Network Segmentation¶

Network segmentation is a security technique that divides a larger network into smaller, isolated segments, each with its own access controls and policies. Segmenting at the asset level reduces the risk of lateral movement, limits the blast radius of security incidents, and improves visibility into how managed assets communicate.

12Port implements network segmentation through AccessWall. AccessWall enforces policy directly on each asset's native firewall, with no separate agents. The default behavior is to allow inbound admin access only from the PAM gateway and any explicitly trusted hosts you configure — making PAM the single path to the asset.

Policies in AccessWall are dynamic: they're authored against asset tags, selectors, and services rather than static IPs or subnets. As tags or selectors change, applicable policies update automatically. AccessWall Enterprise extends this with observed-connection mapping, segmentation suggestions from real traffic, simulation before enforcement, and service-request workflows for time-bound exceptions.

For details on configuring segmentation policies, see the AccessWall module.