
- Refined firewall management - explicit toggles for addresses, ports, and protocols; aliases and destinations split into dedicated sections for clarity.
- LDAP / Active Directory auto-enrollment - automatically initiate enrollment for every synced user, including remote enrollment support.
- Video tutorial library - searchable, step-aware tutorials built directly into the UI, exactly where you need them.
- OVA virtual images - deploy all components in a single image for testing, or each component separately with Cloud-Init options.
⬆️ Upgrading from 1.x
A guided migration wizard walks you through every step - certificate configuration included. We officially support version 1.6 with bug and security fixes until October 31, 2026, giving you 6 months to migrate at your own pace.
Read the migration documentation →
⚠️ Licensing change
Business features previously available without a license now require a free registration. If you were using these features without a license, you'll need to register to continue.
The good news: we've raised the free tier to 10 users and 30 devices.
Get your free Business license →
We've also introduced a new flexible Business license - choose the number of users, locations, and support level that fits your organisation. No more one-size-fits-all pricing; scale the license to match your actual needs.
Try Defguard 2.0
See the new UI, setup wizards, and High Availability in action - Kamil walks through the full 2.0 release in this video:
Ready to try it yourself? You can be up and running in minutes:
- 🚀 One-line install script - the fastest way to get started (⚠️ only for demo purposes!)
- 📦 OVA virtual image - spin up a test environment as a VM
Need to test the full enterprise feature set? Request a free 30-day evaluation license and we'll support your PoC end to end. Enterprise features include:
- High Availability - active-active multi-gateway deployments per location
- Always-on VPN - enforce continuous VPN connectivity for managed devices, ensuring they're always protected regardless of user action
- Pre-logon VPN - establish the VPN tunnel before the user logs in, enabling domain authentication and policy enforcement from boot
Get an enterprise evaluation license →
⏭ What's next
We're adopting a new release policy: one large feature per release, shipped as fast as possible.
- 2.1 - Device Policy Postures: verify that devices meet specific security and configuration requirements before granting network access. Detailed roadmap →
- 2.2 - Device Attestation: cryptographically verify a device's hardware identity to confirm it is a known and trusted machine. Detailed roadmap →
💬 Join the community
Defguard is open source and trusted by teams across Europe. Thanks to everyone who tested the alpha and beta - your feedback directly shaped this release. 🙏
- GitHub Discussions
- Report a bug
- ⭐ Star us on GitHub - it helps more than you think
The Defguard Team

Add a comment: