Skip to main content
AirGapNetPhysical network isolation

AirGapNet AGN2

Rack isolation controller

Quote-led
Rack infrastructure isolationQuote-led · 4–6 weeks
Request quote

AirGapNet AGN2

AGN2 is the 19-inch rack-mount variant of AGN1 — built for larger networks, server rooms, and professional infrastructures where multiple connections need coordinated physical switching from a single device.

Patent-pending · 2023

Technical highlights

19-inch server-rack form factor

Physically connect, disconnect, and switch multiple network lines from one device

Unplug-resistant power input for server environments

Same independent GSM/SMS control channel as AGN1

Why it matters

Built for larger networks and server rooms

Coordinated control over several maintenance paths in one chassis

Quote-first until US pricing and fulfillment details are confirmed

Use cases

Server room maintenance paths

Industrial network zones

Healthcare equipment networks

MSP-managed customer environments

Form factor

One chassis. Multiple paths. All default-closed.

AGN2 occupies a single rack unit and replaces a fragile mesh of inline relays, jump hosts, and trust-by-policy. Each port pair is an independent physical break, controlled over the same out-of-band GSM channel as AGN1.

AGN2 1U rack-mount chassis, front viewSchematic of the AGN2 front face: status LED on the left, eight SFP+ port pairs labelled PATH 01 through PATH 08 in the center, SMA antenna connector, RJ45 management port, and locking power connector on the right.STATUSLINK · OKINOUTPATH 01INOUTPATH 02INOUTPATH 03INOUTPATH 04INOUTPATH 05INOUTPATH 06INOUTPATH 07INOUTPATH 08GSMSMAMGMTRJ45PWRLOCKING440 mm · 19-inch

1U · 19″8 independent pathsLocking powerGSM control

Configurations

Pick the port count. Keep the model.

AGN2 ships in three port configurations. Same firmware, same control channel, same default-closed behavior.

AGN2-4

4 paths

Small server rooms. Backup link + vendor session + update channel + admin path.

1U · 4× SFP+ pairs

Most deployed

AGN2-8

8 paths

Mid-size racks. Production segments, OT zones, and maintenance paths in one chassis.

1U · 8× SFP+ pairs

AGN2-16

16 paths

Multi-tenant and MSP deployments. Coordinated windows across many customer segments.

1U · 16× SFP+ pairs

All configurationsQuote-ledLead time 4–6 weeks

Use cases

Six paths. One break.

Internet isolation

Take a server off the public internet between active sessions. The line returns only for approved windows — backups, updates, vendor jobs.

  • SMB
  • Manufacturing

Server configuration windows

Open admin access to a server during a scheduled maintenance slot. The path closes automatically when the window ends.

  • All segments

Backup isolation

Backup targets stay disconnected from the production network and only open when the backup job runs. Ransomware cannot follow what is not connected.

  • All segments

Immutable backup vaults

Pair AGN1 with an air-gapped backup target so the vault is reachable only on explicit, time-limited writes. Combine with WORM storage for true immutability.

  • Finance
  • Healthcare
  • Regulated

PoE device control

Disconnect cameras, sensors, displays, or kiosks from the network when they aren't actively in use. Reduces the lateral-movement surface from edge devices.

  • Retail
  • Hospitality
  • Industrial

Vendor maintenance windows

External technicians get scoped access to one device during a defined window. No on-site escort, no entire-network exposure.

  • Manufacturing
  • Healthcare
  • MSP
Case study: Vendor maintenance windows

FAQ

AGN2 — buyer questions before the quote.

Product, deployment, security, and warranty — the items most buyers raise on the first technical call.

AGN1 is a hardware switch installed inline on a single network path. By default the line is physically open — neither side is electrically reachable. You open the path for a defined window (manual, scheduled, or event-based) over an independent GSM control channel, and the line returns to a physical break when the window ends.
No — it's an additional layer. Firewalls, EDR, and segmentation are software-based and assume the path exists. AirGapNet changes whether the path physically exists. Use it in addition to your existing stack, not in place of it.
A managed switch, VPN, or jump host still keeps the line electrically connected — you trust software to gate access. AGN1 makes the path physically not-exist by default. The attack surface during the closed state is zero, because there is no surface.
Three modes — manual (SMS code), scheduled (recurring windows), or event-based (verified signal). Auto-close runs locally on the device. When the timer expires, the line returns to a mechanical break — no software command required.
AGN1 ships with a built-in antenna. For low-signal environments, an external SMA antenna is available as an accessory. The control channel is independent of the protected LAN by design.
AGN1 is controlled individually via SMS or app today. AirGapNet Cloud, in development, will provide centralized fleet management, group scheduling, and audit export. Cloud is a future addition — AGN1 ships fully functional on its own.
Every state change — open command received (with originating phone number), window opened, window closed, expiry. Audit data is stored locally on the device and exportable via the management port. AirGapNet Cloud will provide audit aggregation across a fleet.
No. AGN1 operates entirely offline from the AirGapNet vendor side — no telemetry, no analytics, no remote calls home. The control channel only carries traffic between the device and the phone numbers you have whitelisted. Your operational data stays yours.
The default state under any failure mode — power loss, GSM module fault, firmware crash — is physically open. The line stays disconnected. A failed device is replaced under warranty; until replacement, the protected path is offline (which is the safe state by design).
AirGapNet is currently in the US compliance process. We will publish the FCC ID and conformity statement on this page as soon as it is finalized. Until then, devices ship from European warehouses to early US pilots — talk to us about deployment timing.
24-month limited warranty on hardware. Return window: 30 days from receipt for unused, unopened units. Defects covered under warranty are repaired or replaced.

Have questions about deployment?

Talk to engineering, not a contact form.

A 20-minute call covers port count, control channel preferences, and rollout staging for your environment.

Book a call

Other products

The rest of the AirGapNet line.