Zero Trust Where the Internet Doesn't Reach.
Access Gate operates fully on-premise. No cloud control plane. No internet required. Deploy in classified facilities, SCIFs, air-gapped substations, and isolated OT networks.
Trusted by leading companies
The Air-Gap Challenge
Most Zero Trust solutions assume persistent internet connectivity. Their control planes run in the cloud. Their policy engines pull configuration from SaaS portals. Their agents require update infrastructure that phones home on a schedule. In air-gapped environments, classified networks, and isolated OT segments, none of this works.
Agent-based tools require continuous connectivity for signature updates and telemetry. SaaS security portals are unreachable from SCIFs, substations, and classified enclaves. Tools that phone home violate data residency requirements, classification rules, and operational security constraints. The result: organizations either deploy no Zero Trust at all, or they punch holes in the air gap to accommodate the security tool, defeating the purpose of the isolation.
Built for Disconnected Operations
Every component of Access Gate runs on-site. Nothing leaves the network perimeter.
Fully On-Premise Control Plane
No cloud, no SaaS. The management UI runs locally on the appliance. Policy creation, enforcement, and monitoring all happen on-site. The appliance is the control plane.
Self-Hosted Overlay Networking
Uses flexible IP range contained within the site perimeter. Compatible with fully air-gapped coordination. All DNS and routing steering happens on-site.
Offline Update Delivery
Software updates delivered via USB, internal network share, or air-gap-compatible media. No internet download required. The appliance verifies signed images locally before applying.
Local Log Retention
Audit logs stored on-device. Export to on-site SIEM via syslog or local file export. No external log shipping. All evidence stays within the network perimeter.
Deployment Architectures
Physical Appliance in Classified Facility
Rack-mount, connect to switch, power on. Initial configuration via local web console. No activation server, no license phone-home. The appliance is operational from first boot with no external dependency.
VM on Air-Gapped Hypervisor
Import OVA into VMware, Proxmox, or FreeBSD bhyve. Assign network interfaces. Start. Same local activation flow. Works on any x86 hardware that meets the spec. No external orchestration required.
Compliance in Air-Gapped Environments
CMMC
CUI enclave with full audit trail. No CUI leaves the site. C3PAO evidence generated locally from on-device logs and policy exports. Compensating controls for OT assets documented and enforceable without cloud dependency.
NIS2
Incident detection and logging without cloud dependency. All session data, access events, and policy violations recorded on-premise. Exportable to local SIEM for incident response workflows.
NERC CIP
Asset inventory and access control for substations with no internet path. Identity-based session control for all electronic access to BES Cyber Systems. Audit logs retained on-site for compliance evidence.
Common Questions About Air-Gapped Deployment
External dependencies required to operate Access Gate in an air-gapped environment.
No. Activation is local. Operation is local. Updates are delivered offline. There is no license server, no cloud control plane, no telemetry.
Updates are packaged as signed images that can be transferred via USB drive, internal file share, or any air-gap-compatible media. The appliance verifies the signature locally before applying.
Yes. The management UI runs on the appliance itself. It is accessible only from the local network. There is no external portal, no cloud dashboard, no remote management path unless you create one.
Access Gate is deployed in restricted environments including facilities that handle classified information. All data, policies, and logs remain on-premise. The software is fully inspectable. Zero cloud dependency means zero data exfiltration risk from the security tool itself.
Deploy Zero Trust Without Internet
See Access Gate running in an air-gapped configuration. No cloud. No SaaS. No connectivity requirements.
Capability Statement
Full technical specifications, deployment options, and compliance coverage for Access Gate.
Talk to an Engineer
Discuss your air-gapped deployment requirements with someone who has done it before.