.. Genian NAC documentation: Compare Editions ================ .. only:: ztna_only |product_name| is available Enterprise edition. **Enterprise** | Provides visibility into network and IT assets. | Provides network access control according to IT security policy. | Provides advanced and automated IT security. .. list-table:: :widths: 2 5 1 :header-rows: 1 * - Category - Feature - Enterprise * - Visibility - Detect/Monitor IP-enabled Device - Yes * - - Device Platform Intelligence (Name, Type, Picture, EOL, Connection, CVE) - Yes * - - Switch Port Information - Yes * - - WLAN Monitoring / Security (Rogue/Misconfigured AP) - Yes * - - Basic Endpoint Information (OS, HW, Software) by Windows/macOS Agent - Yes * - - Condition based Dynamic Node Group - Yes * - - Customizable Dashboards (Over 100 Widgets) - Yes * - - Track Changes / Audit Logs - Yes * - - Network Anomaly Detection (MAC Spoofing, Rogue Gateway, Ad-hoc) - Yes * - - Basic Reports (Node, WLAN, Log) - Yes * - - Notification (Email/Text Message) - Yes * - - Custom Reports - Yes * - - Detect OSS usage and provide SBOM details for better software transparency - Yes * - - Classify endpoints based on threat scores - Yes * - User Authentication - Captive Portal Login (Web login) - Yes * - - Google Authenticator Support for Captive Web Portal - Yes * - - Active Directory SSO - Yes * - - External User Directory Integration (LDAP/RADIUS/SMTP/POP3/IMAP/SAML2) - Yes * - - FIDO (Biometric) authentication for administrator, Captive Web Portal and Agent - Yes * - - Multifactor Authentication (Text Message/Email/Google OTP) - Yes * - - Hardware security chip TPM EK-based device authentication - Yes * - Network Access Control - 802.1X based Control (RADIUS Server, EAP, MAB, VLAN Assign, CoA) - Yes * - - ARP based Layer 2 Enforcement - Yes * - - Port Mirroring (SPAN) based Enforcement - Yes * - - In-line Enforcement (Dual-homed Gateway) - Yes * - - Switch integration (SNMP) based Enforcement - Yes * - - DHCP based Enforcement (DHCP Server) - Yes * - - Role based Access Control - Yes * - - IP Address Management(IPAM) - Yes * - - Tag-Based Control of Users, Wlans and Devices/Nodes (E.g., Guest devices, temporary privileges, policy exemptions) - Yes * - Cloud Security - Cloud Workload Visibility - Yes * - - Policy server operation in the cloud - Yes * - - Automated Cloud Control using CLI Interface - Yes * - - Cloud Security Group Management - Yes * - Remote Work - ZTNA Client (SSL-VPN) - Yes * - - Always on ZTNA - Yes * - Zero Trust Network Access (ZTNA) - Role-base Access Control Permission Policy - Yes * - - Dynamic destination (Node Group) support in Permission object - Yes * - - ZTNA Cloud Gateway for Security Service Edge (SSE) - AWS, Azure, GCP - Yes * - - Secure Branch Tunneling (IPSec/GRE) - Yes * - - Traffic Visibility (netflow) - Yes * - - URL and Application Filtering - Yes * - - IP Mobility (VxLAN, Always on ZTNA) - Yes * - Desktop Management - Compliance Check (Antivirus, OS Update, Required SW, OS Settings) - Yes * - - OS Configuration (Screenlock, Internet Options, DNS) - Yes * - - Windows Update Management (Offline Update, Update Cache, Approval) - Yes * - - External Device Control (USB and etc.) - Yes * - - 802.1X Connection Profile Provisioning (Wireless/Wired) - Yes * - - EAP-GTC Plugin for Windows (Support Regacy Password Authentication) - Yes * - - WLAN Control (SSID Whitelist, SoftAP block) - Yes * - Integration - User Directory Sync (RDBMS, Active Directory, LDAP, Google) - Yes * - - Webhook / Syslog / SNMP trap (Outbound) - Yes * - - REST API (Inbound) - Yes * - - Syslog Server (Inbound) - Yes * - Business Process - User Consent Pages - Yes * - - Request/Approval via CWP (IP, Device, User, Guest User, External Device) - Yes * - - Role based Administrator - Yes * - - Custom Fields (Node, Device, User) - Yes * - - Custom Captive Portal Pages - Yes * - - Multilingual Support - Yes * - - Streamline repetitive tasks using workflow templates - Yes * - Scalability and Availability - High Availability (Policy Server / Network Sensor) - Yes * - - Interface Channel Bonding - Yes * - - Disaster Recovery (DB Replication, Redundant Policy Server) - Yes .. only:: nac60_only |product_name| is available in three editions: Basic, Professional, and Enterprise. **Basic** Provides visibility into network and IT assets. **Professional** Provides network access control according to IT security policy. **Enterprise** Provides advanced and automated IT security. | Your deployment can be built and upgraded step by step using each edition, | making it easier to build gradually with less cost. | Please refer to the function comparison table for each edition below to select | the product that suits you. .. list-table:: :widths: 2 5 1 1 1 :header-rows: 1 * - Category - Feature - Basic - Professional - Enterprise * - Visibility - Detect/Monitor IP-enabled Device - Yes - Yes - Yes * - - Device Platform Intelligence (Name, Type, Picture, EOL, Connection, CVE) - Yes - Yes - Yes * - - Switch Port Information - Yes - Yes - Yes * - - WLAN Monitoring / Security (Rogue/Misconfigured AP) - Yes - Yes - Yes * - - Basic Endpoint Information (OS, HW, Software) by Windows/macOS Agent - Yes - Yes - Yes * - - Condition based Dynamic Node Group - Yes - Yes - Yes * - - Customizable Dashboards (Over 100 Widgets) - Yes - Yes - Yes * - - Track Changes / Audit Logs - Yes - Yes - Yes * - - Network Anomaly Detection (MAC Spoofing, Rogue Gateway, Ad-hoc) - Yes - Yes - Yes * - - Basic Reports (Node, WLAN, Log) - Yes - Yes - Yes * - - Notification (Email/Text Message) - Yes - Yes - Yes * - - Custom Reports - - Yes - Yes * - - Detect OSS usage and provide SBOM details for better software transparency - - Yes - Yes * - - Classify endpoints based on threat scores - - Yes - Yes * - User Authentication - Captive Portal Login (Web login) - - Yes - Yes * - - Google Authenticator Support for Captive Web Portal - - Yes - Yes * - - Active Directory SSO - - Agent Based - Agentless * - - External User Directory Integration (LDAP/RADIUS/SMTP/POP3/IMAP/SAML2) - - - Yes * - - FIDO (Biometric) authentication for administrator, Captive Web Portal and Agent - - - Yes * - - Multifactor Authentication (Text Message/Email/Google OTP) - - Admin Only - Yes * - - Hardware security chip TPM EK-based device authentication - - - Yes * - Network Access Control - 802.1X based Control (RADIUS Server, EAP, MAB, VLAN Assign, CoA) - - Yes - Yes * - - ARP based Layer 2 Enforcement - - Yes - Yes * - - Port Mirroring (SPAN) based Enforcement - - Yes - Yes * - - In-line Enforcement (Dual-homed Gateway) - - Yes - Yes * - - Switch integration (SNMP) based Enforcement - - Yes - Yes * - - DHCP based Enforcement (DHCP Server) - - Yes - Yes * - - Role based Access Control - - Yes - Yes * - - IP Address Management(IPAM) - - Yes - Yes * - - Tag-Based Control of Users, Wlans and Devices/Nodes (E.g., Guest devices, temporary privileges, policy exemptions) - - Yes - Yes * - Cloud Security - Cloud Workload Visibility - - - Yes * - - Policy server operation in the cloud - - - Yes * - - Automated Cloud Control using CLI Interface - - - Yes * - - Cloud Security Group Management - - - Yes * - Desktop Management - Compliance Check (Antivirus, OS Update, Required SW, OS Settings) - - Yes - Yes * - - OS Configuration (Screenlock, Internet Options, DNS) - - - Yes * - - Windows Update Management (Offline Update, Update Cache, Approval) - - - Yes * - - External Device Control (USB and etc.) - - - Yes * - - 802.1X Connection Profile Provisioning (Wireless/Wired) - - - Yes * - - EAP-GTC Plugin for Windows (Support Regacy Password Authentication) - - - Yes * - - WLAN Control (SSID Whitelist, SoftAP block) - - - Yes * - Integration - User Directory Sync (RDBMS, Active Directory, LDAP, Google) - - - Yes * - - Webhook / Syslog / SNMP trap (Outbound) - - - Yes * - - REST API (Inbound) - - - Yes * - - Syslog Server (Inbound) - - - Yes * - Business Process - User Consent Pages - - - Yes * - - Request/Approval via CWP (IP, Device, User, Guest User, External Device) - - - Yes * - - Role based Administrator - - - Yes * - - Custom Fields (Node, Device, User) - - - Yes * - - Custom Captive Portal Pages - - - Yes * - - Multilingual Support - - - Yes * - - Streamline repetitive tasks using workflow templates - - - Yes * - Scalability and Availability - High Availability (Policy Server / Network Sensor) - - - Yes * - - Interface Channel Bonding - - - Yes * - - Disaster Recovery (DB Replication, Redundant Policy Server) - - - Yes