Identity-Aware Access
vs. Network Extension
Phoenix Contact mGuard creates an industrial VPN. Agilicus AnyX replaces the need for one.
Discover why Layer 7 precision beats Layer 3 connectivity for modern security.
The Fundamental Difference
The choice between Agilicus and Phoenix Contact mGuard is a choice between Universal Application Access and Hardware-Bound Network Connectivity.
Agilicus AnyX (Layer 7)
Understands Application layer like HTTP, VNC, SSH. Can block password stuffing, restrict specific URLs, and protect individual files. Users never touch the network.
Phoenix Contact mGuard (IPsec VPN)
Creates an overlay IPsec VPN joining all sites. Maximises lateral movement risk, requires custom hardware, and requires enabling UDP 500, 4500 ports on your firewall.
Security Model Comparison
Agilicus User
HTTPS Only
→
App
Only
mGuard User
Full Network Pipe
→
Network
Adjacency
*With mGuard, if a user device is compromised, the attacker has network-level visibility of all joined sites. With Agilicus, they see nothing but the specific web app authorised.
Why Modern Teams Choose Agilicus
Compare capabilities side-by-side.
Feature
Agilicus AnyX
Phoenix Contact mGuard
Granular Authorisation
How specific can access rules be?
Per URL & File
Layer 7 Precision
None
No fine-grained authorisation (e.g. no read-only VNC)
Client Requirement
What does the user need to install?
None (Browser Only)
Custom Hardware & Client required
Identity Providers
Can you use Google, Microsoft, Okta etc simultaneously?
Multiple Concurrent
Mix Okta, Google, Microsoft, etc
Custom Identity System
No per-user sign-in
Layer 3 Adjacency
Can users ping devices on the network?
No (Zero Trust)
Prevent lateral movement
Yes (IPsec VPN)
Joins all sites, maximising lateral movement risk
Threat Protection
Does it inspect traffic content?
Identity-Aware Web Application Firewall
Handle cross-site scripting, content vulnerabilities
Encrypted Tunnel
Opaque to traffic content, requires UDP 500/4500 ports
Overlapping IPs
Handle duplicate subnets on local and remote site(s)?
Native Support
No conflict, operates at layer 7
Complex
Requires NAT+port-forward, or, re-subnetting
Vendor Agnostic
Does the system work with different equipment vendors?
Yes
Yes. Any PLC, HMI, Historian, SCADA platform. Any vendor.
Complex
No.
Phoenix Contact specific.
Clientless Universal Access
Stop managing VPN clients. Agilicus AnyX works on any device with a browser—desktop, tablet, or phone.
- Ideal for contractors & BYOD
- No MDM required
- Zero friction onboarding
Granular Authorisation
Don’t just grant network access. Control exactly what users can do inside the application.
- Restrict specific URLs
- Control file share access
- Stop password stuffing attacks
Network Simplification
Solve the hardest networking problems without re-architecting your infrastructure.
- Outbound-only (Starlink/CGNAT)
- Overlapping IP support
- Multi-IdP Single Sign-On
Ready to move beyond the VPN?
Experience the security of an Identity-Aware Proxy, Zero Trust, Zero Compromises. No Clients to manage, no lateral movement to fear.