Fortinet FortiNAC Reviews

I use FortiNAC to limit access to our network; it's our firewall. We are customers of Fortinet and I'm a technical manager. 

The solution provides good performance, is easy to use and easy to configure.

The technical support could improve; the response time is quite slow. 

I've been using this solution for two years. 

The solution is stable. 

The solution is scalable, we have 100 users. 

Customer support could be improved as their response times can be quite slow. 

We pay an annual licensing fee; this is quite an expensive solution. 

I rate this solution seven out of 10. 

The primary use case is for the visibility of the entire network architecture. It provides visibility to the switches, and routers to see the domain users, contractors, and guest users. It provides network access control, to be able to tell what endpoints are running on the machine, and what windows updates are on the machine. It is also used for cyber threat control.

The most valuable feature of the solution is having visibility over the IoT devices on the network. It allows the organization to see all the machines on the network, who is accessing what at which time, and what they are doing.

When you compare the solution to other NAC solutions like ISE and Portnox, you realize that it is not able to work as a single sign-on device. You need to use it with FortiAuthenticator. If you want to use certificate management, and two-factor authentication, you have to buy a FortiAnalyzer, which is different from ISE. I would like to see these features included with the solution.

The reporting can also use improvement. 

I have been using the solution for three years.

The latest version of the solution is stable.

The scalability is good. You can control as many users as you want.

The support is useful. They are usually able to log on and resolve the issues.

Neutral

The initial setup is straightforward on VMware, but it gets complex if you try to set up for example on Hypervisor. You need to have advanced knowledge to have a successful setup.

We implement the solution for other clients.

I rate the solution a seven out of ten.

If the deployment is strictly on a wired network it takes about a week however, if it is primarily on a wireless network it can take about three weeks.

Maintaining the solution is easy. The only area that may require additional support is if there is a large number of new guest users on the network. That requires admin approval for each user individually and takes time.

I would say it is a good solution, especially if you have IOT onboarding with a sponsor. You will be able to manage your users in a seamless way.

The customer required centralizing control to control access, detection, and network control. He requested processing a simple management point, the access, the devices, and distribution, and wanted to manage all the customer devices. He had a history of working with FortiNAC devices and wanted us to do the same. So I installed the product to understand it. 

The features are more expandable. 

The interface works fine, but it could be better.

It was for a one-time product solution for a customer for about one year, and I'm still maintaining it. So far, we've had one client for it.

The solution is stable.

The product is scalable.

We never had to use customer service or support, so it expired.

Neutral

It was easy to set up the product. 

I would rate this solution seven out of ten.

It is mainly used when we integrate the solution with Fortinet firewalling, sandboxing, and the security fabric of Fortinet. In an all-out implementation where we implement different solutions, FortiNAC is one of the components in the entire ecosystem.

Its deployment is virtualized but on-prem.

The network segmentation is the most important part of the solution. The integration with the Zero Trust Access solution is a crucial part of segmenting your network.

There could be better integration with legacy equipment. It integrates perfectly with all Fortinet solutions, but if you look at other third-party integrations—not on the networking part; but more on the security infrastructure part—it's more limited.

Its stability and scalability can be better. Aruba ClearPass is better in these aspects.

I have used it only in the last few years. I had to do a few propositions. It has been only two or three years since I have been familiar with the FortiNAC solution.

Its stability and scalability are slightly lower than Aruba. I have a personal preference for Aruba ClearPass, so I would rate FortiNAC a seven out of 10 in these aspects.

We have internal support, so I don't have any issues with it.

It is pretty easy and straightforward. A default implementation can take two days. It is not that complex, but it also depends on the use cases that you have for the FortiNAC solution. So, it can be a really simple implementation, but it can also be months of implementation depending on the use case.

I would advise really considering the use cases that you want to implement. That's because Fortinet has multiple license models. There are Base, Plus, and Pro licenses, and depending on the license model, you have more possibilities for integration. If you want to implement something like a premium device or guest management, you can't take the Base model. You have to directly go to the Plus model or even Pro. Similarly, if you want incident correlations and incident management, you have to go to the higher license version. So, you must consider all the use cases that you want to implement before you make a decision so that you take the correct version.

I would rate it a seven out of 10.

I was a distributor and system integrator of FortiNAC. We were opening a lot of tickets and there were lots of bugs, so I replaced it with Forescout very easily. Within two days, I replaced everything. With FortiNAC, I was just doing the implementation, making things work properly, and beginning testing after five days.

FortiNAC is deployed on-prem. They're not major enough to be on cloud. Even on-prem is not doing good.

Version 9.1 has been an improvement on previous versions. It's a good solution for SMB.

Any NAC solution has three to four phases. The first phase is discovery and classification. They do discovery, but they are lacking a lot of features in terms of classification. Also, they don't do a lot of classifications. They cannot help you if, for example, you're classifying Windows, and you want to check which Windows version it is, like Windows 7, Windows 8, Windows 10. It's a little bit difficult. It's not easy like the other products. 

Classifications and visibility need to be improved a lot. They have to start work on being agentless. Agentless means they need to have strong integration with Windows. They need to use the RTC. They cannot force people to have an agent for people who are going to the domain. There needs to be compatibility with switches. For any NAC solution, all the inputs will be through switches. So if it is not compatible with switches, this is a big disaster. When I was doing their switches, there were a lot of customers whose switches were not compatible with FortiNAC.

If these things are well-designed, then they can compete in the NAC market. And also in terms of IOT, they cannot discover the IOT things perfectly or the OT, operation technology, things.

In terms of HA, they're having a lot of problems. You just need to put the HA between two clients, and you have a lot of problems. There are problems with the classifications. In terms of control, they're not doing well. They cannot do integration with SCCM, for example. They have a lot of things missing.

I started using FortiNAC since Fortinet bought it in 2018. They bought it with Bradford, and I was one of the few people in Saudi who knows FortiNAC. I have known FortiNAC since it was 7.2, and there were a lot of bugs. Even now, 8 has a lot of bugs.

Now they have jumped to 9.1 and 9.2. I used version 9.1.2. They just changed the dashboard, but it's still agent based. I deeply know what FortiNAC is doing, and it's not doing good. I used to work with them, and then I left. Now, I'm purely working with Forescout technology.

It's not a stable solution. If you want to do the HA, suddenly both appliances will be gone. Both FortiNAC and Forescout are being built on CentOS Linux. Doing HA with FortiNAC, which should be very simple, is just a disaster. I know three customers who are complaining.

I have switched to Forescout because in regards to technology, application, visibility, and control, Forescout is unbelievable. Forescout is a great platform for OT things.

I would rate this solution 5 out of 10. 

It's a difficult solution. I used to be the FortiNAC guy, so I will be tough on them. In Saudi, I was the number three FortiNAC guy.

I can recommend FortiNAC for SMBs: small and medium businesses, but they will still suffer. I would recommend Forescout more.

We installed Fortinet FortiNAC in a large company in a VM environment. They have a lot of end-users and complex user account needs. For example, some of the VIPs and different guests all need different access permissions and some of them are connected through the Active Directory credentials which we have to have a portal page for them to gain access. 

Another layer of complexity is different users are receiving accounts from many departments. For example, the customer's IT department gives them access and they send the credentials to the guest by email. The IT department can limit their account in different ways, such as only allowing the account access for a period of time.

Fortinet FortiNAC has good user account customization. 

We can change the logo for the portals to meet the customer's needs. The portal default language is English but it supports all languages, such as Turkish. The portal can be optimized very easily. 

Device profiling is a good feature, we can block devices, such as iOS or Android.

Endpoint compliance is a great feature that allows us to restrict and quarantine devices. For example, if a device is not using the latest version of an operating system or antivirus program we can detect it and prohibit their access. If certain conditions are met with the customer's policies, we can let them have access. Otherwise, our endpoints compliance rules block or quarantine their devices on the network.

Integration is hard in Fortinet FortiNAC, but they are evolving and getting better. For example, with Cisco, Aruba, Huawei, and Extreme devices, Fortinet FortiNAC is working properly, but some other devices have problems.

I have been using Fortinet FortiNAC for a couple of months.

The solution is stable.

Fortinet FortiNAC can extend your existing network. For example, if you have to put another switch, access point, or another networking device to complete the site we can with one or two clicks add these devices and the same rules and policies. It is highly scalable and can extend your infrastructure.

We currently have two customers using Fortinet FortiNAC

The installation is not straightforward, it can be hard.  The documentation should be better in explaining to process in more detail. The installation requires too much experience and knowledge about network infrastructure. It's not easy, you have to be an expert.

The difficulty level of the installation and time depends on many factors. For example, one of our customer's installations was simple because they only had to block one site and only had one hardware vendor, such as Cisco. 

Our second installation was more difficult because the customer had many different hardware vendors, such as Cisco, Huawei, Aruba, and Extreme as part of their infrastructure. This requires configuring different settings on every device, it can be complicated. This can take a lot of time.

We do the implementation and the amount of staff needed depends on the size of the infrastructure and hardware vendors involved. If it is a smaller environment with a single vendor then the process could take two to three days.

If the customer size is very large and they are using the different sites and cities, and many different network infrastructures, the implementation would take time and you would have to manage everything well. When you have a complex network, it can take approximately15 days to implement. The number of vendors they're working with can increase the implementation time duration. If companies only have one vendor, it's easy, but two or three different vendor integration is a little bit harder and takes time. 

Customer's needs are very important, because some customers, only want that 1x configuration. However, other customers want 1x configuration, custom portal pages, and many endpoint compliance rules. The more features the more time it will take.

The price of the license required is based on how many users are going to be using the solution. If you want more users you can upgrade your license.

I have evaluated other NAC solutions.

I would recommend Fortinet FortiNAC to others because we did evaluate other NAC solutions and this solution is very good compared to the others. The best benefit of Fortinet FortiNAC is the stability and it can work with other vendors. Some NAC products only work with their products and do not support other vendors.

The major benefit I have found is that this solution can work with other products. A customer typically has more than one vendor, such as access points, printers, and other network products. A lot of the other vendors only are working with their products. It's very important for me that Fortinet FortiNAC can work with the other vendors properly and can integrate easily. When I check the Fortinet website, it shows every vendor's details with an explanation about the integration of the Fortinet FortiNAC. For example, you can find out how to integrate the Fortinet FortiNAC with the Cisco wireless controller. I can find the documents, turn to the pages and find all the information I need. I can find it very easily.

I rate Fortinet FortiNAC a nine out of ten.

I was certified in FortiNAC (Part of Fortinet-NSE6) last year and I've personally implemented FortiNAC in three organizations. We work as a team with people who have expertise in different areas and Vendors and have exposure to different infrastructures.

FortiNAC scans your network to discover every user, application, and device (IOT), With up to 18 different techniques, it can then profile each element based on observed characteristics and responses for granular visibility - We then apply state-based control(eth0 VLAN switching) and Policy based control rules for access control and response.

Anyone (Domain users, Contractors, guests, etc) wanting to connect to the network has to be accessed by the NAC. Users come in at different times and some may be working from branches or home through a VPN and they will be authenticated in the same way with different privileges on the Network.

So it has to run 24/7. It's authenticating users all the time. We are gold partners with FortiNac. 

There are quite a number of things that are valuable about this solution. Having dealt with Cisco ISE, I realize that FortiNAC is different in a way that gives you granular visibility of the entire network infrastructure related to IOT devices (Who, What, When, Which information). It's helpful that you can know what's going on from your phone, your tablet, and from home. The solution provides containment, reporting and security event-alarm mapping and saves log and carries out further analysis for cyber thefts. It really is a good solution.

I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via FSSO or Certificate management he has to have a persistent agent.

The admin UI is not that good. It could be better matched and more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a FortiAuthenticator to build it.

The other thing would probably be the visibility granular. For example, when I have a user at a particular branch, I can't tell what SSIDs they are connected to. I only have the IP addresses so if the wireless controller is integrated with FortiNAc, you're going to realize that you won't be able to know whether a particular person is connected, that an AP is connected to a particular SSID, is connected to. . .  etc. It only gives you the IP addresses, Host names, etc. That has to be improved and am sure it will be in the next build version. 

Additional features, would be an agentless link and adopters - online, offline adopters - it picks the IP's, the host names, the layer 3 information, layer 2 information, what's connected. And also to give different privileges, best rule privileges to users. 

VLAN Interswitching (state based controls) could be quicker when doing the process flow from different sorts of authentication. When it comes to guests or contractors, you don't want to use a dissolvable agents. It dissolves in the process of downloading, but it takes longer and that could be improved.

I've been using the solution for a year and a half. 

FortiNAC is Pretty stable. We initially had a couple of troubleshooting issues in the deployments but we worked them out and it's fine now and has pretty good Visibility across the Network for every device, application and user, extend Control of the Network to third-party products and automated responsiveness.

You won't find so many NAC solutions like it. I mean it's granular, you will see a lot that you need to ask. It will give you all the controls you need and it has event alarm mapping, - I mean "you can't control what you can't see"

It is very scalable, you can have as many features and access points as you want. as you have. It depends on the licenses, but you can have as many IoT devices (Switches, routers, Firewals, WLC, etc) as you want and as many features as you want. You can have visibility to all the ports of the switches on the NAC, you can easily see  Who, What, When, Which information then control and respond

Technical support is good. You create a ticket and within that ticket you explain what challenges you're facing. They assign you an engineer who'll help solve the issue. It's pretty easy and straight forward and they're always there to help. 

Initial setup is pretty easy. If you're doing a VM setup, you do the registration on the Fortinet portal, and then you set the IP addresses. I think it's pretty good when you're implementing it the first time, it's very easy but when you get to tests, which are the UAT's, you're most likely to have a few issues that you need to be aware of.

Deployment time depends on the kind of customer. For example, the current implementation I'm doing has an assessing vendor. 90% of the network is wireless and 10% is cabled in network. They have more than 80 access features, more than 80 routers, and two wireless controllers. They have a number of databases and different firewalls - to use that fountain it slows things down. You're also dealing with Domain users, contractors and Guests in different locations. Obviously this will take more time than a project with less infrastructure devices. It really depends on the nature of the infrastructure.

There is a base license level which pretty much gives you topologies and groupings automation/control, etc. When it comes to policies, it's only going to give you user host profiling and network access. If you're looking for endpoint compliance, integrations, Incidence response and reporting, then you have to go for an Plus or PRO license.

You need to think about what you need as a company. There are so many government institutions, so many corporate institutions in the world that want to protect their networks. People have different privileges within a network, an instructor cannot have the same privileges as a normal user and the guest. We have guests coming onto our network, contractors coming to work at different times on the network, the main users who are working in different departments and who shouldn't have access to some platforms. When it comes to authentication you need to make sure you're protected from all kinds of threats. You have different products, Vendors and divices that all need to be controlled. If something goes off you need to know where and why. 

I would rate this product a eight out of 10. It's still evolving. 

I use the tool to maintain strict network control. It blocks suspicious connections and only allows specified access. You can control it through MAC addressing. It's all about managing the network so it's not accessible to any unauthorized user or machine.

What I like best about Fortinet FortiNAC's solution is its strong security measures. They're very strong compared to other firewalls. It has good threat detection and strong protection features.

The tool is effective because it won't give access to any unregistered equipment. If a laptop isn't registered, it can't just plug in and get access. It blocks any unregistered company or network device.

I haven't personally used the AI capabilities, but I know they're used in the security risk process. In threat detection, AI can automate incident management and handle suspicious cases automatically.

The solution needs to improve its AI capabilities. 

I have been using the product for one year. 

So far, we haven't had any stability or performance issues. It's been stable.

The solution is scalable and my company has 50 endpoints. 

The initial setup process wasn't too difficult. It's been okay so far, though there might be ways to make it a bit easier. 

During implementation, we faced some minor issues, like trying to get firmware when there was no internet, but nothing I'd call a real problem.

When deploying Fortinet FortiNAC, we first register the budget and understand the client's design. This matters because we need to know what the client wants to protect and where exactly. The scope comes from the design.

For the deployment I was involved in, we only needed two people. It didn't require a big team. The deployment took less than 30 minutes, which was very fast.

Maintenance is pretty normal. There haven't been any specific maintenance requirements beyond normal admin activities.

I would recommend the solution to others and rate it a nine out of ten.