BastionNetwork Manager

On-premises network management

The network monitorthat never phones home.

Bastion is an application for network inventory, monitoring, and ensuring compliance. Every packet of telemetry starts AND ends all on your hardware. Bet your SaaS can't do that.

JOIN THE SAAS REVOLTRead the spec
Version1.0.0
Install time< 10 minutes
Air-gapYou bet.
§ 0.1 · Install - You know you want to

The install process is so simple it shocked us, too, when we made it. Just run a few commands on a machine of your choosing and kick back while our script does the hard part for you.

  $ curl -fsSL bastion.albro.tech/install.sh | sudo sh
  $ systemctl enable --now bastion
  $ xdg-open https://localhost:8443

  # Yes, that's really the whole thing.
§ 1

Specification

six clauses, no more
§ 1.1

Scope

A single (yes, SINGLE!) application that automatically monitors and inventories your entire network, no matter how big it might be. Deployed on premises, no phoning home, everything's configurable. What more could you possibly ask for?

clause 01
§ 1.2

Deployment

Exactly one binary (or one docker image) stands between you and complete data sovereignty. A single install covers your entire network, no crazy tweaks required. You know what they say: best way to save money is to not waste time.

clause 02
§ 1.3

Data handling

All data collected terminates inside your perimeter unless you say otherwise. Storage is embedded into the platform by default, and all keys are local. Data retention is configurable to the day.

clause 03
§ 1.4

Integrations

First class support for Arista, Cisco, Vyatta-compatibles (VyOS, EdgeOS, etc), and Ubiquiti. Use something else? No worries. Use our generic SSH/SNMP modules or write your own from scratch in as little as 50 lines of code.

clause 04
§ 1.5

Compliance

Ideal for use in environments bound by HIPAA, PCI DSS 4.0, SOC 2, ISO 27001, NIST 800-53, and CIS. Reports are generated directly on-device and are accessible in exactly 0 other locations. Really.

clause 05
§ 1.6

Licensing

Simple, straightforwardly-priced, flexible. Every tier also includes a perpetual fallback license, in case, y'know, something unthinkable happens to us. Because, if we go out of business, that should be our problem - not yours.

clause 06
§ 1.7 · Topology - Everything needed, nothing more

One host inside your perimeter speaks to every device on your network. So simple, it almost makes you wonder why nobody else has done this before.

Network topology — compare competing SaaS products that ship your telemetry outside your perimeter against Bastion, which keeps everything local.YOUR PERIMETERdevicesSNMP · syslog · flows · etcbastion.localaudits · reports · metricsstays localnothing here :)no egressno telemetryno SaaS
§ 2

Field note

an editorial
Filed by

Maddox. Albro,
Systems Engineer

2026-04-23

Every year, one more vendor in the network-management space decides that you should give up your sovereignty - for observability, correlation, ML-driven insights, and so on.

For most teams that is just another cost of doing business. But, for those running HIPAA workloads, processing sensitive cardholder info, or maintaining government security clearance, it is huge gamble on security and, occasionally, a career-ending one.1

The cloud is extraordinary for many things. Network management isn't one of them. Your NMS sees everything, and you know nothing about the provider that's ingesting it. Imagine if I promised you a value-add, but required you to sell all of your most private data in order to take advantage of it. That really sound like a good idea to you?

Bastion is what the LibreNMS and NetBox communities have been assembling piecewise for almost fifteen years, packaged as one app, supported by a real vendor, and that can get real work done to help you solve real problems. It's software for the "big boys", done right.

  1. ¹See, e.g., the 2023–2024 Okta / Cloudflare incident chain; the 2023 Fortinet FortiManager dataplane drift. Cloud management planes have always been an easy target.
§ 3

Vs. the incumbents

specsheet
CriterionAuvikDataDogSolarWindsLibreNMSBastion
Runs entirely on-prem
No outbound egress
Supports air-gap deployment
Vendor-agnostic
First-party support
Open extension API
Perpetual fallback lic.n/a
Average price, 250 devices$45k+$80k+$60k+$0$30.6k¹

¹ 250 devices × $10 · annual prepay · −15 %

§ 4

Pricing

no quote required

Per-device, monthly, posted publicly. No need to sign 40 NDAs just to know what it costs to be independent again. Refreshing, isn't it?

Figures in USD
  1. § 4.1Up to 75 devices$10 / device / month
  2. § 4.276 – 5,000 devices$20 / device / month
  3. § 4.3Annual prepay, any tier− 15 %
  4. § 4.4Nonprofit or accredited education− 25 %
  5. § 4.5Perpetual fallback licenseIncluded
— operator note

We moved from Auvik to Bastion in two weeks. For our compliance posture alone, it paid for itself.

Maddox A.·Albro Holdings LLC