ORBTR vs FortiZTNA
FortiZTNA requires a FortiGate appliance at every network edge plus FortiClient EMS for endpoint management. ORBTR replaces the entire appliance stack with a single lightweight agent and distributed Edge Endpoints.
Key differences
Agent-native mesh
One agent handles device management, mesh networking, and L3–L7 policy enforcement. No hardware appliances, no firmware patching, no capacity planning. Edge Endpoints are promoted agents running on your own hardware — not dedicated infrastructure.
- ✓ Zero hardware to rack or manage
- ✓ Direct device-to-device P2P connections
- ✓ Per-device pricing, unlimited users
- ✓ Full device management built in
- ✓ Mesh-propagated policy (works offline)
Appliance-dependent
FortiGate appliances at every edge, FortiClient EMS for endpoint management, FortiSwitch for network enforcement. Powerful but hardware-bound — capacity planning, firmware patching, and appliance licensing dominate operational cost.
- × FortiGate appliance required at each edge
- × Hub-and-spoke — all traffic routes through gateway
- × Per-appliance + FortiCare licensing
- × VPN + posture only — no fleet management
- × Limited offline operation
Side-by-side comparison
| Capability | ORBTR | FortiZTNA |
|---|---|---|
| Hardware required | None | FortiGate + FortiSwitch |
| Licensing model | Per device, unlimited users | Per appliance + FortiCare renewals |
| Agent scope | Management + networking | VPN + posture only |
| Architecture | Mesh P2P | Hub & spoke |
| P2P connections | Yes — direct device-to-device | No — all traffic routes through FortiGate |
| Network layers | L3 – L7 (Virtual Wire) | L3 – L7 |
| Offline operation | Full mesh + cached policies | Limited FortiClient cache |
| Policy propagation | Mesh gossip (offline capable) | FortiGate push (requires connectivity) |
| Device management | Jobs, scripts, inventory, remote access | FortiClient EMS (separate product) |
| DNS policy | Full engine + mesh-assisted resolution | FortiGuard DNS filtering |
| Encrypted transport | Noise protocol + Ed25519 | IPSec / SSL VPN |
| Setup complexity | Single agent install | Appliance deployment + EMS setup |
| Firmware updates | Staged rollouts with auto-rollback | Manual FortiOS upgrades per appliance |
| Free tier | 9 devices forever | — |
When to choose ORBTR over FortiZTNA
You want to eliminate hardware
If managing FortiGate appliances, firmware updates, and capacity planning is eating your team's time, ORBTR removes that entire layer. The agent is the data plane.
You need device management too
FortiZTNA handles networking but not fleet management. With ORBTR, jobs, scripts, inventory collection, and remote access are built into the same agent — no separate EMS product.
You operate across distributed sites
Hub-and-spoke architectures struggle with branch offices and remote workers. ORBTR's mesh connects every device directly, with Edge Endpoints providing relay only when P2P fails.
You want predictable pricing
No appliance licensing, no FortiCare renewals, no per-user fees. ORBTR charges per device with unlimited users on every plan. 9 devices free forever.