Dual 10G Zero Trust Security Gateway with 4-Port 10/100/1000T

Dual-10G Zero Trust VPN Gateway with FIDO2 Passwordless Management Access and Secure ZTNA Overlay Connectivity

The PLANET ZT-800 is an enterprise-grade Dual-10G VPN gateway designed to strengthen identity-based access control for secure gateway administration and encrypted inter-site connectivity. By integrating FIDO2 passkey authentication, TOTP-based MFA (multi-factor Authentication), and certificate-based login protection, the ZT-800 enforces Zero Trust principles at the management access layer—ensuring that only verified administrators can control critical network infrastructure.

To support secure connectivity across distributed deployments, the ZT-800 enables Zero Trust Network Access (ZTNA) overlay networking, allowing authenticated gateways to establish encrypted peer-to-peer tunnels without exposing internal services to the public Internet. This architecture simplifies secure branch-to-branch communication while reducing reliance on traditional perimeter-based VPN models.

Powered by a high-performance quad-core platform with dual 10G WAN interfaces, the ZT-800 delivers high-throughput encrypted networking for enterprise branches, infrastructure sites, and industrial edge environments. It supports multiple VPN technologies—including IPSec, OpenVPN, WireGuard, GRE, PPTP, and L2TP—ensuring flexible interoperability across hybrid network architectures.

With Secure Boot protection and Post-Quantum Cryptography (PQC)-ready TLS architecture, the ZT-800 strengthens platform trust integrity and prepares organizations for long-term cryptographic resilience against emerging quantum-era security risks.

Designed for secure distributed network deployments, the ZT-800 also provides:

• Dual-WAN failover and load balancing
• Advanced routing and segmentation capability
• IPv4/IPv6 dual-stack readiness
• Secure gateway deployment for branch, industrial, and infrastructure networks

Zero Trust–Protected VPN Access with Passkey Authentication and MFA Enforcement

The ZT-800 introduces a secure VPN Portal designed to strengthen identity verification before VPN connectivity is established. By supporting FIDO2 passkey authentication, multi-factor authentication (MFA), and optional external RADIUS integration, the portal ensures that only verified users can obtain authorized OpenVPN or WireGuard client configurations.

Unlike traditional VPN deployment models where credentials alone grant tunnel access, the ZT-800 enforces identity validation at the profile provisioning stage—reducing the risk of unauthorized VPN distribution and strengthening access control across remote users and distributed teams.

This identity-aware VPN onboarding mechanism enables organizations to implement Zero Trust principles for remote connectivity while maintaining compatibility with widely deployed VPN client infrastructures.

Secure Boot for Trusted System Integrity

The ZT-800 incorporates a Secure Boot mechanism to ensure that only authenticated and trusted firmware can be executed during system startup. This hardware-based protection prevents unauthorized or tampered firmware from being loaded, safeguarding the device against malicious attacks at the system level and ensuring a trusted foundation for network security.

Automatic Failover between Dual WAN

With its fiber and copper dual WAN interfaces—10GBASE-X SFP+ and 10GBASE-T—the ZT-800 ensures continuous Internet connectivity through automatic failover. Administrators can freely set the WAN priority, and when the primary link becomes unavailable, the secondary WAN interface takes over instantly. This design guarantees reliable, always-on network uptime for mission-critical applications.

Flexible WAN interface Enables Extension of Network Deployment

The ZT-800 is equipped with both copper and fiber WAN interfaces, featuring an SFP+ slot that supports a wide range of SFP+ and SFP transceivers for FTTx and long-distance extensions. Administrators can select SFP+ and SFP modules according to distance requirements:

• Multi-mode fiber: 550 m to 2 km
• Single-mode / WDM fiber: 10 km, 20 km, 30 km, 40 km, 50 km, 60 km, 70 km, up to 120 km

This capability allows the device to efficiently uplink to backbone switches or monitoring centers over long distances.

Cybersecurity Network Solution to Minimize Security Risks

The cybersecurity feature included to protect the switch management in a mission-critical network virtually needs no effort and cost to install. For efficient management, the ZT-800 is equipped with HTTPS web and SNMP management interfaces. With the built-in web-based management interface, the ZT-800 offers an easy-to-use, platform independent management and configuration facility. The ZT-800 supports SNMP and it can be managed via any management software based on the standard SNMP protocol. With support for advanced security mechanisms such as Secure Boot and PQC TLS readiness, the ZT-800 ensures long-term protection against evolving cyber threats, including quantum-era attacks.

Excellent Ability in Threat Defense

The ZT-800 with built-in SPI (stateful packet inspection) firewall and DoS/DDoS attack mitigation functions provides high efficiency and extensive protection for your network. Thus, virtual server and DMZ functions can let you set up servers in the Intranet and still provide services to the Internet users.

High-Availability VPN Security Router Designed for SMB Applications

The ZT-800 ensures strong data privacy and secure remote access through its comprehensive VPN suite. It supports IPSec VPN with DES/3DES/AES encryption and MD5, SHA-1, SHA-256, SHA-384, and SHA-512 authentication, as well as GRE tunneling, SSL VPN, PPTP, L2TP, and WireGuard for modern, lightweight, high-speed encrypted connections. With this extensive VPN capability, the ZT-800 provides secure, flexible, and resilient connectivity for branch sites, remote workers, and sensitive business operations.

Flexible Routing with NAT Disable Capability

The ZT-800 supports NAT disable functionality, allowing it to operate in pure routing mode for advanced network deployment scenarios. This feature is particularly beneficial for environments requiring end-to-end IP transparency, such as enterprise backbone networks, data centers, or integration with upstream security systems. By disabling NAT, administrators can achieve greater control over traffic flow and routing policies.

Maximizing Work Efficiency with PLANET SD-WAN Gateway

PLANET ZT-800 incorporated in SD-WAN (software-defined wide area network) function can greatly increase WAN optimization for multiple WAN links to be managed. With SD-WAN, users can connect any application across all available network connections at every site. It improves application performance and provides a high-quality user experience for increasing business productivity and reducing IT costs.

Integrated Wi-Fi Management for Secure and Easy Deployment

The ZT-800 integrates an AP Controller, Captive Portal, RADIUS authentication, and DHCP server to streamline Wi-Fi deployment for small and medium-sized businesses. These built-in services eliminate the need for external servers, enabling administrators to centrally manage APs, enforce access policies, and deliver secure employee and guest Wi-Fi networks with reduced setup complexity.

Centralized Remote Control of Managed APs

Through its intuitive web-based interface, the ZT-800 allows easy centralized control of PLANET Smart APs, with simple configuration of SSIDs, radio settings, and security policies. A quick four-step setup pushes wireless profiles to multiple APs or groups at once, enabling fast rollout and reduced deployment cost.

Administrators can cluster APs of the same model for unified management, flexibly expand or remove APs, and perform bulk provisioning or firmware upgrades—all from a single control point. This ensures scalable, efficient, and low-maintenance Wi-Fi management.

Intelligent SFP Diagnosis Mechanism

The ZT-800 supports SFP-DDM (digital diagnostic monitor) function that greatly helps network administrator to easily monitor real-time parameters of the SFP, such as optical output power, optical input power, temperature, laser bias current, and transceiver supply voltage.