Platform Features
8 integrated capabilities. One appliance. Zero cloud dependency.
Device & Site Management
Maintain a comprehensive inventory of every network device and the sites they live in. Track lifecycle state, monitor health, and organize your infrastructure from site down to rack position.
Multi-Vendor Inventory
Manage routers, switches, firewalls, access points, and more across vendors in a single inventory. Broad SSH-based platform support with new vendors added regularly.
Site & Location Hierarchy
Organize devices by site, building, and closet. Full location hierarchy from site down to rack position gives you a complete physical view of every managed device. SNMP sysLocation is automatically parsed to extract room, rack, and elevation when devices are polled.
Lifecycle Management
Track every device through active, maintenance, retired, and decommissioned states with full status history.
Automated Health Monitoring
Automated polling at configurable intervals with color-coded health indicators. Track device status in real time — see what is up, what is down, and what is in maintenance at a glance.
Site Contacts & Documentation
Attach contacts, diagrams, and rack drawings to every site. Site contacts are automatically notified during change events affecting their location.
Device Notes
Timestamped notes per device for tracking operational history, known issues, and maintenance records.
Configuration Repository
Automatically collect, version, search, and compare network device configurations. Your single source of truth for every running config on the network.
Automated Collection
SSH-based configuration collection powered by a multi-threaded C++ engine. Schedule collection intervals to maintain a continuously updated repository.
Version History
Maintain the latest version plus multiple historical versions per device. See exactly when each configuration was collected.
Power Search
Search across collected configurations quickly. Find which devices have a specific setting, which are missing a required configuration, or where a particular ACL, route, or interface command appears across your managed network.
Config Comparison
Side-by-side diff view with syntax-aware highlighting. Compare any two versions of any device configuration.
Config Archive
Long-term historical storage with configurable retention policies. Maintain compliance-required configuration history.
Change Assurance
The core differentiator. ConfigGuard™ provides end-to-end change management built around three pillars: ITIL-aligned change classification that surfaces unauthorized activity, full-lifecycle change notifications with stakeholder distribution, and pre/post validation that proves what actually changed. Backed by automatic Maintenance status flagging, change calendar visibility, and blast radius analysis — capabilities purpose-built for network operations, not bolted onto a generic monitoring tool.
Change Register
Each detected configuration change is automatically classified per ITIL — Standard, Normal, Emergency, or Unauthorized — and linked to the Change Request or Incident that authorized it. The drift you can’t explain is what shows up in the operator’s queue. Audit trail suitable for compliance review.
Change Notifications
Full lifecycle management — Scheduled, Started, Completed, Backed Out, and Failed — with one-click transitions, configurable email templates, and automated stakeholder distribution. Backout and failure reasons are tracked to build institutional knowledge.
Pre/Post Validation
Capture full network state before and after a planned change — config, interfaces, routes, ARP, MAC, and VLANs — then diff it all in one view. A six-tile Validation Impact dashboard surfaces what came back, what didn’t, and what’s new. Bookend ping sweeps seed ARP/MAC pre-change and confirm reachability post-change.
Maintenance Status
Devices and sites are automatically placed in Maintenance status during scheduled changes, alerting the team that work is in progress. Reference-counted tracking handles overlapping change windows correctly.
Change Calendar
Calendar view of all scheduled maintenance windows. Visualize change density and identify scheduling conflicts before they happen.
Blast Radius Analysis
L3 routing impact analysis and VLAN gateway identification. Exportable SVG network maps and PDF reports for stakeholder review and compliance records.
Network Discovery
Automatically discover devices on your network using SSH-based CDP and LLDP neighbor walking. Build topology maps and surface unknown or unexpected connected devices.
Multi-Method Discovery
Combine ping sweeps, SSH queries, and CDP/LLDP neighbor walking for comprehensive network discovery.
Topology Mapping
Visual topology maps generated from discovered neighbor relationships. See how your network is actually interconnected.
Unknown Device Detection
Identify unknown or unexpected devices appearing on your network. Maintain awareness of what is connected.
Discovery Scheduling
Configure discovery intervals, scope, seed devices, and target networks. Run on demand or on a recurring schedule.
Asset Discovery
Network Discovery finds the gear that runs your network — routers, switches, firewalls, wireless. Asset Discovery surfaces everything else that talks on it: servers, out-of-band management (iDRAC, iLO, BMC), printers, UPS units, IP phones, IoT, and workstations — auto-classified, fingerprinted, and reconcilable against your IT asset register.
Auto-Classification
Each non-network host is automatically tagged as server, BMC, IoT, printer, UPS, phone, or workstation based on open ports, service banners, OUI vendor, and OS fingerprint signals. Network gear stays in the managed inventory; everything else is parked in the asset view.
Host Fingerprinting
Per-host detail pulled at discovery time: MAC address with OUI vendor lookup, reverse DNS, open ports, service banners, OS fingerprint, plus IP-context — routing-resolved site and device for private addresses, country / ASN / flag emoji for public ones. The data your auditors want is already there when they ask.
ARP Cross-Reference
Asset detail surfaces directly inside Port Mapper. Click any ARP entry and see the fingerprint for the host on the other end of the cable — bridging the physical port to the logical asset in one view.
Re-Probe Workflow
Hosts age out of the asset register on a configurable cooldown so newly-deployed equipment gets re-evaluated automatically. Admins can also force a re-probe on demand for any individual host.
IP Address Management
A live IPAM view built from the network’s actual state — routing tables, ARP, configured interfaces, DHCP pools parsed from device configs — not a separate database your team has to remember to update. Subnets, reservations, conflicts, and free addresses surface automatically.
Live Subnet Inventory
Every subnet in your network derived from collected routes, ARP entries, and configured interfaces. Per-device VLAN scoping shows which VLAN any subnet rides on. No manual data entry.
DHCP Pool Discovery
Configured DHCP pools parsed out of device configurations across vendors, with lease ranges, scope options, and reservations surfaced in the IPAM view alongside the routed subnets they serve.
Conflict Detection
Automatically flags overlapping subnets, duplicate gateway IPs, and reservations that collide with active ARP entries — the kind of accidents that cause outages weeks later.
Free IP Finder
Pick any subnet and see exactly which addresses are unused, reserved, or in active conversation. No more pinging guess-ranges to find a safe address.
IP Search
Type any address and ConfigGuard tells you the subnet it lives in, the device that routes for it, the site it belongs to, the VLAN, and any ARP / port-mapper context already collected.
Reserved Ranges
Mark static reservations and infrastructure-only ranges so they show up consistently across the subnet view, free-finder results, and conflict checks.
Port Mapper
Collect and correlate interface state, MAC address tables, ARP tables, VLAN assignments, and routing tables across your network. Identify who and what is connected to every port.
MAC Address Tracking
Per-port MAC address table collection across all managed switches. Track which devices are connected where.
ARP Correlation
IP-to-MAC address mapping from collected ARP tables, enriched with IP-context intelligence inline: each IP resolves to the device and site that routes for it (private addresses) or to country / ASN / flag emoji (public addresses). One row, full picture — no separate lookup tools.
VLAN & Routing Tables
Port-to-VLAN assignments and L3 routing table collection. Understand your network segmentation and routing topology.
Interface State & Changes
Per-port admin/operational status, speed, duplex, descriptions, and change timestamps.
See when ports go down, devices move, or changes impact connectivity.
Neighbor Discovery
CDP and LLDP neighbor relationship mapping. Identify directly connected devices and verify physical cabling.
Port Reclamation
Identify unused switch ports based on MAC activity history. Reclaim port capacity and improve switch utilization.
Operational Awareness
Dashboards, reports, and IP-context intelligence that keep your entire team informed. From shift turnover to executive KPIs to knowing exactly where in your network any given address lives, everyone has the operational picture they need.
Status Dashboard
Health banner with KPIs showing critical, warning, and operational device counts. SVG pie charts and color-coded stat cards provide at-a-glance health.
Turnover Dashboard
24-hour operational view with ongoing issues, high-severity items, device alerts, recent changes, and personnel tracking. Configurable severity and priority terminology.
Daily Email Reports
Automated morning summary delivered to your distribution list. Covers ongoing issues, high-severity items, device changes, configuration closures, and validation results.
Internal IP Resolution
Given any IP address, ConfigGuard walks the routing tables of your managed devices to find the longest-prefix match, surfaces the device that routes for it, and resolves the site it belongs to. Confidence-graded (connected routes rank highest), batchable, and aware of RFC1918, CGNAT, and loopback ranges so internal addresses don’t leak to external lookups.
Geo-IP Enrichment
Public IPs picked up by ARP, neighbor tables, or the DNS tool are enriched with country, region, city, and ASN data plus a flag emoji for at-a-glance context. Backed by a locally-cached DB-IP Lite database refreshed weekly — no per-query cloud lookup, no traffic leaks.
Security & Administration
Enterprise-ready access control, audit logging suitable for compliance review, and full appliance administration — all from the web interface.
Role-Based Access Control
Four privilege tiers — Read-Only, Engineer, Operations, and Administrator — with LDAP/Active Directory authentication and group-to-role mapping.
Multi-Factor Authentication
TOTP-based MFA compatible with Google Authenticator, Authy, and any standard authenticator app. Backup codes for account recovery.
Audit Logging
Every login, configuration change, and administrative action is logged. Full accountability with an audit trail suitable for compliance review.
Encrypted Credentials
Device passwords encrypted at rest using modern authenticated encryption, and only decrypted in memory at the moment of use. Never stored in plaintext.
Automated Backups
Daily backups with Grandfather-Father-Son retention: 7 daily, 3 weekly, and configurable monthly backups. Download or restore on demand.
Appliance Configuration
Set NTP servers, timezone, hostname, DNS resolvers, and network interfaces from the web UI. ConfigGuard writes the underlying OS configuration directly — OpenNTPD config, systemd timezone and hostname, network interface files — so day-to-day operation of the appliance never requires shell access or sudoers tweaks. User management, license install, and appliance health monitoring round it out.
Utilities
Built-in tools that leverage ConfigGuard's collected network data to answer operational questions without logging into a single device.
Route Trace
Trace the path a packet takes across your network using collected routing tables. Hop-by-hop path analysis without needing to log into a single device.
Firewall Helper
Generate firewall permit lists from DNS results with broad and narrow scope options. Resolve hostnames to IP ranges for ACL and policy construction.
DNS & Domain Lookup
DNS record lookups and WHOIS/RDAP queries with PSL-aware domain parsing for accurate eTLD+1 resolution. Powers the Firewall Helper and gives you fast answers without leaving the platform.
Subnet Calculator & OUI Lookup
CIDR subnet planning for network design, plus manufacturer identification from MAC addresses using the IEEE OUI database — all built in.