Skip to main content
AirGapNetPhysical network isolation
← BlogConceptMay 20266 min read

How AirGapNet works: a 6-minute primer

What the AGN devices physically do, where they sit alongside your firewall, and why "online when needed" is a different category of control.

The shorter the time a device is reachable, the smaller the window an attacker has. AirGapNet turns 'always online' into 'online when needed'.

In this article

Section 01

The basic principle

AirGapNet is a remote-controlled, patent-pending network switch that physically separates a network line. The control unit sits behind a protected boundary that the production network cannot reach — it is operated over an independent control channel, typically GSM/SMS.

The shorter the time a device is electrically connected to the wider network, the smaller the window in which an attacker can reach it. That single observation drives the design: turn the default from "always online" to "online when needed".

  • Always online · 100%

    The line is reachable every minute of every day. Most service paths sit in this state today by accident, not by intent.

  • Online when needed · ~10%

    The line is reachable only inside approved maintenance windows. The other 90% of the time it does not exist as a route.

Section 02

A complement to firewalls, not a replacement

AirGapNet does not replace a firewall. It complements one. Firewalls, EDR, segmentation, and IAM all assume the line exists and gate access on top of it. AirGapNet changes whether the line exists in the first place.

Use AirGapNet on individual service paths that should be reachable only during a defined window: maintenance access to a controller, an update channel to a server, a backup target between backup jobs, or admin reachability to a SWIFT gateway. The firewall keeps doing what it does — AirGapNet removes the path it would otherwise have to defend.

Section 03

Benefits

AGN devices physically separate the network line. The control unit cannot be modified from outside, and the switch action runs over a separate control channel. Disconnects can be manual, scheduled, or event-driven.

  • Higher security

    Physical separation reduces the attack surface to zero during the closed window. There is no path to defend.

  • Flexibility

    Switch manually via SMS, on a recurring schedule, or in response to a verified event. Three modes, one device.

  • Easy operation

    Operators control the device from a phone. No console, no jump host, no extra training for the on-call team.

  • Compatibility

    AGN devices sit inline on existing network lines. Compatible with most network types, no protocol-level integration.

Section 04

The air-gapping technology

Air-gapping is a long-standing security technique used to ensure that a sensitive computer network is physically isolated from untrusted networks like the public internet or an unsecured LAN. It is often used as a last line of defense against external threats, especially when sensitive data must remain unreachable from the outside.

Historically, air-gapping has been most visible in three domains:

  • Military and government installations

    Used to ensure that classified or sensitive information is not reachable from external networks at all.

  • Financial institutions

    Banks and other financial institutions use air-gapping to protect internal networks and core systems from external threats.

  • Research facilities

    Sites that store sensitive research data use air-gapping to keep that data off the public internet during long-running studies.

Section 05

Where AirGapNet fits

The classical air gap is a one-way decision: either a network is permanently isolated, or it is not. That works for highly sensitive enclaves but does not scale to the dozens of service paths a typical mid-sized site has — maintenance windows, vendor support, monthly patches, backup jobs.

AirGapNet adapts the same physical principle to a per-line, time-boxed control. The line is the air gap by default; the maintenance window is the planned, audited exception. The result is the security posture of an air gap with the operational practicality of a managed service path.

Go from reading to running

See AirGapNet on your network.

We bring a real AGN1 to your bench and run one maintenance window on your equipment. 30 minutes on the call.

Book a demoMore articles