Network Sentry has several deployment models, but the most common is based on edge device enforcement of access controls, typically using VLANs. Using a combination of SNMP and command line interface, Network Sentry detects devices coming onto the network (either by polling devices or receiving SNMP traps) and then walks each device through registration, authentication and compliance checking, before finally pushing a configuration that lets the device onto the network. Network Sentry also supports 802.1X authentication, but did not encourage its use.
The Network Sentry family also includes end-point security checking via either an on-network scanner (built-in support is included for Nessus) or the Bradford client on Windows, Mac OS X and Linux. A guest registration and login portal is available as an option, as is a network scanner which can be used to discover device types and build a database of devices on the network.
Unfortunately the product has grown over the years with patches, plug-ins, and an enormous number of add-ins to support the unique requirements of its huge customer base.
We found it hard to understand, poorly documented, difficult to manage, inconsistent in its behavior and with no clear way for someone to deploy the product without considerable third-party help.