Feature Guide

Device Connection States

The Gatekeeper tracks and displays three distinct connection states for managed devices:

Disconnected

Definition: Device no longer has an assigned IP address and has not sent ARP (Address Resolution Protocol) requests
Meaning: The device may be powered off, physically disconnected from the network, or experiencing network connectivity issues
Implications:
- Device is not reachable on the network
- No traffic monitoring or policy enforcement is possible
- May indicate hardware failure, power issues, or network infrastructure problems

Connected

Definition: Device has been assigned an IP address by the Gatekeeper's DHCP service and has sent ARP requests
Meaning: The device is network-accessible and has established basic network connectivity
Implications:
- Device can be reached via network protocols
- Basic network services are functional
- Device is ready to send/receive network traffic
- Policy enforcement is active but no recent traffic has been observed

Active

Definition: Device traffic has been observed and recorded by the Gatekeeper
Meaning: The device is actively communicating on the network
Implications:
- Device is fully operational and generating network traffic
- Traffic flows are being monitored and logged
- Security policies are being actively enforced
- Device is participating in normal network operations

Understanding Device States

State Transitions

Devices typically progress through states as follows:

Disconnected → Connected: Device powers on and obtains IP address
Connected → Active: Device begins generating network traffic
Active → Connected: Device stops generating traffic but maintains network presence
Connected → Disconnected: Device loses network connectivity or powers off

Monitoring Considerations

Disconnected devices may require physical inspection or power cycle
Connected but not Active devices may indicate:
- Device is idle but functional
- Network configuration issues
- Application or service problems
Active devices indicate normal operation and full functionality

Troubleshooting by State

Disconnected: Check power, network cables, and switch connectivity
Connected: Verify device applications and services are running
Active: Monitor for expected traffic patterns and policy compliance

Device Movement across Gatekeepers

When a device (either managed or unmanaged) moves from a network managed by one Gatekeeper to another Gatekeeper-managed network, this movement is automatically reflected in the user interface. Any security policies enforced on the device are preserved during this transition.

Deep Platform Integration and Ecosystem

Gatekeeper is part of a broader integrated platform, not a standalone point product. It leverages a set of integrations that provide:

Asset intelligence

Integrations with platforms such as Claroty, Nozomi, Armis, Ordr, and Siemens provide detailed asset discovery, classification, and context across OT/IoT/IT.

Threat and vulnerability context

Integrations with Tenable, Rapid7, Qualys, and others provide:

Vulnerability data
Threat indicators
Asset risk scores
Asset tags and other contextual metadata

Unified context model

All of this data is normalized into a platform-level context layer, so Gatekeeper can:

Enforce policy based on asset type, risk, vulnerabilities, and business context
React to changes in risk posture, not just static network attributes

Because the platform and its integrations are designed as a single system, Gatekeeper can rely on consistent context rather than ad-hoc data feeds.

Device Connection States​

Disconnected​

Connected​

Active​

Understanding Device States​

State Transitions​

Monitoring Considerations​

Troubleshooting by State​

Device Movement across Gatekeepers​

Deep Platform Integration and Ecosystem​

Asset intelligence​

Threat and vulnerability context​

Unified context model​