SiperOne
TREN
All products

AnchorNAC

Know every device on your network.

Full network access control with 802.1X, a policy engine, device inventory, posture assessment and BYOD — plus built-in guest portal with corporate/guest network separation.

Request a demo
~500
Endpoints
Enterprise
802.1X
TEAP / TLS
4 hours
Offline RADIUS
4+
Certified vendors

Key features

802.1X + RadSec

TEAP/TLS + RADIUS with dynamic VLAN assignment. RadSec (RFC 6614) for encrypted RADIUS transport.

Policy engine + simulation

YAML rule-based, explainable access decisions. What-if simulation before deployment.

Inventory, profiling & drift detection

OUI + DHCP + HTTP fingerprinting with p0f passive OS detection. Alert on hardware profile drift.

Posture + auto-remediation

Linux (LUKS, UFW, clamd), Windows (BitLocker, Defender, firewall), macOS (FileVault, Gatekeeper). Signed script auto-fix.

Guest portal & isolation

Built-in captive portal (SMS, WhatsApp, sponsor, SAML) with full corporate/guest VLAN separation.

BYOD + Intune

PKI/SCEP certificate provisioning (iOS MDM, Android DPP QR, macOS). Microsoft Intune compliance lookup.

TACACS+ (RFC 8907)

Command-level authorization, enable auth and full audit trail for network device admin access.

Dynamic ACL

User/role-based firewall rules pushed to FortiGate, Sophos, SonicWall and Palo Alto via vendor API.

How it works

Identity → policy → segment → access

  1. 1

    Authenticate

    Corporate devices via 802.1X; guests via captive portal (SMS, sponsor, voucher).

  2. 2

    Apply policy

    The YAML policy engine decides: corporate VLAN, guest VLAN, or quarantine.

  3. 3

    Check posture

    Corporate devices are assessed for encryption and patching; guests are isolated.

  4. 4

    Segment & connect

    Dynamic VLAN routes each device to the right network — full guest/corporate separation.

5651

Two compliance modes

Correlation mode

Firewall syslog + NAC session table = enriched access record.

Inline mode

The Edge N100 bridges traffic and captures the destination (HTTP Host, TLS SNI, DNS) directly.

Multi-vendor network support

Cisco CatalystAruba CXFortiGateMikroTikHuawei VRPSonicWallCisco CatalystAruba CXFortiGateMikroTikHuawei VRPSonicWall

Roadmap: Sophos · Palo Alto · UniFi

Packages

AnchorNAC Enterprise

~500 endpoints

₺399,900/ year

Multi-site, multi-vendor mid-to-large networks.

  • Cloud-managed N100 edge
  • Full NAC + guest portal
  • Posture + Intune + Dynamic ACL
  • 5651 inline + daily TSA
Request a demo

AnchorNAC Sovereign

Unlimited

₺799,900/ year

Government, defence, air-gapped networks.

  • Fully on-premises
  • Air-gap + local TSA
  • Offline continuity
  • High availability
Request a demo

Edge hardware

Edge N100 appliance

Intel N100, fanless, 2×GbE, 16 GB RAM, 1 TB NVMe SSD. Hardened Linux: LUKS + dm-verity + RAUC A/B OTA with cosign-signed updates.

Zero Touch Provisioning

Plug in, enter enrollment token — the edge configures itself and syncs with cloud. No manual setup.

Offline continuity

If the internet drops, RADIUS keeps running locally for up to 4 hours. On-prem: full continuity.

Take control of your network

Let's find the right package for you. Start with a short demo.

Request a demo