Our add-ons give you the power to enhance your ARP-GUARD environment. For example, you can strategically extend the functional scope of your operations using ARP-GUARD in the Cluster or Endpoint to define and check the compliance status of your windows-based end devices. The Captive Portal add-on securely guides your guests and service providers through your WLAN as well as your LAN to the services you have defined.

ARP-GUARD Endpoint add-on

Is your corporate network able to cope with the different demands it faces? 

From the corporation's point of view, the focus is on security and availability, as well as compliance with statutory requirements. Users, on the other hand, want to be able to work fast with as few disruptions as possible. ARP-GUARD is the solution which fulfils these two contrary requirements by helping IT administrators to create the conditions needed by both parties. It relieves users of time-consuming and complex administrative tasks, allowing them to concentrate on the company's core competency. At the same time, ARP-GUARD rigorously implements your corporate policies and secures your business processes. More and more companies are using ARP-GUARD to internally protect their infrastructure and deny network access to unknown devices. However, in an increasingly mobile working world, IT security faces further challenges still: How are laptops handled which have been away on a business trip for a while? How can it be guaranteed that they are recognised and contain the compulsory virus software and operating system updates?

The effort required to manually check each device for the latest virus software and operating system updates is so immense that this is not a realistic option. The ARP-GUARD Endpoint add-on, on the other hand, automatically performs these security tasks. Besides uniquely identifying company-owned as well as unauthorised end devices in the network, it also checks the security status of devices. A recognised end device with out-of-date virus software or missing operating system updates will be initially placed in the quarantine VLAN. Only after all updates have been successfully installed and checked will ARP-GUARD push the end device into its accustomed working environment.

Among other things, the ARP-GUARD Endpoint add-on uses the WMI protocol to check the security status of Windows clients. Other possibilities include communication monitoring between the AV server and clients, and the evaluation of traps and syslog messages. No client software has to be installed on the end device. No valuable time is lost manually checking the security status of individual devices. ARP-GUARD fetches the security-relevant data from the device and processes it automatically in accordance with your company’s rules. A green, yellow or red flag quickly and visibly indicates the status of the device. The WMI protocol makes ARP-GUARD independent of anti-virus vendors. You can also fetch security features from your end devices that you've defined yourself. Thanks to the intelligent combination of network access control and endpoint security, ARP-GUARD boosts the security of your infrastructure. The open system architecture of the ARP-GUARD solution also protects your investment.


ARP-GUARD Captive Portal add-on

The Captive Portal add-on provides your guests, customers and service technicians with barrier-free, controlled access to the network. You can regulate how guest and external components, such as smartphones and laptops, access your LAN and WLAN. Access is controlled by a dynamic firewall. Functions such as self-registration, tickets or SMS systems can be additionally used.


Network Access Control

  • RADIUS / 802.1X /EAP with and without certificate
  • MAC authentication
  • Central port security system
  • Ticket system for guests with self-registration

VLAN management

  • Segregation of production areas
  • Dynamic and static allocation
  • Guest and quarantine area
  • User-defined rules

Layer 2 IPS

Protection from the dangers posed by:

  • Man-in-the-middle attacks
  • ARP poisoning
  • MAC flooding
  • MAC spoofing
  • IP spoofing

Network Manager

  • Current inventory lists of all end devices (IP, MAC, port)
  • Topology diagram
  • Changes to addresses or allocations logged
  • User-defined reporting
  • DHCP server queries

Endpoint Security

  • Monitoring of the individual end devices for operating system and AV update status
  • Quarantine management
  • No client software on the end devices!