Network Microsegmentation
[](/)
Guides
Advanced Networking
Network Microsegmentation
On this page
Devices can join multiple networks at once. Networks are free on my.zerotier.com. Each network can have its own Network Flow Rules. "Network A allows only RDP traffic." for example.
Easy
Automatic authorization of nodes with SSO/OIDC
Multiple sets of subnets, IP addresses, etc… to maintain. Can be automated with Terraform.
Mobile devices can connect to only 1 network at a time
Create a ZeroTier network for each role: Red, Green, and Blue. Or: Sales, HR, IT. Or: Dev, Prod, Staging. Or: Customer A, Customer B
Join shared resources to multiple networks
Join users to the networks they need access to
Tag network members with roles.
Fine grained, low-level access control
One network config and set of members to maintain
Tricky to build rule sets
Rules not integrated with OIDC yet
Create a network
Use the Flow Rules to segment the network
Here is the simplest possible ZeroTier Flow Rules example. More complex rules can be mixed in with these. See the docs or contact us for help.
Replace the default rules with:
Devices will be able to talk only if they have at least one overlapping role. The tagging system is based on bitwise math, which we won't try to explain here. Basically: Rename "red" "green" and "blue" with your real role names. Add more roles by adding flags in increasing order: flag 3 yellow, flag 4 indigo
After saving a rule set with tags. A tag interface appears below:
Guides
Advanced Networking
Network Microsegmentation
On this page
Create a network for each role[](#create-a-network-for-each-role "Direct link to Create a network for each role")
Devices can join multiple networks at once. Networks are free on my.zerotier.com. Each network can have its own Network Flow Rules. "Network A allows only RDP traffic." for example.
Pros[](#network-pros "Direct link to Pros")
Easy
Automatic authorization of nodes with SSO/OIDC
Cons[](#network-cons "Direct link to Cons")
Multiple sets of subnets, IP addresses, etc… to maintain. Can be automated with Terraform.
Mobile devices can connect to only 1 network at a time
Summary[](#network-summary "Direct link to Summary")
Create a ZeroTier network for each role: Red, Green, and Blue. Or: Sales, HR, IT. Or: Dev, Prod, Staging. Or: Customer A, Customer B
Join shared resources to multiple networks
Join users to the networks they need access to
ZeroTier Network Flow Rules[](#zerotier-network-flow-rules "Direct link to ZeroTier Network Flow Rules")
Tag network members with roles.
Pros[](#rules-pros "Direct link to Pros")
Fine grained, low-level access control
One network config and set of members to maintain
Cons[](#rules-cons "Direct link to Cons")
Tricky to build rule sets
Rules not integrated with OIDC yet
Summary[](#rules-summary "Direct link to Summary")
Create a network
Use the Flow Rules to segment the network
Here is the simplest possible ZeroTier Flow Rules example. More complex rules can be mixed in with these. See the docs or contact us for help.
Replace the default rules with:
tag role id 1 default 0 flag 0 red flag 1 green flag 2 blue;drop tand role 0;accept;Devices will be able to talk only if they have at least one overlapping role. The tagging system is based on bitwise math, which we won't try to explain here. Basically: Rename "red" "green" and "blue" with your real role names. Add more roles by adding flags in increasing order: flag 3 yellow, flag 4 indigo
After saving a rule set with tags. A tag interface appears below:
Updated on: 12/07/2024
Thank you!