Fortinet FortiAuthenticator Reviews

I am a solution architect and my company works purely for Fortinet, implementing all versions on a daily basis, so we're not end-users. The company is an exclusive distributor implementing the product.

The primary use case of the product is usually for multifactor authentication using two-factor authentication with tokens. Sometimes people require two factors with a token. Sometimes they need the latest POC. I do a proof of concept for windows login. They need the agent who authenticates with SMS, token or email.

Usually, I do an integration with the firewall. I would prefer to do it with FortiGate, but sometimes I need to integrate as a radius client and it depends on which firewall. I prefer FortiGate. Sometimes they'll need to add an SMS as the second factor of the two-factor authentication. But usually, we do it as an unarmed radius FortiGate, or firewall would be for a radius client and radius server. Sometimes clients will ask whether we have integration with a social portal like Facebook, but we don't. 

There aren't any major features that I think should be improved. I like this product. As a multifactor authentication, we have the SAML function. If you compare it with RSA or Gemalto, it does a good job. I'm able to perform multifactor authentication in different ways via emails, SMS, it's a great product. For someone concerned with multifactor authentication, I'm satisfied with the product.

There aren't any major additional features they could include in the next release but the one thing they used to include was the SMS gateway from the ISP. Fortinet used to sell that but they don't anymore and I think it would be helpful for end-users if they brought it back. I would recommend that. People are asking for it because they don't like having to rent it from their mobile provider. 

The product is very stable. I love it. 

I think it's a scalable product. I haven't compared it to the competitors but it's scalable. 

Part of the reason it's such a good product is that I don't recall ever needing to call for technical support. 

Initial setup and configuration are very straightforward. From a technical perspective, you need to know where to do the PDS but if you have a technical background it should be very straightforward. I just bring the VM or the trial license and I start to do the POC, usually with the VM.

Initial setup and deployment sometimes need integration with FortiGate, and sometimes via the captive portal. It takes a maximum of an hour, but it also depends on the end-user and what they need to be integrated into the system, like features such as SMS gateway parameters. 

I think the setup cost is reasonable, and we don't need to renew the license. Sometimes there are extra costs for the VM. Our main competitors are RSA and Gemalto, and the Fortinet prices are very competitive relative to their prices. 

As a distributor of Fortinet, I would suggest people give this product a little bit of focus. I mean we can do well on this product if we concentrate on it. People don't know about the two-factor authentication and that it's easy and straightforward. We also include some features for free but I suggest that people using Fortinet just focus on this product. FortiAuthenticator has created a straightforward easy-to-use product.  

I would rate it a nine out of ten. Not a ten because nothing is perfect. 

We primarily use the solution for FortiToken multi-factor authentication and as a VPN for login devices, among other cases.

The solution is easy to learn and makes it easy for our users to add FortiToken. It's very easy to integrate if you have other Fortinet devices. 

We have issues with HA (high availability). These should be addressed in future releases.

The solution is very stable. I'd say it's about 97% stable. We haven't experienced any crashes or anything of that nature.

We haven't really tested scalability that much. We have about 200 users and we don't plan to increase usage any time soon.

Technical support used to be much better. Fortinet seems to be downgrading, so everything takes longer to get a response in comparison to the past. When you make a ticket it may take as much as three days before it gets assigned.

The initial setup was very easy.

We handled the implementation ourselves.

The cost is okay. It's moderate to inexpensive.

We use the on-premises deployment model. We're both customers and partners with Fortinet.

I'd rate the solution eight out of ten.

We primarily use the solution to get users.

The solution's most valuable aspect is that it easy to install. The user experience is very good.

I've only been using the solution for one month, so I haven't come across any glaring issues so far.

The hardware aspect of the solution could be improved. We are not really able to understand the hardware capabilities of the device.

The solution is quite stable. They also send out upgrades quite often.

Technical support is okay. There are some people that are quite experienced while others are less so. However, they always give me an answer. If you don't have local support at the regional level you may have to rely on Google a bit. In my experience, however, it's been fine. They are very quick.

I've previously used WatchGuard. Fortinet is better for what is there, even though their prices are quite similar.

The pricing is okay. It could always be less expensive, however.

We use the on-premises deployment model.

I'd rate the solution eight out of ten. We have to compromise between price and functionality. If we had the money, we'd probably go with Palo Alto. However, it's much more expensive. 

The solution is really important to ensure double authentication for the user. For example, if you have an internal messenger and you want to ensure the access externally for users, you can implement the two-factor authentication. Also, for the VPN, you can implement two-factor authentication to avoid any kind of hacks.

If you want some other FortiAuthenticator from one site to another site, you should have requirements, but really if you have authentication and directory or another solution, you should change the password of the authenticator between the solution and the directory and other things. So the transfer of data and other information should be simpler.

In the future, I think h02.exe is very important to authenticate users internally. To economically move the person from vnom to vnom. Also, the ESO to ensure the authentication of users should be a bit more automated.

In my opinion and my experience, I didn't have any problem with the solution, just the requirements for other solutions that we should integrate with it. I think the solution is easily implemented, and, in my opinion, there is no problem with this solution. Just a bit of correction is needed, and that's it.

My impression is that the solution is good and I like it and I would work with it for another project and increase my skill on the solution.

I have worked with them, so I like the technical support of Fortinet. I would give them a good mark.

The initial setup is so easy and there is no problem in the implementation. We can implement it easily in a different kind of infrastructure.

I started working on FortiAuthenticator from last year. I have had a chance to deploy many, many projects on FortiAuthenticator. I deploy 10 next-gen projects on FortiAuthenticator. I deploy many defensive scenarios. Also, I have good experience with large products.

You should make sure to implement the requirements via experts like me, so you can implement the product carefully. In that way, you can use it clearly in a simplified manner.

For FortiAuthentication, it's a good price in comparison to any other competitor. Other products are so expensive, and the features are the same. There might be a bit of difference between the two products, but if you want just double authentication and some other features, I think I recommend the FortiAuthenticator, and it is low cost and has other defenses.

In my opinion, I recommend the solution. You can also use it for other things like h02.exe for authentication of users. Also for ESO. There are five things you can use it for, so I recommend the product. The low cost is very important for any customer.

I would rate this solution eight out of 10.

The feature I value the most is the one-time passwords because it helps to authenticate users so you know the timing of their usage.

I don't have any issues with this solution, but it may need a better, more user-friendly interface or better design of the platform.

I have found that the solution is very stable. I am officially conducting at FortiGate and I found that it was so easy to conduct my environment and control my environment with this solution. 

We have seven users licensed on this solution. With FortiAuthenticator it is so easy to manage our users and it is scalable to all the users at our university or in our environment.  

I am really impressed by the technical support because they were very helpful. Once we logged our complaint, we received an answer from them in no time, and they quickly fixed our issue. 

The initial setup is very easy.

I will recommend this solution to others who are considering to use it. I give it a ten out of ten rating.

The basic use we have for FortiAuthenticator is multi-pack authentication.

FortiAuthenticator has helped a lot of our customers in the way that they do the business when they onboard their clients to the data center. It has drastically changed what they used to do earlier after the installation.

It is cost-effective. The users can be securely managed by adopting it.

They need to have some kind of write-up and solution document that people can access very easily. All of the Cisco documentation is available on their website and in other places. They should make it available to the public. 

The more people know about this product, the better. That will make it easier for them to position FortiAuthenticator to their customers or use the product in production.

Other features that would improve the product are a single sign-on where people can use their Gmail ID to log-in, etc. This feature we wanted and now they are rethinking it. At this stage, I can't give any other suggestions for improvement other than this.

A single sign-on is used to create a user ID and password for the user to get onto the network. You can ask them to use their LinkedIn credentials or maybe Gmail, some of the social networking credentials to gain access.  

This is useful when you are onboarding any guest users for internet access. This is something that is a very good feature which they could have integrated already.

It's very stable when compared to other products.

For scalability, you need to size FortiAuthenticator properly. You should plan it initially, then make the implementation. 

It's is not 100%, maybe 80% on the scalable side. There are some places where we use it for 800 to 1000 users. With the proper deployment, we can support close to 2000 users.

You need certified people to understand this product like dedicated engineers. You need a person that knows the product and how it works. 

Otherwise, if any new person comes to FortiAuthenticator, it will be very difficult for them to understand. Over time, you'll be able to get to know the layout and how the product works.

Technical support is quite good, There is something called the 8x5 and 24x7 technical support for the solutions. If you have 24x7, they will respond immediately. 

If you have 8x5, and they will respond next business day depending on how soon the TAC engineer picks your request for your deployment or ongoing support issues.

We used a different method as a solution, primarily SafeNet, but there are others. It all depends on a customer-to-customer and case-to-case basis. It depends on the budget and what the customer asks for in the contract. 

At the end of the day, it all revolves around the money, i.e. how many dollars you pay for the solution.

The initial setup is straightforward. It's not that complex. If you know about the product, you will be able to do the setup. 

It takes generally, one to two weeks for the full-fledged deployment. We have a demo unit. We just used that for showcasing the capability of the device to all of our customers. 

Once they start using it, they would advise on the deployment.

There is an economic investment on this product that compares to other products from Cisco. There is a ROI on this product.

You buy the pack for 100 to 200 users. Once it goes over, you have to renew it on a yearly basis. It may be on a term where you license for one business. Officially, the authentication license has a third-party involved. Then you need to take your action. 

I don't see any additional license costs from FortiAuthenticator, but for the add-on features like MS Gateway, etc., you need to buy them.

FortiAuthenticator is a very good solution. It is all jury-based. FortiAuthenticator is very easy for anyone to understand how it works and be able to take action.

I would rate FortiAuthenticator with an eight to nine.

We implement FortiAuthenticator in situations where there are multiple Active Directory domains. Other use cases include:

• When we need to use FortiClient to keep track of users as they move around different locations where normal FSSO would have issues
• When we need to use one FortiToken for multiple Fortigates
• When we want to use it as a domain controller.

The FortiAuthenticator can do many things.

It keeps track of users and their IPs no matter where they are in the network. When users roam, we don't have to worry about not mapping them to an IP.

Valuable features include the robust SSO features, when you have more complicated authentication within an organization. We can mix AD, Radius, Portal, SSO Portals (Google, etc.), and build our own environment. It is very flexible.

The GUI is on the older side but I'm sure that it will be upgraded soon. It works, but it looks a little dated.

This solution is used for 2FA for Desktop and VPN access. Each computer, server and VPN access has to have a 2FA and the solution allowed us to accomplish this with a fob or phone app. We use the fob as phones are not owned by the company.

This was a regulation we needed to fill and it worked at a good price. It provided a solution that allowed us to fulfill the requirement.

• Easy integration with FortiGate to allow for 2FA with our VPN.
  
• Addition and removal of access as needed for the VPN.

For my use of this solution, not much needs to change. I do not mind the way it works currently. However, I would recommend a more fluid integration with FortiGate.