Service providers, MSPs, and distributed enterprises all share a universal bottleneck: you cannot deploy advanced security everywhere if every location requires new hardware, complex tunnels, or constant backhauling through PoPs.
Zenarmor SASE 2.2 release changes that.
Zenarmor now installs directly on OpenWRT, the world's most widely used CPE/router platform, instantly converting existing gateways into fully capable SASE enforcement points.
This is a game-changer for ISPs, MSPs/MSSPs, and any organization with distributed edges.
Why OpenWRT Matters
OpenWRT isn't just "router firmware."
It is the de facto operating system running on millions of ISP-provided routers and CPEs across homes, remote offices, and SMB branches.
By running Zenarmor directly on OpenWRT, service providers can now deliver:
- SASE-powered internet protection
- IoT and unmanaged device security
- Branch/home-office visibility
- DNS, TLS, and traffic inspection
- Real-time Zero Trust enforcement
All without shipping new hardware or rerouting traffic to PoPs.
For ISPs: New Revenue, Zero Hardware
ISPs can now offer: "SASE-as-a-service on your existing gateway."
Key benefits:
- No truck rolls
- No additional appliance
- No bandwidth tax
- No reliance on centralized PoPs
Security happens on the path to the internet, inside the customer's existing router. This dramatically improves performance, reduces operational overhead, and creates premium service tiers instantly.
For MSPs/MSSPs: True SASE on CPEs You Already Manage
Most MSP networks rely on OpenWRT-based gateways. With Zenarmor on the device:
- You can extend SASE and SSE into any small office or remote location
- You can enforce Zero Trust even when you cannot touch the endpoint
- You can protect IoT and OT networks that cannot run agents
This turns "dumb edge routers" into smart security nodes with no forklift upgrades.
For Enterprises & Mid-Market: Powerful, Agentless Edge Protection
OpenWRT support means:
- Remote sites, contractors, and small branches get full SASE protection
- IoT-heavy environments gain instant inspection and filtering
- Zero Trust policy enforcement happens before traffic ever leaves the site
And because Zenarmor is single-app, single-stack, single-pass, the performance impact is minimal compared to traditional security appliances.
Why This Is Better Than Traditional PoP-Based SASE
Most traditional SASE vendors require:
- Backhauling all traffic
- Sending it through central inspection points
- Paying for bandwidth and compute in the vendor's cloud
Zenarmor on OpenWRT does the opposite:
- No backhaul
- No cloud dependency
- No PoP bottlenecks
- No degraded UX
Security lives at the edge, not in someone else's cloud.
OpenWRT + Zenarmor = SASE Everywhere
This integration clearly demonstrates the power of Zenarmor's SASE Anywhere Architecture™:
One App. One Stack. One Pass.
Every edge becomes a SASE edge.
Whether it is a home user, a micro-branch, a retail location, or a multi-tenant ISP environment, Zenarmor delivers consistent protection without new infrastructure.
Next Steps
Service providers, MSPs, and distributed enterprises can begin deploying Zenarmor on OpenWRT immediately.
Lighthouse opportunities are now available for early implementers.
With the Zenarmor SASE 2.2 release, OpenWRT support turns the world's most widely deployed router platform into a full SASE edge at scale, bringing true SASE-as-a-service to your existing gateway and removing the need for expensive hardware refreshes.
For details of the release please check the documentation: Zenarmor SASE 2.2 Release
