Fortinet FortiNAC Reviews

The primary use case for this solution is to enhance network security within our organization. We utilize it in various environments, adapting to customer networks which sometimes require setting up power and routing due to multiple lines.

The solution has significantly reduced our operational costs related to network security and has streamlined network security management.

The most valuable features include DNS protection and web filtering, which are effective against hackers and ransomware. Although ransomware remains challenging to identify, these features enhance our overall security.

The product's pricing and configuration process needs improvement. 

I have been using Fortinet FortiNAC since 2010. 

I would rate the stability of this solution as a nine out of ten.

I would rate the product scalability as an eight out of ten.

The customer service and support are excellent.

Positive

We have used different solutions before.

The initial setup was straightforward, with no significant problems. The duration of the installation varied based on the complexity of the customer's network.

I implemented the product myself. 

The product pricing is reasonable.

We evaluated other options, including Cisco.

I rate Fortinet FortiNAC a nine out of ten. 

Our customers use Fortinet to protect their networks and administer their users. It is mainly used in the healthcare industry.

The platform's benefits vary according to each customer's preferences and budget. It generally fits within their budget, making it a viable option.

The initial setup process needs improvement. I suggest improving the support team's responsiveness to reduce delays when issues arise.

I have been working with Fortinet for approximately five years, primarily as an integrator.

The solution is generally stable. However, some bugs need to be addressed with updates. I rate the stability an eight. 

Our customers are enterprise institutions. I rate the product scalability as nine. 

I rate the initial setup process an eight. 

The product cost is moderate. I rate the pricing a seven. 

The product's feature for access control is a key component providing effectiveness in securing the network. It integrates well with other security solutions, with fewer challenges than other products.

I recommend it as it is a good product, easy to install, and integrates well. I rate it a nine out of ten. 

Our customers are from the security and financial services industries. 

FortiNAC is a network access control. In banking systems and in terminals, we need to manage VLAN and receive reports like IBS and IDS. Every VLAN has specific information to share some, but not all, of the files, because there are restrictions in the banking and financial systems. 

All the features of Fortinet FortiNAC are valuable. We find it beneficial to apply the permission rules. 

I have 20 years of experience working with these kinds of products with no issues. Any graphical user interface was very easy to use. Now, everything is new.

For future releases, I recommend that Fortinet make more series with a hard disk. We have customers who request a hard disk. On the one series, 21.101, we can see it has an internal hard disk. The 101 and 201 have a hard disk, however, the 100 and 200 do not. Keeping the hard disk on the one series will be easier for the distributor and will keep the prices lower for the customer. 

I have been using Fortinet FortiNAC for eight years.

The stability of this product is very good. With FortiNAC you have protection for each of your services.

Technical support from Fortinet can be slow as there are some delays. Just like most service providers, the first line of support is the least knowledgeable, so they refer you to the second or third level of support, which causes delays.

However, to activate the license or extend the warranty, they are fast.

We are able to do all of our projects without support. The stability is good. Therefore, I would rate customer service and support a nine out of ten.

Positive

Deployment of Fortinet FortiNAC took no more than three days. One day for analysis, the second day to implement, and the last day to transfer the implementation documents to the end user and to test it.

We implemented this solution by ourselves. The solution requires one or two engineers to deploy and maintain it.

We evaluated Palo Alto, it is very good, however, it is difficult to transfer knowledge for the end user. Palo Alto also does not have email protection.

Fortinet performs all the services we require from them. The implementation of the solution is easy. 

Overall, I would rate Fortinet FortiNAC a nine out of ten. 

Out of 6500 wireless devices we see issues with less than 0.5% of clients. Though the product has many features we only utilize a fraction of them. We use the product for registration and management of our wireless network (NAC). The most valuable asset is visibility in to what a client is and who is using it. By forcing guests/users to register their BYOD devices we know who they are and can then apply appropriate web filtering policies to them based on a number of factors. We can then use that data to export reports etc on usage of our wireless network as a whole and troubleshoot as needed.

Prior to using the product we had a fully open wireless network. This means anyone could come in off the street and connect to our wifi. We would not have knowledge of who they are if the did something illegal or wrong. Our level of security has increase greatly as well as our knowledge of who is on our network.

We have had issues with certain Windows 10 devices not being able to register which requires manual intervention to fix. I think they are working on this issue. As Windows 10 devices grow this issue will become greater.

Another major pain point is management of existing and new wireless access points. You must import the Aps into Network Sentry every time you put them on the network. Its also advised to use DHCP reservations for each AP. The system does not delete APs if you remove them from production as well. This means you must remove the APs from Sentry each time its stake out of production or placed in a new building etc. The initial setup of an AP doubled as a result of using this product. There are steps that must be performed and if any are missed, the AP becomes a black hole resulting in zero connectivity for clients connecting to it.

We’ve used this solution for two years.

Their technical support is a 8/10. They are responsive and have the ability (if you allow) to log into your equipment remotely and fix problems or perform upgrades. They are helpful in answering questions and configuration assistance is always available as this product is complex at first.

The initial deployment took three days however we encountered many issues. The main factor was our network set-up was not fully understood by Bradford prior to purchase and deployment. This created many issues while we were in production with 10-15% of our users having connectivity problems every day. We were not fully operational until 3 months after deployment.

Initial set-up was done via a “Quick Start” where the bare bones are implemented by and on site tech. This is not meant to be a full implementation but to get the foundation in place. The on-site tech was knowledgeable but again, we had issues with understanding out network set-up and its complexity which were not discovered in the quick start.

Vendor team on site, which we paid for. In house is available but would have been very time consuming to learn and implement. I would not recommend quick start but instead have a tech on site for a minimum of 5-7 business days to fully understand the product. Its not until you are in full production will you see issues and have questions. As questions, learn how the product works deep down.

Pricing is expensive but cheaper than some other solutions out there. Licensing is based on number of concurrent devices and a number of other factors depending on implementation type. Yearly maintenance fees are very reasonable and highly recommended. ROI is immediate for us in terms of visibility.

We did not evaluate other solutions other than on a cost basis.

Explain you network set-up in full detail with diagrams. VLANs, SSIDs, switch vendors, wireless vendors, subnets. What methods do you use today for wireless authentication (802.1x/WPA2-PSK/Open). Show them everything and what it looks like to be a client on your network today and the process to get on-line. This product manages both wired and wireless network is you choose both options. This product can also do posturing of devices to ensure they meet criteria like current updates and Antivirus etc. We are not using that functionality yet however.

I use the tool to maintain strict network control. It blocks suspicious connections and only allows specified access. You can control it through MAC addressing. It's all about managing the network so it's not accessible to any unauthorized user or machine.

What I like best about Fortinet FortiNAC's solution is its strong security measures. They're very strong compared to other firewalls. It has good threat detection and strong protection features.

The tool is effective because it won't give access to any unregistered equipment. If a laptop isn't registered, it can't just plug in and get access. It blocks any unregistered company or network device.

I haven't personally used the AI capabilities, but I know they're used in the security risk process. In threat detection, AI can automate incident management and handle suspicious cases automatically.

The solution needs to improve its AI capabilities. 

I have been using the product for one year. 

So far, we haven't had any stability or performance issues. It's been stable.

The solution is scalable and my company has 50 endpoints. 

The initial setup process wasn't too difficult. It's been okay so far, though there might be ways to make it a bit easier. 

During implementation, we faced some minor issues, like trying to get firmware when there was no internet, but nothing I'd call a real problem.

When deploying Fortinet FortiNAC, we first register the budget and understand the client's design. This matters because we need to know what the client wants to protect and where exactly. The scope comes from the design.

For the deployment I was involved in, we only needed two people. It didn't require a big team. The deployment took less than 30 minutes, which was very fast.

Maintenance is pretty normal. There haven't been any specific maintenance requirements beyond normal admin activities.

I would recommend the solution to others and rate it a nine out of ten. 

Fortinet FortiNAC is a network address control solution that we use as an identity and access management server. We integrate it with network devices and workstations to create policies and privileges for network access and device management. It also performs posture checks on Windows workstations to ensure compliance with security policies before granting network access. Essentially, it profiles endpoints and workstations, and checks for security compliance (such as updated patches, enabled firewall, and vulnerability compliance) before granting network access.

The most valuable feature of Fortinet FortiNAC is its integration with all other Fortinet solutions.

The GUI and network visibility in Fortinet FortiNAC could improve.

Integration with 3rd-party devices can be improved.

I rate Fortinet FortiNAC for approximately two years.

Fortinet FortiNAC is stable.

We have one customer using this solution.

We have approximately 20 users using the solution.

The solution is scalable.

I have contacted the support from Fortinet FortiNAC. The response time could be quicker.

I rate the support from Fortinet FortiNAC a seven out of ten.

Neutral

I have used Cisco ISE and Aruba ClearPass, and Fortinet FortiNAC is a lot easier to set up.

The initial setup of Fortinet FortiNAC is easy. The time it took to set up was approximately five hours.

The solution is expensive. However, it is not as expensive as other solutions, such as Cisco ISE.

If people are looking for a smooth operation and don't want the trouble of using Cisco ISE or Aruba ClearPass, Fortinet FortiNAC is a great solution to consider. It's easy to set up, especially if you have an all-Fortinet environment with FortiSwitches, FortiGate Firewall, and FortiAPs. It can make your life much easier.

I rate Fortinet FortiNAC a seven out of ten.

I was certified in FortiNAC (Part of Fortinet-NSE6) last year and I've personally implemented FortiNAC in three organizations. We work as a team with people who have expertise in different areas and Vendors and have exposure to different infrastructures.

FortiNAC scans your network to discover every user, application, and device (IOT), With up to 18 different techniques, it can then profile each element based on observed characteristics and responses for granular visibility - We then apply state-based control(eth0 VLAN switching) and Policy based control rules for access control and response.

Anyone (Domain users, Contractors, guests, etc) wanting to connect to the network has to be accessed by the NAC. Users come in at different times and some may be working from branches or home through a VPN and they will be authenticated in the same way with different privileges on the Network.

So it has to run 24/7. It's authenticating users all the time. We are gold partners with FortiNac. 

There are quite a number of things that are valuable about this solution. Having dealt with Cisco ISE, I realize that FortiNAC is different in a way that gives you granular visibility of the entire network infrastructure related to IOT devices (Who, What, When, Which information). It's helpful that you can know what's going on from your phone, your tablet, and from home. The solution provides containment, reporting and security event-alarm mapping and saves log and carries out further analysis for cyber thefts. It really is a good solution.

I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via FSSO or Certificate management he has to have a persistent agent.

The admin UI is not that good. It could be better matched and more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a FortiAuthenticator to build it.

The other thing would probably be the visibility granular. For example, when I have a user at a particular branch, I can't tell what SSIDs they are connected to. I only have the IP addresses so if the wireless controller is integrated with FortiNAc, you're going to realize that you won't be able to know whether a particular person is connected, that an AP is connected to a particular SSID, is connected to. . .  etc. It only gives you the IP addresses, Host names, etc. That has to be improved and am sure it will be in the next build version. 

Additional features, would be an agentless link and adopters - online, offline adopters - it picks the IP's, the host names, the layer 3 information, layer 2 information, what's connected. And also to give different privileges, best rule privileges to users. 

VLAN Interswitching (state based controls) could be quicker when doing the process flow from different sorts of authentication. When it comes to guests or contractors, you don't want to use a dissolvable agents. It dissolves in the process of downloading, but it takes longer and that could be improved.

I've been using the solution for a year and a half. 

FortiNAC is Pretty stable. We initially had a couple of troubleshooting issues in the deployments but we worked them out and it's fine now and has pretty good Visibility across the Network for every device, application and user, extend Control of the Network to third-party products and automated responsiveness.

You won't find so many NAC solutions like it. I mean it's granular, you will see a lot that you need to ask. It will give you all the controls you need and it has event alarm mapping, - I mean "you can't control what you can't see"

It is very scalable, you can have as many features and access points as you want. as you have. It depends on the licenses, but you can have as many IoT devices (Switches, routers, Firewals, WLC, etc) as you want and as many features as you want. You can have visibility to all the ports of the switches on the NAC, you can easily see  Who, What, When, Which information then control and respond

Technical support is good. You create a ticket and within that ticket you explain what challenges you're facing. They assign you an engineer who'll help solve the issue. It's pretty easy and straight forward and they're always there to help. 

Initial setup is pretty easy. If you're doing a VM setup, you do the registration on the Fortinet portal, and then you set the IP addresses. I think it's pretty good when you're implementing it the first time, it's very easy but when you get to tests, which are the UAT's, you're most likely to have a few issues that you need to be aware of.

Deployment time depends on the kind of customer. For example, the current implementation I'm doing has an assessing vendor. 90% of the network is wireless and 10% is cabled in network. They have more than 80 access features, more than 80 routers, and two wireless controllers. They have a number of databases and different firewalls - to use that fountain it slows things down. You're also dealing with Domain users, contractors and Guests in different locations. Obviously this will take more time than a project with less infrastructure devices. It really depends on the nature of the infrastructure.

There is a base license level which pretty much gives you topologies and groupings automation/control, etc. When it comes to policies, it's only going to give you user host profiling and network access. If you're looking for endpoint compliance, integrations, Incidence response and reporting, then you have to go for an Plus or PRO license.

You need to think about what you need as a company. There are so many government institutions, so many corporate institutions in the world that want to protect their networks. People have different privileges within a network, an instructor cannot have the same privileges as a normal user and the guest. We have guests coming onto our network, contractors coming to work at different times on the network, the main users who are working in different departments and who shouldn't have access to some platforms. When it comes to authentication you need to make sure you're protected from all kinds of threats. You have different products, Vendors and divices that all need to be controlled. If something goes off you need to know where and why. 

I would rate this product a eight out of 10. It's still evolving. 

We use the tool to support critical systems in sectors like energy and water companies.

The integration between switches, access points, management, analyzer, and other components is excellent. Everything is stable and can be managed from one place.

The tool's usability isn't very comfortable, and there’s a gap between what we need and what it currently offers.

I rate the tool's stability an eight out of ten. 

I rate Fortinet FortiNAC's scalability an eight out of ten. My company has 250 users. 

My impressions about Fortinet FortiNAC's support are not good. 

The solution's deployment is complex. Deployment typically took around three weeks with two people involved. We had to open several tickets with Fortinet for support, but not all issues were resolved, so the system isn't fully optimized.

I rate the overall solution a four out of ten. Its integration with existing infrastructure is easy.