Fortinet this week plans to announce an enterprise access switch that enforces NAC policies as well as a host of other security functions the company is already noted for.

The Fortigate-224B security platform blends access control enforced at switch ports with other gateway protection methods including antivirus, intrusion prevention, antispam, antispyware and URL filtering. It also supports a firewall, VPN and traffic shaping.

The device is the network access switch. The switch has 24 10/100 Ethernet LAN ports, two gigabit Ethernet ports and two 10/100 WAN ports. PCs and other LAN devices plug into it directly, so with just 24 ports, it is meant for small offices or departments.

The device can run in two modes: strict and dynamic. If strict mode is turned on, devices trying to log in are diverted to a Web portal where the switch analyzes the security posture of the devices. This check requires no agent on the endpoints.

When dynamic mode is turned on, devices logging in are granted access based on preset policies, without the endpoint check. If a policy violation or specific threat is detected later, the device can cut back access to a quarantine VLAN until the detected problem is dealt with.

The company differentiates between admission control, which checks the state of the endpoint to determine if it gets access; and access control, which authenticates a person in conjunction with a machine and grants access to a predetermined set of network resources. It says it provides the latter.

Pricing for Fortigate-224B starts at $4,000, which doesn't include the non-NAC security services.

Tim Greene is senior editor at Network World.