Fortinet has a new enterprise access switch that also functions as a small-office WAN router and multi-function security platform.

The Fortigate-224B security platform contains access control, enforced at switch ports, with other gateway protection methods including anti-virus, intrusion prevention, anti-spam, anti-spyware and URL filtering. It will reduce the number of devices that need to be managed in branch offices, the company said.

PCs and other LAN devices plug into it directly, so with 24 ports, it is meant for small offices or departments. The switch has 24 10/100MbpsEthernet LAN ports, two Gigabit Ethernet ports and two 10/100Mbps WAN ports.

That means branch offices be dealt with through a single managed device that provides networking and security, says Mike Rothman, president of Security Incite. Rather than putting in a WAN router with security features and a LAN switch, customers could install just one of these. "It's one box versus two," he said.

The downside is that if customers are looking for a full-featured NAC device, this might not fit the bill, Rothman says. "I don't view the Fortinet box as a true NAC box," he said. For that, it must contain a check of the integrity of devices before they are admitted to the network, manage flows of traffic after the device is admitted and have an intrusion-prevention system to shut down worm activities if they start up, Rothman said.

Rothman says products from companies including Caymas Systems , ConSentry Networks and Nevis Networks fit into the category of true NAC devices. The Fortinet-224B runs in two modes. If strict mode is turned on, devices trying to log on are diverted to a Web portal where the switch analyses the security of the devices. This check requires no agent on the endpoints.

If dynamic mode is turned on, devices logging in are granted access based on preset policies, without the endpoint check. If a policy violation or specific threat is detected later, the device can cut back access to a quarantine virtual LAN until the detected problem is dealt with.

The company differentiates between admission control, which checks the state of the endpoint to determine if it gets access, and access control, which authenticates a person in conjunction with a machine and grants access to a predetermined set of network resources. The company says it provides the latter.

Pricing for the Fortigate-224B platform starts at $4,000, which doesn't include the non-NAC security services. The price for the device with virus protection, intrusion prevention, Web filtering and spam screening costs $5,800.