Access Gate does not require you to redesign your network. It adapts to what is already there, DNS, routers, managed or unmanaged switches, even non-routed and exotic setups, and deploys the strongest Zero-Trust posture your topology allows.
Use the explorer below to see the recommended deployment for your environment: where the Access Gate sits, how much Zero-Trust coverage you get, and the migration path to get there.
Full vs partial Zero-Trust
- Full Zero-Trust is available whenever the Access Gate can see and broker every relevant flow. That is typically the case when the network is routed and you have DNS or a managed switch to steer traffic through the overlay.
- Partial Zero-Trust applies when some traffic stays purely at layer 2 and never reaches the Access Gate, for example with unmanaged switches or non-routed, exotic protocols. The Access Gate still protects everything it sees and can filter at L2 by EtherType or MAC, but flows it never observes are out of scope.
What drives the decision
Three properties of your existing network determine the deployment:
- Routing: whether communications are routed and routable, or non-routed (exotic and custom).
- What is on the network: DNS, a router (no DNS), or a switch only (no DNS or router).
- Switch type: managed (supports PVLAN and VLAN steering) or unmanaged.
From these, the Access Gate is positioned as an inline peer of your router, in place of your router, or as an aggregation switch, and the Secure Twin overlay carries the migrated assets without touching production.
Next steps
- Quick start: stand up an Access Gate and one protected enclave in about 15 minutes.
- Architecture overview: the deployment modes in depth.