We focused on building the capabilities you actually need for network access control, without the bloat that makes other solutions a nightmare to manage.
Industry-standard protocols that work with your existing infrastructure. No proprietary agents or special client software required.
Full RFC 2865/2866 compliance with support for PAP, CHAP, MS-CHAPv2, and EAP authentication methods.
Lightweight Directory Access Protocol server for directory-based authentication and lookups.
Connect to existing directory services for centralized identity management.
Multiple authentication methods to match your security requirements. Use them individually or in combination.
Traditional credential-based authentication with configurable password policies per group.
Mutual TLS for high-security environments. Client certificates for both portal admins and network users.
Time-based one-time passwords with standard authenticator app support. Prepend or append to password.
Define authentication requirements per group. Mix 2FA requirements, password complexity, and more.
Flexible device authentication with MAC bypass, 802.1X, or both. Dynamic VLAN assignment based on device type.
Control who can access what, when, and how. Our flexible rules engine handles simple and complex scenarios alike.
Organize users into groups with shared policies, RADIUS attributes, and access rules. Supports nested group logic with AND/OR/NOT operators.
Group network devices (switches, APs, VPN concentrators) into host groups with shared RADIUS secrets and policies.
Restrict user access to specific time windows. Perfect for contractors, temporary access, or business hours enforcement.
Flexible rule system with sort order and boolean logic. Control exactly which user groups can authenticate to which host groups.
Real-time insights into what's happening on your network. Troubleshoot faster and maintain compliance with confidence.
Watch authentication events in real-time via WebSocket.
Every auth attempt, config change, and admin action logged.
Full session tracking, duration, and data usage.
Warden uses standard RADIUS and LDAP protocols. If your device supports these protocols, it works with Warden.
Cisco WLC, Aruba, Ruckus, Ubiquiti
Cisco, Juniper, Arista, HPE
Cisco ASA, Palo Alto, Fortinet
Any RADIUS-capable device
Works alongside existing NAC
Active Directory, OpenLDAP
A hardened, self-contained appliance that just works. No command line required.
Pre-built VM images for VMware ESXi 6.7+, Fusion, Workstation, Hyper-V, KVM/QEMU, and Proxmox. Import, boot, authenticate.
Purpose-built rack-mount and compact form-factor hardware for dedicated security infrastructure deployments.
Everything you can do in the UI, you can do via the API. Build integrations, automate provisioning, or connect to your existing tools.
// Create a new user via API
const response = await fetch('/api/users', {
method: 'POST',
headers: {
'Authorization': 'Bearer ' + token,
'Content-Type': 'application/json'
},
body: JSON.stringify({
username: 'jsmith',
email: 'jsmith@company.com',
groups: ['employees', 'vpn-users'],
require_2fa: true
})
});
const user = await response.json();
// { user_uuid: 'abc-123...', ... }We'd love to walk you through Warden and show you how these features can work for your specific environment.
Request a Demo