Fortinet FortiAuthenticator Reviews

The solution is really important to ensure double authentication for the user. For example, if you have an internal messenger and you want to ensure the access externally for users, you can implement the two-factor authentication. Also, for the VPN, you can implement two-factor authentication to avoid any kind of hacks.

If you want some other FortiAuthenticator from one site to another site, you should have requirements, but really if you have authentication and directory or another solution, you should change the password of the authenticator between the solution and the directory and other things. So the transfer of data and other information should be simpler.

In the future, I think h02.exe is very important to authenticate users internally. To economically move the person from vnom to vnom. Also, the ESO to ensure the authentication of users should be a bit more automated.

In my opinion and my experience, I didn't have any problem with the solution, just the requirements for other solutions that we should integrate with it. I think the solution is easily implemented, and, in my opinion, there is no problem with this solution. Just a bit of correction is needed, and that's it.

My impression is that the solution is good and I like it and I would work with it for another project and increase my skill on the solution.

I have worked with them, so I like the technical support of Fortinet. I would give them a good mark.

The initial setup is so easy and there is no problem in the implementation. We can implement it easily in a different kind of infrastructure.

I started working on FortiAuthenticator from last year. I have had a chance to deploy many, many projects on FortiAuthenticator. I deploy 10 next-gen projects on FortiAuthenticator. I deploy many defensive scenarios. Also, I have good experience with large products.

You should make sure to implement the requirements via experts like me, so you can implement the product carefully. In that way, you can use it clearly in a simplified manner.

For FortiAuthentication, it's a good price in comparison to any other competitor. Other products are so expensive, and the features are the same. There might be a bit of difference between the two products, but if you want just double authentication and some other features, I think I recommend the FortiAuthenticator, and it is low cost and has other defenses.

In my opinion, I recommend the solution. You can also use it for other things like h02.exe for authentication of users. Also for ESO. There are five things you can use it for, so I recommend the product. The low cost is very important for any customer.

I would rate this solution eight out of 10.

The valuable features are the granularity of the security settings and the relative ease of adding users. It also makes it really nice and easy to remove access from users that have left us or who are doing things they shouldn’t be doing.

It made things much easier for dealing with users BYOD for our secured wireless networks. We also use this in conjunction with an MDM solution. It makes a nice package that is easy for our end-users and is very secure.

The interface is a bit misleading in areas. Finding some settings can be a bit confusing and difficult. I would also like to see a few more real world examples given in the setup section.

We have used this solution for one and a half years.

We did not have any stability issues. This runs on our VMware environment and we have never had an issue with stability.

As this is a virtual device, we had no scalability issues. If we need more users, we just add more licenses. This makes it nice as there is no physical appliance to outgrow.

Configuration of the virtual device was very straightforward.

The configuration of the settings in the authenticator was a bit more confusing. We did have to contact support a few times to work through some configuration issues. They also helped us set up some configurations for the active directory and our local certificate servers.

The price was very reasonable given what it can do.  Licensing was also very reasonable.

Just make sure you do an accurate count of what you will need for licenses. If you run out of licenses, no additional users will be able to authenticate through this device.

Planning is the key to a successful implementation. Know what you want to accomplish out of the gate before you get started. Make sure you test before rolling out to end users. Due to really tight timelines, we missed a couple of key settings and configurations.

We implement FortiAuthenticator in situations where there are multiple Active Directory domains. Other use cases include:

• When we need to use FortiClient to keep track of users as they move around different locations where normal FSSO would have issues
• When we need to use one FortiToken for multiple Fortigates
• When we want to use it as a domain controller.

The FortiAuthenticator can do many things.

It keeps track of users and their IPs no matter where they are in the network. When users roam, we don't have to worry about not mapping them to an IP.

Valuable features include the robust SSO features, when you have more complicated authentication within an organization. We can mix AD, Radius, Portal, SSO Portals (Google, etc.), and build our own environment. It is very flexible.

The GUI is on the older side but I'm sure that it will be upgraded soon. It works, but it looks a little dated.

Fortinet FortiAuthenticator is being used in our clients' companies. These companies are medium to enterprise level.

The feature that I have found most valuable is the fact that you can utilize your tokens across the whole Fortinet fabric once you have the FortiAuthenticator. You can use FortiAuthenticator to provide two-factor authentication among all your network devices as long as they support the RADIUS protocol. Even for servers, especially Windows OS-based servers.

If you have any products that support RADIUS, you will be able to use the two-factor authentication. You can integrate them with the FortiAuthenticator and you can make use of the 2FA token among all our network devices, not just the Fortinet ones.

So far there hasn't been any major feature that we wished for and didn't find, but I would say in regards to bugs, sometimes we face unexpected issues that delay the implementation a little. However, I believe Fortinet will sort this out soon. Hopefully the solution will be more stable overall.

In terms of what additional features we would like to see in the next release, we would to see support for more of the common operating systems. They already support Windows OS, with the use of an agent installed on the windows machine.

However, we would like to see support for Linux-based operating systems for example. This is a shortcoming that I have faced a few times already.
Also a nice addition would be agents for End-user Machines especially Windows OS & MAC OS. 

We've done quite few deployments of Fortinet FortiAuthenticator over the last one and a half years.

Some bugs that we find we can work around, but usually we open the ticket with Fortinet anyway. This is because sometimes we suspect that we do not have the proper understanding or maybe there is something that we need to get an insight on from the technical support because they have their big databases and can provide us with additional valuable information about our cases. Sometimes we may find a workaround, but if we don't know what happened and why, we open a case anyway to get the full details.

Fortinet support is quite good. Their engineers are experienced and well-trained. Generally speaking, we feel that the technical support is capable and know what they're doing. You don't feel that you're speaking to someone who doesn't understand what the product is, which we face sometimes with other vendors. I would say, generally speaking, we are happy with it.

The initial setup is a valuable point on Fortinet products. Most of the time, putting the theory into practice on the devices is quite friendly and straightforward. As long as you can read through the menus, you can find your way around the solution and make it work. A 10 minute surf through the tabs will give you an idea of what you can do and how to do it. Documentations and guides are also available when needed.

This is a high value point on Fortinet - the way everything is laid out in the web UI is user-friendly and quite straightforward. 

Generally speaking, Fortinet prices are competitive enough. It depends on the markets, but in our market, the price sensitiveness is high, especially now with the current economic situation after the COVID-19. This became something to take into consideration even more. Price is always important, but after such a situation, it's even more so. Customers became even more sensitive to the prices. So, price is another value point for Fortinet.

If two-factor authentication is needed also for the end-devices, for example a endpoints or servers, I think FortiAuthenticator is not yet the most mature solution. However, if it is great for network devices, then this product is competitive enough price-wise and easy to use. It just works.

On a scale from 1 to 10, I would say Fortinet FortiAuthenticator is an 8.

We use this solution for two-factor authentication of most of our services. It includes VPN but also many other services that we have on our internet servers. We use the on-premise version because we also want it integrated into our in-house applications. We are customers of Fortinet and I'm a systems administrator. 

Security is such a big issue these days, a password alone is no longer enough for securing identity. In that sense, providing a second layer of authentication for users gives the company some level of comfort. 

I think the ease of deployment is a valuable feature. I like that the interface is intuitive and that natively and easily, it integrates with radios, ILDAP, fan mail, and with any applications supporting those protocols

I'd say that the integration with some other enterprise applications could be improved. For instance, ADFS. FortiAuthenticator does not work natively with ADFS and the company is not looking in that direction. It's one of our in-house applications and it was a challenge integrating with FortiAuthenticator. We had to write a separate, customized adapter for ADFS before we could make it work. We tried to get Fortinet to work on it but I don't think their development team is interested. It's not in their plan. The other challenge was when I integrated with I think VMware - there was an issue between the radio adapter and FortiAuthenticator. Both parties were not ready to work together and the implementation was buggy. 

I believe this solution can be adapted to so many things, depending on the technical side and the implementation engineers. I'd like to see some additional use cases that can be infused into the solution, such as ADFS.

I've been using this solution for two years. 

I haven't had any issues with stability. 

It's a very scalable solution. They now have the option of deployment as a VM, and then they have the hardware. I believe we use the 1000D for the hardware - it's able to support up to 10,000 users. You license the appliance based on the number of users and if you need to add more, you buy additional licenses. Almost everybody in the company uses it and I'd say we've had a total of around 4,000 users.

The technical support is mid-range It's not your wow kind of support but they do have levels of support. The support is in connectivity with their clients and it has to be renewed every year. You might do better if you go through their partners or something similar. They're not really there when it comes to support.

We used RSA SecurID before Fortinet. We switched because of the high costs associated with RSA. I believe that with RSA you need to pay a token license every three years but with Fortinet, once you buy it, you own it. Even if a token is lost, you can always reposition the token and that will not come at any extra cost. It's cost-effective for us. We also have several channels we can use for authentication with FortiAuthenticator. With RSA, users are stuck with either carrying the dongle, the hardware token, or maybe having the mobile application token on their phone. With Fortinet you can decide whether to use a hardware token, soft token, email token, push notification, or SMS. It gives us flexibility and comfort.

Initial setup was pretty straightforward. We were up and running within three days. I carried out the deployment. 

The license is a one-off payment. 

Every environment is obviously different so each user needs to know what they are looking for, and make a decision based on that. This is a cost effective and flexible solution. If a company is looking to use it on their server, it's important to look at the integration channels and your environment, the support. It's important to know that the channels are supported. 

I would rate this solution a seven out of 10. 

Our primary use case is two-factor authentication, and we use it for a handful of our clients.

FortiAuthenticator is really good software that integrates very well with Fortinet products.

The licensing structure is cost-effective for us compared to some of the other solutions that have recurring monthly costs. We like that it has more one-time costs than the monthly recurring cost per user.

Although two-factor authentication has come a long way, there are a lot of companies that are going further. The reason for this is because people are finding ways to compromise traditional, web-based solutions. I would like to see more ways to authenticate, such as adding facial recognition to the two-factor, where you log into your phone or another device. That would be great.

I have had stability issues with FortiAuthenticator.

As long as you purchase the right amount of licensing, it's scalable.

Generally, the technical support is very good. I know some people that work for Fortinet and we haven't had any issues with getting to the right resources when needed.

We have always used Fortinet products.

The initial setup is fairly simple because there's product training available for all of the tools from Fortinet. Our team is fully versed in those products, so it wasn't very difficult.

The licensing fee is less in the long term because it's not a recurring cost.

My advice is that for any solution you want to deploy, you have to ensure that your team is trained so that you can support it. Before FortiAuthenticator goes into play, make sure that your team is trained.

Overall, we are pretty satisfied with FortiAuthenticator.

I would rate this solution a nine out of ten.

Integrated RADIUS server with 802.1x functionality and access control. Single Sign On and AD integration. It integrates very tightly with the rest of the Fortinet ecosystem.

It integrated with the existing Cisco wireless infrastructure to solidify the way people authenticate onto the network. It permitted having a centralized area to authenticate all users and enabled SSOimplementation.

A better integration with other vendors. The device is rich in features but there are a lot of functionalities I have still not experienced with.

Two and a half years.

Overall not really, a few hiccups with the syncing with AD but nothing major.

Not in my experience. The device can scale on a VM with an additional license. And there are boxes that can support thousands of users (which I have still not met).

Very good. In our area we get support both in French and English and the response times are usually pretty decent.

We are a Fortinet reseller and integrator so there were no "switches" per say.

The setup process can be tedious.

I would start off with a VM including the base license and scale according to the number of users you need to authenticate.

ClearPass by Aruba and ISE by Cisco are the two main competitors in this space. To me ClearPass seams to be the most feature-rich solution for the price and vendor neutral as is FortiAuthenticator.

I strongly recommend someone accompany you in the initial deployment of the product to view all the functionalities that the platform is capable of doing.

One of the most valuable features is the simple FSSO (Fortinet Single Sign-On) configuration that helps to manage user-based security rules.

It is a cool security product. It's easy to use, implement and maintain, but there is room for improvement.

When we came across access management, we required several technical features to help manage user access to critical systems and remote access. That’s why we always go for a SSO two-factor authentication server. FortiAuthenticator is a bundle of these features. It has its own hardware and software token for two-factor authentication. It supports single sign-on and seamless integration with user-based web filtering, without any prior authentication. It can act as a Radius server to support other systems for Radius authentication. One of the common practices is using FortiAuthenticator with Dot1.X network access control.

The GUI is not fancy enough and some of the settings are difficult to access.

Part of the configuration has to be done by CLI, which is not friendly for security administrators.

Integration with other firewalls may not be as good as expected.

I have used it for two years, mostly implementation for clients.

No stability issues so far, as long as the number of users is not too large.

No issues for scalability: It is easy to add new resources as we deploy virtual machines.

FortiCare can provide prompt replies. They have basic knowledge on every single product in the Fortinet family. They have a standard protocol to response to support cases which is great. They are willing to accept RMA for technical difficulties that cannot be solved in a short period of time.

I have tried Cisco ISE as a NAC solution. Cisco ISE is the "Terminator" of NAC solutions, which has numerous features to prevent unauthorized access. However, its integration with FortiGate firewall is not great. When I use the SSLVPN service from FortiGate, it fails to authenticate with two-factor authentication. For this, using FortiAnthenticator would be a good choice for its genuine integration.

It is quite straightforward to set up the FortiAuthenticator. We mainly deploy as a virtual machine. An OVF file is provided by Fortinet and you just simply compile the file in the VMware environment. Upon simple configuration, such as IP address and default gateway, you can access the web GUI and do any configuration, as you like.

Licensing is straightforward, as Fortinet provides stackable licenses for FortiAuthenicator. Count the number of users and select sufficient licenses. Pricing is acceptable; much cheaper than Cisco ISE.

I have tried Cisco ISE. For state-of-the-art features, I would recommend Cisco ISE because of its brilliant features. But I would recommend FortiAuthenticator, if you are currently using FortiGate firewall and you seek a well-suited, complimentary NAC solution.

The need for a NAC solution depends on your infrastructure. If you are a Fortinet user, FortiAuthenticator would be a nice choice to enhance security on VPN and web access. However, there are many other choices, such as ForeScout, which is vendor-neutral, to support different systems from different vendors.