Fortinet FortiNAC Reviews

Our customers use Fortinet to protect their networks and administer their users. It is mainly used in the healthcare industry.

The platform's benefits vary according to each customer's preferences and budget. It generally fits within their budget, making it a viable option.

The initial setup process needs improvement. I suggest improving the support team's responsiveness to reduce delays when issues arise.

I have been working with Fortinet for approximately five years, primarily as an integrator.

The solution is generally stable. However, some bugs need to be addressed with updates. I rate the stability an eight. 

Our customers are enterprise institutions. I rate the product scalability as nine. 

I rate the initial setup process an eight. 

The product cost is moderate. I rate the pricing a seven. 

The product's feature for access control is a key component providing effectiveness in securing the network. It integrates well with other security solutions, with fewer challenges than other products.

I recommend it as it is a good product, easy to install, and integrates well. I rate it a nine out of ten. 

Our customers are from the security and financial services industries. 

FortiNAC is a network access control. In banking systems and in terminals, we need to manage VLAN and receive reports like IBS and IDS. Every VLAN has specific information to share some, but not all, of the files, because there are restrictions in the banking and financial systems. 

All the features of Fortinet FortiNAC are valuable. We find it beneficial to apply the permission rules. 

I have 20 years of experience working with these kinds of products with no issues. Any graphical user interface was very easy to use. Now, everything is new.

For future releases, I recommend that Fortinet make more series with a hard disk. We have customers who request a hard disk. On the one series, 21.101, we can see it has an internal hard disk. The 101 and 201 have a hard disk, however, the 100 and 200 do not. Keeping the hard disk on the one series will be easier for the distributor and will keep the prices lower for the customer. 

I have been using Fortinet FortiNAC for eight years.

The stability of this product is very good. With FortiNAC you have protection for each of your services.

Technical support from Fortinet can be slow as there are some delays. Just like most service providers, the first line of support is the least knowledgeable, so they refer you to the second or third level of support, which causes delays.

However, to activate the license or extend the warranty, they are fast.

We are able to do all of our projects without support. The stability is good. Therefore, I would rate customer service and support a nine out of ten.

Positive

Deployment of Fortinet FortiNAC took no more than three days. One day for analysis, the second day to implement, and the last day to transfer the implementation documents to the end user and to test it.

We implemented this solution by ourselves. The solution requires one or two engineers to deploy and maintain it.

We evaluated Palo Alto, it is very good, however, it is difficult to transfer knowledge for the end user. Palo Alto also does not have email protection.

Fortinet performs all the services we require from them. The implementation of the solution is easy. 

Overall, I would rate Fortinet FortiNAC a nine out of ten. 

Fortinet FortiNAC is very easy to use, and we can run the proof of concept in one day. The main part of the configuration is to create the policies. We can present more of the solution and protect more clients with it.

One of our customers had a network segmentation project on which they were going to segment their network with new VLANs. They would have to spend a lot of time configuring around 500 switches if the segmentation was done without a NAC. We presented Fortinet FortiNAC to them, and we were able to help them with the VLAN segmentation project. With the Fortinet FortiNAC, you don't need to do the segmentation because the solution helps with the VLAN micro-segmentation. We could do all the segmentation they were planning by creating policies on the Fortinet FortiNAC. They only had to create the VLANs on all the 500 switches, which was easy because they have their network management solution and Aruba switches. All they needed to do was create the SNMP configuration. We had to discover all the switches because NAC has this feature on which you discover all the network devices, point the IP range, and then the NAC tries to find network devices in the environment. We created the policies the way they wanted. For instance, if it is an IP phone, it should go to the IP VLAN; if it is a Windows desktop, it should go to the desktop VLAN; and if it is a Windows server, it should go to the server VLAN. We created such policies using Fortinet FortiNAC, and we were able to help our customers reduce their expenses with their network project.

The most valuable feature of Fortinet FortiNAC is compliance, which we can do with the clients and the endpoints on the network. We can specify many rules to check if the device is on the domain and if there is any allowed process running on the endpoint. We can use the Fortinet FortiNAC to monitor if the antivirus is working and is up-to-date on the endpoint. If there is something wrong with the endpoint, we can quarantine it so that the endpoint won't have access to the internet or will only have access to the NAC portal that tells the user what is wrong with their endpoint.

Fortinet FortiNAC's documentation should be improved because there's not much debugging or troubleshooting documentation for the Fortinet FortiNAC. We had to open a ticket with Fortinet for an issue we faced on the FortiNAC. During this ticket handling, we were able to learn a lot of troubleshooting comments which are not properly documented. If it is documented, it's only internally on Fortinet, not as a public document. Fortinet FortiNAC must work around this and allow partners access to those troubleshooting documents.

I would like to see a more refined way to customize the portals. We are not able to do a lot of customization on the Fortinet FortiNAC portals. We cannot change anything or create a title for the Fortinet FortiNAC portal as we can on other portals.

I have been using Fortinet FortiNAC since 2018.

I rate Fortinet FortiNAC an eight out of ten for stability because I had issues with its previous versions.

I rate Fortinet FortiNAC a ten out of ten for scalability. We have plans to use Fortinet FortiNAC even more in the future. We have three ongoing projects, two projects that we just closed, and ongoing proof of concepts for another project.

Fortinet FortiNAC's technical support is very good. There are not a lot of Fortinet technicians enabled to troubleshoot FortiNAC. However, when we find one, they are very helpful.

It is straightforward to deploy Fortinet FortiNAC until you reach the compliance part. If you have a simple compliance rule, you have just one policy. However, with Fortinet FortiNAC, we can create layers of compliance, and that's when it gets complicated since there is no visual way to see those layers. You need to know your configuration to understand the layers. If someone new accesses the Fortinet FortiNAC solution and tries to look through your policies, they will need time and training to understand how the layers of compliance work.

One of our customers was going to spend more than 100 hours with technical people to configure all the segmentation they were planning for their network project. With the help of Fortinet FortiNAC, we reduced it from 100 hours to 10 hours of effort.

We are using the Fortinet FortiNAC 9.2 version. Since Fortinet FortiNAC is a network access control solution, it is better to have it on-premises, and closer to the devices it will manage.

Sometimes we have a lot of issues either because of the old models of switches the customers are using, or the customer is using a type of switch that is not manageable. However, that's more of a design issue.

You must have a good network for you to be able to use Fortinet FortiNAC. If you don't have a full network project with new devices and router switches, you must first fix your network.

Overall, I rate Fortinet FortiNAC a nine out of ten.

I use the tool to maintain strict network control. It blocks suspicious connections and only allows specified access. You can control it through MAC addressing. It's all about managing the network so it's not accessible to any unauthorized user or machine.

What I like best about Fortinet FortiNAC's solution is its strong security measures. They're very strong compared to other firewalls. It has good threat detection and strong protection features.

The tool is effective because it won't give access to any unregistered equipment. If a laptop isn't registered, it can't just plug in and get access. It blocks any unregistered company or network device.

I haven't personally used the AI capabilities, but I know they're used in the security risk process. In threat detection, AI can automate incident management and handle suspicious cases automatically.

The solution needs to improve its AI capabilities. 

I have been using the product for one year. 

So far, we haven't had any stability or performance issues. It's been stable.

The solution is scalable and my company has 50 endpoints. 

The initial setup process wasn't too difficult. It's been okay so far, though there might be ways to make it a bit easier. 

During implementation, we faced some minor issues, like trying to get firmware when there was no internet, but nothing I'd call a real problem.

When deploying Fortinet FortiNAC, we first register the budget and understand the client's design. This matters because we need to know what the client wants to protect and where exactly. The scope comes from the design.

For the deployment I was involved in, we only needed two people. It didn't require a big team. The deployment took less than 30 minutes, which was very fast.

Maintenance is pretty normal. There haven't been any specific maintenance requirements beyond normal admin activities.

I would recommend the solution to others and rate it a nine out of ten. 

We use the tool to support critical systems in sectors like energy and water companies.

The integration between switches, access points, management, analyzer, and other components is excellent. Everything is stable and can be managed from one place.

The tool's usability isn't very comfortable, and there’s a gap between what we need and what it currently offers.

I rate the tool's stability an eight out of ten. 

I rate Fortinet FortiNAC's scalability an eight out of ten. My company has 250 users. 

My impressions about Fortinet FortiNAC's support are not good. 

The solution's deployment is complex. Deployment typically took around three weeks with two people involved. We had to open several tickets with Fortinet for support, but not all issues were resolved, so the system isn't fully optimized.

I rate the overall solution a four out of ten. Its integration with existing infrastructure is easy. 

I was a distributor and system integrator of FortiNAC. We were opening a lot of tickets and there were lots of bugs, so I replaced it with Forescout very easily. Within two days, I replaced everything. With FortiNAC, I was just doing the implementation, making things work properly, and beginning testing after five days.

FortiNAC is deployed on-prem. They're not major enough to be on cloud. Even on-prem is not doing good.

Version 9.1 has been an improvement on previous versions. It's a good solution for SMB.

Any NAC solution has three to four phases. The first phase is discovery and classification. They do discovery, but they are lacking a lot of features in terms of classification. Also, they don't do a lot of classifications. They cannot help you if, for example, you're classifying Windows, and you want to check which Windows version it is, like Windows 7, Windows 8, Windows 10. It's a little bit difficult. It's not easy like the other products. 

Classifications and visibility need to be improved a lot. They have to start work on being agentless. Agentless means they need to have strong integration with Windows. They need to use the RTC. They cannot force people to have an agent for people who are going to the domain. There needs to be compatibility with switches. For any NAC solution, all the inputs will be through switches. So if it is not compatible with switches, this is a big disaster. When I was doing their switches, there were a lot of customers whose switches were not compatible with FortiNAC.

If these things are well-designed, then they can compete in the NAC market. And also in terms of IOT, they cannot discover the IOT things perfectly or the OT, operation technology, things.

In terms of HA, they're having a lot of problems. You just need to put the HA between two clients, and you have a lot of problems. There are problems with the classifications. In terms of control, they're not doing well. They cannot do integration with SCCM, for example. They have a lot of things missing.

I started using FortiNAC since Fortinet bought it in 2018. They bought it with Bradford, and I was one of the few people in Saudi who knows FortiNAC. I have known FortiNAC since it was 7.2, and there were a lot of bugs. Even now, 8 has a lot of bugs.

Now they have jumped to 9.1 and 9.2. I used version 9.1.2. They just changed the dashboard, but it's still agent based. I deeply know what FortiNAC is doing, and it's not doing good. I used to work with them, and then I left. Now, I'm purely working with Forescout technology.

It's not a stable solution. If you want to do the HA, suddenly both appliances will be gone. Both FortiNAC and Forescout are being built on CentOS Linux. Doing HA with FortiNAC, which should be very simple, is just a disaster. I know three customers who are complaining.

I have switched to Forescout because in regards to technology, application, visibility, and control, Forescout is unbelievable. Forescout is a great platform for OT things.

I would rate this solution 5 out of 10. 

It's a difficult solution. I used to be the FortiNAC guy, so I will be tough on them. In Saudi, I was the number three FortiNAC guy.

I can recommend FortiNAC for SMBs: small and medium businesses, but they will still suffer. I would recommend Forescout more.

I was certified in FortiNAC (Part of Fortinet-NSE6) last year and I've personally implemented FortiNAC in three organizations. We work as a team with people who have expertise in different areas and Vendors and have exposure to different infrastructures.

FortiNAC scans your network to discover every user, application, and device (IOT), With up to 18 different techniques, it can then profile each element based on observed characteristics and responses for granular visibility - We then apply state-based control(eth0 VLAN switching) and Policy based control rules for access control and response.

Anyone (Domain users, Contractors, guests, etc) wanting to connect to the network has to be accessed by the NAC. Users come in at different times and some may be working from branches or home through a VPN and they will be authenticated in the same way with different privileges on the Network.

So it has to run 24/7. It's authenticating users all the time. We are gold partners with FortiNac. 

There are quite a number of things that are valuable about this solution. Having dealt with Cisco ISE, I realize that FortiNAC is different in a way that gives you granular visibility of the entire network infrastructure related to IOT devices (Who, What, When, Which information). It's helpful that you can know what's going on from your phone, your tablet, and from home. The solution provides containment, reporting and security event-alarm mapping and saves log and carries out further analysis for cyber thefts. It really is a good solution.

I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via FSSO or Certificate management he has to have a persistent agent.

The admin UI is not that good. It could be better matched and more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a FortiAuthenticator to build it.

The other thing would probably be the visibility granular. For example, when I have a user at a particular branch, I can't tell what SSIDs they are connected to. I only have the IP addresses so if the wireless controller is integrated with FortiNAc, you're going to realize that you won't be able to know whether a particular person is connected, that an AP is connected to a particular SSID, is connected to. . .  etc. It only gives you the IP addresses, Host names, etc. That has to be improved and am sure it will be in the next build version. 

Additional features, would be an agentless link and adopters - online, offline adopters - it picks the IP's, the host names, the layer 3 information, layer 2 information, what's connected. And also to give different privileges, best rule privileges to users. 

VLAN Interswitching (state based controls) could be quicker when doing the process flow from different sorts of authentication. When it comes to guests or contractors, you don't want to use a dissolvable agents. It dissolves in the process of downloading, but it takes longer and that could be improved.

I've been using the solution for a year and a half. 

FortiNAC is Pretty stable. We initially had a couple of troubleshooting issues in the deployments but we worked them out and it's fine now and has pretty good Visibility across the Network for every device, application and user, extend Control of the Network to third-party products and automated responsiveness.

You won't find so many NAC solutions like it. I mean it's granular, you will see a lot that you need to ask. It will give you all the controls you need and it has event alarm mapping, - I mean "you can't control what you can't see"

It is very scalable, you can have as many features and access points as you want. as you have. It depends on the licenses, but you can have as many IoT devices (Switches, routers, Firewals, WLC, etc) as you want and as many features as you want. You can have visibility to all the ports of the switches on the NAC, you can easily see  Who, What, When, Which information then control and respond

Technical support is good. You create a ticket and within that ticket you explain what challenges you're facing. They assign you an engineer who'll help solve the issue. It's pretty easy and straight forward and they're always there to help. 

Initial setup is pretty easy. If you're doing a VM setup, you do the registration on the Fortinet portal, and then you set the IP addresses. I think it's pretty good when you're implementing it the first time, it's very easy but when you get to tests, which are the UAT's, you're most likely to have a few issues that you need to be aware of.

Deployment time depends on the kind of customer. For example, the current implementation I'm doing has an assessing vendor. 90% of the network is wireless and 10% is cabled in network. They have more than 80 access features, more than 80 routers, and two wireless controllers. They have a number of databases and different firewalls - to use that fountain it slows things down. You're also dealing with Domain users, contractors and Guests in different locations. Obviously this will take more time than a project with less infrastructure devices. It really depends on the nature of the infrastructure.

There is a base license level which pretty much gives you topologies and groupings automation/control, etc. When it comes to policies, it's only going to give you user host profiling and network access. If you're looking for endpoint compliance, integrations, Incidence response and reporting, then you have to go for an Plus or PRO license.

You need to think about what you need as a company. There are so many government institutions, so many corporate institutions in the world that want to protect their networks. People have different privileges within a network, an instructor cannot have the same privileges as a normal user and the guest. We have guests coming onto our network, contractors coming to work at different times on the network, the main users who are working in different departments and who shouldn't have access to some platforms. When it comes to authentication you need to make sure you're protected from all kinds of threats. You have different products, Vendors and divices that all need to be controlled. If something goes off you need to know where and why. 

I would rate this product a eight out of 10. It's still evolving. 

We use the tool to ensure that we have network access. It also helps us avoid stranger devices getting into the LAN or Wi-Fi. 

The tool provides us with a list of devices that tries to connect to our network. It offers us a lot of network visibility.

The solution's licensing price should be improved. 

I have been using the product for three years. 

I would rate Fortinet FortiNAC's stability a ten out of ten. 

I would rate the product's scalability a ten out of ten. 

Fortinet FortiNAC's setup is straightforward. 

We have seen ROI with the tool's use and it is high. 

I would rate the product an eight out of ten.