Fortinet FortiAuthenticator Reviews

We are using FortiAuthenticator for authentication to connect to our network, either through some software or VPN or SSL or CyberArk, anything.

Samuel is good. We are using Samuel. Also, the good thing is that it's easy to use, and the logs are very precise.

There is a room for improvement. The log is a bit difficult to access, and searching the log codes is also a bit difficult. So it would be much better if, when we open a log, it could provide detailed information about errors, reasons for failure, and such.

We have been using this solution for approximately one and a half years.

It is very stable. We have never had any issues with this solution.

I would rate the scalability an eight out of ten. Some improvements, but it's on our end as well because we are still using the older variant. 

We have around five to seven end users using this solution.

The customer service and support are awesome for FortiAuthenticator.

I've been using Fortinet for the last eight or nine years. So, for other professional solutions from Fortinet, the support is not so good. You have to open a case as usual, and some technical contact will get in touch with you if they're available. If not, we have to call a toll-free number manually, and they will connect us to an available agent who will check our case and then escalate it. For normal issues with no business impact, it's okay to wait for two or three hours, no problem. But in critical situations, it's challenging to reach them.

Positive

The initial setup is simple. It's not that difficult. You have to know the functionality of FortiProtect, the requirements, and it depends on your network. It's not that difficult to implement.

We have VMs and devices. But mostly, we are moving to VMs.

We design and then, Fortinet team will implement.

I would rate the pricing a four out of ten, where one is cheap, and ten is expensive. It is not that costly. It is cheap, easy to manage, easy to install, and easy to configure. 

We evaluated Palo Alto. It's easy to use, offers a lot of features in one box, and it's cost-effective. And the support is very good.

Overall, I would rate the solution an eight out of ten. 

We primarily use the solution to gain VPN access to the main client site. 

The authentification for the VPN is quite useful.

It is easy to set up.

The product is stable and reliable. 

The solution is reasonably priced.

Technical support has proven to be helpful. 

We had issues trying to integrate the keys properly during the initial setup.

We have only used the solution for about a year or so. We haven't used it for too long just yet.

I have no complaints in relation to the stability. It's reliable. There are no bugs or glitches. It doesn't crash or freeze. 

We only have around 20 users. Our use case isn't very big. Therefore, we haven't really needed to scale so much. 

We haven't used technical support yet, aside from the migration issue. They were fine. They were able to help us. 

The implementation process is simple and straightforward. It's not overly complex. 

It was deployed in about four hours or so. It doesn't take too long. However, we had many issues when we upgraded the equipment. The keys were not integrated properly and therefore it wasn't completely simple to manage.

We had one engineer handling the deployment. 

I haven't looked into if we have seen any ROI just yet.

The licensing costs are reasonable. It's not overly expensive. We pay either by the number of users or for a certain number of users that fall under a specific licensing tier. 

I'd rate the solution eight out of ten. We've been pretty happy with its capabilities overall. This is a very important product if a company wants to use a VPN. It's great for clients that already use Fortinet products. 

We use this solution for two-factor authentication of most of our services. It includes VPN but also many other services that we have on our internet servers. We use the on-premise version because we also want it integrated into our in-house applications. We are customers of Fortinet and I'm a systems administrator. 

Security is such a big issue these days, a password alone is no longer enough for securing identity. In that sense, providing a second layer of authentication for users gives the company some level of comfort. 

I think the ease of deployment is a valuable feature. I like that the interface is intuitive and that natively and easily, it integrates with radios, ILDAP, fan mail, and with any applications supporting those protocols

I'd say that the integration with some other enterprise applications could be improved. For instance, ADFS. FortiAuthenticator does not work natively with ADFS and the company is not looking in that direction. It's one of our in-house applications and it was a challenge integrating with FortiAuthenticator. We had to write a separate, customized adapter for ADFS before we could make it work. We tried to get Fortinet to work on it but I don't think their development team is interested. It's not in their plan. The other challenge was when I integrated with I think VMware - there was an issue between the radio adapter and FortiAuthenticator. Both parties were not ready to work together and the implementation was buggy. 

I believe this solution can be adapted to so many things, depending on the technical side and the implementation engineers. I'd like to see some additional use cases that can be infused into the solution, such as ADFS.

I've been using this solution for two years. 

I haven't had any issues with stability. 

It's a very scalable solution. They now have the option of deployment as a VM, and then they have the hardware. I believe we use the 1000D for the hardware - it's able to support up to 10,000 users. You license the appliance based on the number of users and if you need to add more, you buy additional licenses. Almost everybody in the company uses it and I'd say we've had a total of around 4,000 users.

The technical support is mid-range It's not your wow kind of support but they do have levels of support. The support is in connectivity with their clients and it has to be renewed every year. You might do better if you go through their partners or something similar. They're not really there when it comes to support.

We used RSA SecurID before Fortinet. We switched because of the high costs associated with RSA. I believe that with RSA you need to pay a token license every three years but with Fortinet, once you buy it, you own it. Even if a token is lost, you can always reposition the token and that will not come at any extra cost. It's cost-effective for us. We also have several channels we can use for authentication with FortiAuthenticator. With RSA, users are stuck with either carrying the dongle, the hardware token, or maybe having the mobile application token on their phone. With Fortinet you can decide whether to use a hardware token, soft token, email token, push notification, or SMS. It gives us flexibility and comfort.

Initial setup was pretty straightforward. We were up and running within three days. I carried out the deployment. 

The license is a one-off payment. 

Every environment is obviously different so each user needs to know what they are looking for, and make a decision based on that. This is a cost effective and flexible solution. If a company is looking to use it on their server, it's important to look at the integration channels and your environment, the support. It's important to know that the channels are supported. 

I would rate this solution a seven out of 10. 

I am a solution architect and my company works purely for Fortinet, implementing all versions on a daily basis, so we're not end-users. The company is an exclusive distributor implementing the product.

The primary use case of the product is usually for multifactor authentication using two-factor authentication with tokens. Sometimes people require two factors with a token. Sometimes they need the latest POC. I do a proof of concept for windows login. They need the agent who authenticates with SMS, token or email.

Usually, I do an integration with the firewall. I would prefer to do it with FortiGate, but sometimes I need to integrate as a radius client and it depends on which firewall. I prefer FortiGate. Sometimes they'll need to add an SMS as the second factor of the two-factor authentication. But usually, we do it as an unarmed radius FortiGate, or firewall would be for a radius client and radius server. Sometimes clients will ask whether we have integration with a social portal like Facebook, but we don't. 

There aren't any major features that I think should be improved. I like this product. As a multifactor authentication, we have the SAML function. If you compare it with RSA or Gemalto, it does a good job. I'm able to perform multifactor authentication in different ways via emails, SMS, it's a great product. For someone concerned with multifactor authentication, I'm satisfied with the product.

There aren't any major additional features they could include in the next release but the one thing they used to include was the SMS gateway from the ISP. Fortinet used to sell that but they don't anymore and I think it would be helpful for end-users if they brought it back. I would recommend that. People are asking for it because they don't like having to rent it from their mobile provider. 

The product is very stable. I love it. 

I think it's a scalable product. I haven't compared it to the competitors but it's scalable. 

Part of the reason it's such a good product is that I don't recall ever needing to call for technical support. 

Initial setup and configuration are very straightforward. From a technical perspective, you need to know where to do the PDS but if you have a technical background it should be very straightforward. I just bring the VM or the trial license and I start to do the POC, usually with the VM.

Initial setup and deployment sometimes need integration with FortiGate, and sometimes via the captive portal. It takes a maximum of an hour, but it also depends on the end-user and what they need to be integrated into the system, like features such as SMS gateway parameters. 

I think the setup cost is reasonable, and we don't need to renew the license. Sometimes there are extra costs for the VM. Our main competitors are RSA and Gemalto, and the Fortinet prices are very competitive relative to their prices. 

As a distributor of Fortinet, I would suggest people give this product a little bit of focus. I mean we can do well on this product if we concentrate on it. People don't know about the two-factor authentication and that it's easy and straightforward. We also include some features for free but I suggest that people using Fortinet just focus on this product. FortiAuthenticator has created a straightforward easy-to-use product.  

I would rate it a nine out of ten. Not a ten because nothing is perfect. 

Standards-based secure authentication

FortiAuthenticator centralizes the management and storage of user identity information, thereby increasing the efficiency of administration and increasing the control over who accesses the network.

• Two-factor authentication using tokens

1- OATH-compatible time-based tokens (Hardware tokens FortiToken200/FortiToken220)
2- USB certificate-based tokens FortiToken-300)
3- FortiToken Mobile for Android, iOS, and Windows Mobile
4- SMS and email tokens

• Wired/Wireless authentication using the 802. 1X standard
• Certificate management
• Captive portal guest management
• Fortinet Single Sign-On

Central management of user Identities and access

FortiAuthenticator extends two-factor authentication to multiple FortiGate appliances and to third-party solutions that support RADIUS or LDAP authentication

FortiAuthenticator can create, sign, and revoke X.509 certificates.

FortiAuthenticator can sign user certificate signing requests (CSRs) and distribute certificate revocation lists (CRLs) and CA certificates.

FortiAuthenticator verifies the identity of the external LDAP server by using a trusted CA certificate

FortiAuthenticator has expanded the capabilities of captive portal from credential authentication to include social WiFi authentication and MAC address authentication.

Social WiFi authentication allows FortiAuthenticator to utilize third-party user identity methods to authenticate users into a wireless guest network. Supported authentication methods include:Google+, Facebook, LinkedIn, Twitter which include SMS- and email-based authentication

Fortinet Single Sign-on (FSSO) enables FortiAuthenticator to leverage the existing network authentication systems for firewall authentication. (Windows Active Directory (AD) or Novell eDirectory)

1- Integration with different vendor firewalls (I tested only with Cisco using Cisco ASDM 6.3 (5) but i am not sure if it works with other vendor solutions)

2- A lot of configurations are available only from CLI

3- Documentation/videos for different implementation scenarios

1 year

It is very stable.

VM platfroms are scalable based on the business needs.

10/10

9/10

We used FortiGate to manage tokens and user identities but FortiAuthenticater includes more features.

All Fortinet solutions are easy to implement.

The valuable features are:

• Two-factor authentication
• User ID with our LDAP service
• Integration with our other FortiGates

By using one of our units as a load-balancing slave, we were able to roll out location-based VPNs that created quicker connections to local servers for our end users. Furthermore, incorporating a LBS unit has provided preventative measures and ensured that our remote users can still connect if a failure occurs on our master authentication unit.

It was initially difficult to sync our high availability, load-balancing slave (LBS) to our master unit. There were some initial issues connecting it and syncing with our master FortiAuthenticator unit. After reaching out to Fortinet support, it turned out that the unit needed a software update.

I would like to see the following:

• Creating an easier implementation of software patches.
• Designing the admin profiles to sync across, instead of having to recreate them. (I see how this could be problematic with security measures.)

We've been using our master unit for about a year and our LBS for about six months.

We had some stability issues. Our first LBS unit wouldn't work properly the first time and that wasted a lot of time. Eventually, it died and we had to RMA the unit.

We didn't have any issues with scalability.

The technical support we received from Fortinet was responsive. When we experienced problems, they were able to fix our issues.

Before implementing our FortiAuthenticators, we used our main FortiGate as a way to push out two-factor codes to our users. After a while, this option was not working. As we continued to grow, we needed something more substantial and manageable.

The initial setup was somewhat difficult in syncing our LDAP service to our main FortiGate.

Before using the FortiAuthenticator, we pushed out tokens via our main FortiGate.

If you want a more efficient way to manage two-factor authentication for your users, or implement the unit as a cluster member role, the FortiAuthenticator can be incorporated very well into your environment.

Our primary use case for Fortinet FortiAuthenticator is, first of all, as a two-factor VPN for enhanced access security. We use this product to provide secure access for all of our employees. 

Our other use cases have to do with using FortiAuthenticator for other security projects which includes things like access to some important web applications. 

One of the things I find most valuable in FortiAuthenticator is the detail in the logs. The log features are very good and the detail makes it easier to control what happens in the environment. 

Another valuable feature is that it is an on-premise solution. Because of some regulations, we can not use this particular type of product for security on cloud. We chose FortiAuthenticator because it is an on-premise solution. 

There is nothing that really stands out as something that needs desperately to be added or improved. We are using Fortinet all the time, we know their GUIs, so we can manage well with FortiAuthenticator also. 

The main problem now is not exactly with the product itself. We are using FortiAnalyzers. But when we use that product with FortiAuthenicators, we can not use SQL language to access data from the FortiAnalyzers database. When we use it with FortiGate, we can query the FortiAnalyzers database, but it is not possible to do it directly with the FortiAuthenicators. This integration should be better. 

We have not really faced any problems with stability up until this point. The product has not given us any reason to question the stability. 

We have not needed to use the Fortinet technical support up until now. I do not know about it firsthand. The product is very easy-to-use and someone can easily manage working with it, so we do not need any support. We do have the support contract, but we have not used it at all. 

The initial setup was not complex at all. It is actually very easy. 

I think FortiAuthenticator is more expensive than other products like Cisco Duo. It could be more competitively priced. 

We want to use high-availability in our products, so we need to get a higher grade and more expensive license for that purpose. 

On a scale from one to ten where one is the worst and ten is the best, I would rate Authenticator as about a seven-point-five. If it has to be seven or eight, I would choose eight. 

I have not used many products in that category with our site, but we can do what we want and need to do with that product. 

I use Fortinet FortiAuthenticator to access VPN. Fortinet FortiAuthenticator is an easy-to-use solution.

I would like to see some email options for Fortinet FortiAuthenticator.

I have been using Fortinet FortiAuthenticator for one year.

I rate Fortinet FortiAuthenticator an eight out of ten for stability.

Around 200 users use Fortinet FortiAuthenticator.

I rate Fortinet FortiAuthenticator an eight out of ten for scalability.

Fortinet FortiAuthenticator’s initial setup is simple.

Overall, I rate Fortinet FortiAuthenticator an eight out of ten.