Fortinet FortiNAC Reviews

We use this solution for network access control to ensure that access into our environment, especially our endpoints, is controlled. We have 23 sites in different geographic locations, so we want to make sure that a person can't just sneak into a branch, plug in a device, and connect to the network.

We also want to reduce the risk of connecting endpoints that have vulnerabilities, for an added layer of protection. If you're missing patches of security, you basically have no firewall because those are potential entry points for attackers. We want to control and manage them from a central point so that, if there are any potentially hazardous connections, we are able to block the user but also remediate in the case of Microsoft updates or if updates are missing on their PC.

It's a very good solution and one thing I have noted is its simplicity and the ease of the set-up process. Of course, we worked with experts from Fortinet who helped us set it up, but if you look at how easy it is to follow the instructions, like the simplicity of the UI, it's like a daily language. If I want to block an access and I think it should flow a certain way, I can do it that way easily. In other solutions, like maybe Cisco ISE for example, I think you need to be a bit more technical to really understand what you are doing.

I hope that Fortinet can add a feature with a remediation mechanism when you find a broken piece so that you can click on something and download the needed update or resolve the firewall issue more easily. Currently, we have to use an external remediation server to download updates. For example, the Kaspersky antivirus was originally built just for threat detection and prevention. Still, they've gone to another level where the solution can point to a vulnerability, and you can click a button to remediate it, and the solution goes and pulls the download and fixes it.

I have been using this solution for three to four months.

So far, from what I have seen, it is a stable solution.

The solution is scalable. When we expand our network, we expand the solution.

Their remote support is great. Plus, there's the fact that they have 24/7 support services, so if we need anything, we're able to get the support that we need.

The initial setup was okay because we had help from the Fortinet experts. It was a new application for us, so obviously, there was lots of learning involved. However, we were able to explain what things needed to happen, and they were able to actually show us, "Okay. That one, we do like this. This one, we can do like that." Also, we had some additional things that weren't included in our environment, and the support engineers were able to provide those solutions for us. We continue to buy more solutions from them that work with what we have procured already, including firewalls, radio servers, and a variety of plug-ins.

We had help from the Fortinet team and we deployed in about two to four weeks. We had a time zone issue because I'm located in Zambia and we needed to be available on this side for them to set up the solution, so we set up Teams meetings to work together online. Also, they offered training to us so that we could get certified to manage the product ourselves.

It's a pricey solution. I don't know if it's maybe because the local partner overcharges me, but when I was researching other solutions, Cisco ISE is cheaper. My current license is about $60,000 to $70,000 thousand, while the equivalent through Cisco would be around $15,000.

It is a brilliant solution. My advice to those looking into the product would be to ensure that you get trained on how to use the solution so that you can fully appreciate and understand how to effectively implement and manage it. Then, secondly, you should do your research on the price. I don't know what the pricing is like from Fortinet, but we are not allowed to deal directly with them so we had to go through a distributor, which increased the price. Sometimes, if there is only one distributor in an area, you can get exploited.

On the technical side, I would rate this solution as a ten out of ten, but I'm not happy with the price, so as a whole, I would rate it as an eight out of ten.

Our customers use Fortinet to protect their networks and administer their users. It is mainly used in the healthcare industry.

The platform's benefits vary according to each customer's preferences and budget. It generally fits within their budget, making it a viable option.

The initial setup process needs improvement. I suggest improving the support team's responsiveness to reduce delays when issues arise.

I have been working with Fortinet for approximately five years, primarily as an integrator.

The solution is generally stable. However, some bugs need to be addressed with updates. I rate the stability an eight. 

Our customers are enterprise institutions. I rate the product scalability as nine. 

I rate the initial setup process an eight. 

The product cost is moderate. I rate the pricing a seven. 

The product's feature for access control is a key component providing effectiveness in securing the network. It integrates well with other security solutions, with fewer challenges than other products.

I recommend it as it is a good product, easy to install, and integrates well. I rate it a nine out of ten. 

The primary use case for this solution is to enhance network security within our organization. We utilize it in various environments, adapting to customer networks which sometimes require setting up power and routing due to multiple lines.

The solution has significantly reduced our operational costs related to network security and has streamlined network security management.

The most valuable features include DNS protection and web filtering, which are effective against hackers and ransomware. Although ransomware remains challenging to identify, these features enhance our overall security.

The product's pricing and configuration process needs improvement. 

I have been using Fortinet FortiNAC since 2010. 

I would rate the stability of this solution as a nine out of ten.

I would rate the product scalability as an eight out of ten.

The customer service and support are excellent.

Positive

We have used different solutions before.

The initial setup was straightforward, with no significant problems. The duration of the installation varied based on the complexity of the customer's network.

I implemented the product myself. 

The product pricing is reasonable.

We evaluated other options, including Cisco.

I rate Fortinet FortiNAC a nine out of ten. 

I use FortiNAC to limit access to our network; it's our firewall. We are customers of Fortinet and I'm a technical manager. 

The solution provides good performance, is easy to use and easy to configure.

The technical support could improve; the response time is quite slow. 

I've been using this solution for two years. 

The solution is stable. 

The solution is scalable, we have 100 users. 

Customer support could be improved as their response times can be quite slow. 

Neutral

We pay an annual licensing fee; this is quite an expensive solution. 

I rate this solution seven out of 10. 

The primary use case is for the visibility of the entire network architecture. It provides visibility to the switches, and routers to see the domain users, contractors, and guest users. It provides network access control, to be able to tell what endpoints are running on the machine, and what windows updates are on the machine. It is also used for cyber threat control.

The most valuable feature of the solution is having visibility over the IoT devices on the network. It allows the organization to see all the machines on the network, who is accessing what at which time, and what they are doing.

When you compare the solution to other NAC solutions like ISE and Portnox, you realize that it is not able to work as a single sign-on device. You need to use it with FortiAuthenticator. If you want to use certificate management, and two-factor authentication, you have to buy a FortiAnalyzer, which is different from ISE. I would like to see these features included with the solution.

The reporting can also use improvement. 

I have been using the solution for three years.

The latest version of the solution is stable.

The scalability is good. You can control as many users as you want.

The support is useful. They are usually able to log on and resolve the issues.

Neutral

The initial setup is straightforward on VMware, but it gets complex if you try to set up for example on Hypervisor. You need to have advanced knowledge to have a successful setup.

We implement the solution for other clients.

I rate the solution a seven out of ten.

If the deployment is strictly on a wired network it takes about a week however, if it is primarily on a wireless network it can take about three weeks.

Maintaining the solution is easy. The only area that may require additional support is if there is a large number of new guest users on the network. That requires admin approval for each user individually and takes time.

I would say it is a good solution, especially if you have IOT onboarding with a sponsor. You will be able to manage your users in a seamless way.

There are some features that are working well.

Technical support tries to be helpful, however, they just don't understand the technology.

We have tried to do a small POC and it failed. 

I had a bad experience with FortiNAC. The customer was asking for a NAC solution. I suggested FortiNAC. The switch with the customer was Cisco and it was not integrated with Cisco. We tried to provide him with a FortiSwitch as the core switch and the solution worked. It's working, however, not the expected way for the customer. The issue is it just doesn't integrate with Cisco switches. 

They need to change or upgrade the technology in the product.

The solution is not stable.

We have not been able to scale the product.

It's very hard to set up.

The solution is not stable. We've had some issues with the performance. It hasn't gone well. 

The product does not scale. 

The technical support is not the greatest. Some of the people need more training in the product. They aren't very helpful. 

The technical team from Fortinet, they are working with us. They have supported us. However, the problem is they don't have the knowledge on this product. This is the problem. The support team is good and is the best support team in all the products I work on it. However, the problem is they don't have knowledge about the FortiNAC. 

Neutral

It's not easy to set up. In terms of the ease of setup, I'd rate it at a one out of five. It's very difficult. 

I'd rate the pricing at a three out of five. It was not expensive, however, it is also not cheap. 

I've also looked at HP and compared the two solutions. HP is less expensive, however, it's not a huge difference. We're talking maybe a 1% to 2% difference in price if you compare them. A customer will pay more for HP if they do a POC. 

We are a partner and reseller of Fortinet solutions.

We did not have good luck with this product. It didn't work for my client. Maybe it works in other setups better, however, for us, it just was a disaster. 

I'd rate the product at a three out of ten.

I was a distributor and system integrator of FortiNAC. We were opening a lot of tickets and there were lots of bugs, so I replaced it with Forescout very easily. Within two days, I replaced everything. With FortiNAC, I was just doing the implementation, making things work properly, and beginning testing after five days.

FortiNAC is deployed on-prem. They're not major enough to be on cloud. Even on-prem is not doing good.

Version 9.1 has been an improvement on previous versions. It's a good solution for SMB.

Any NAC solution has three to four phases. The first phase is discovery and classification. They do discovery, but they are lacking a lot of features in terms of classification. Also, they don't do a lot of classifications. They cannot help you if, for example, you're classifying Windows, and you want to check which Windows version it is, like Windows 7, Windows 8, Windows 10. It's a little bit difficult. It's not easy like the other products. 

Classifications and visibility need to be improved a lot. They have to start work on being agentless. Agentless means they need to have strong integration with Windows. They need to use the RTC. They cannot force people to have an agent for people who are going to the domain. There needs to be compatibility with switches. For any NAC solution, all the inputs will be through switches. So if it is not compatible with switches, this is a big disaster. When I was doing their switches, there were a lot of customers whose switches were not compatible with FortiNAC.

If these things are well-designed, then they can compete in the NAC market. And also in terms of IOT, they cannot discover the IOT things perfectly or the OT, operation technology, things.

In terms of HA, they're having a lot of problems. You just need to put the HA between two clients, and you have a lot of problems. There are problems with the classifications. In terms of control, they're not doing well. They cannot do integration with SCCM, for example. They have a lot of things missing.

I started using FortiNAC since Fortinet bought it in 2018. They bought it with Bradford, and I was one of the few people in Saudi who knows FortiNAC. I have known FortiNAC since it was 7.2, and there were a lot of bugs. Even now, 8 has a lot of bugs.

Now they have jumped to 9.1 and 9.2. I used version 9.1.2. They just changed the dashboard, but it's still agent based. I deeply know what FortiNAC is doing, and it's not doing good. I used to work with them, and then I left. Now, I'm purely working with Forescout technology.

It's not a stable solution. If you want to do the HA, suddenly both appliances will be gone. Both FortiNAC and Forescout are being built on CentOS Linux. Doing HA with FortiNAC, which should be very simple, is just a disaster. I know three customers who are complaining.

I have switched to Forescout because in regards to technology, application, visibility, and control, Forescout is unbelievable. Forescout is a great platform for OT things.

I would rate this solution 5 out of 10. 

It's a difficult solution. I used to be the FortiNAC guy, so I will be tough on them. In Saudi, I was the number three FortiNAC guy.

I can recommend FortiNAC for SMBs: small and medium businesses, but they will still suffer. I would recommend Forescout more.

I use the tool to maintain strict network control. It blocks suspicious connections and only allows specified access. You can control it through MAC addressing. It's all about managing the network so it's not accessible to any unauthorized user or machine.

What I like best about Fortinet FortiNAC's solution is its strong security measures. They're very strong compared to other firewalls. It has good threat detection and strong protection features.

The tool is effective because it won't give access to any unregistered equipment. If a laptop isn't registered, it can't just plug in and get access. It blocks any unregistered company or network device.

I haven't personally used the AI capabilities, but I know they're used in the security risk process. In threat detection, AI can automate incident management and handle suspicious cases automatically.

The solution needs to improve its AI capabilities. 

I have been using the product for one year. 

So far, we haven't had any stability or performance issues. It's been stable.

The solution is scalable and my company has 50 endpoints. 

The initial setup process wasn't too difficult. It's been okay so far, though there might be ways to make it a bit easier. 

During implementation, we faced some minor issues, like trying to get firmware when there was no internet, but nothing I'd call a real problem.

When deploying Fortinet FortiNAC, we first register the budget and understand the client's design. This matters because we need to know what the client wants to protect and where exactly. The scope comes from the design.

For the deployment I was involved in, we only needed two people. It didn't require a big team. The deployment took less than 30 minutes, which was very fast.

Maintenance is pretty normal. There haven't been any specific maintenance requirements beyond normal admin activities.

I would recommend the solution to others and rate it a nine out of ten.