Fortinet FortiNAC Reviews

Our customers are from the security and financial services industries. 

FortiNAC is a network access control. In banking systems and in terminals, we need to manage VLAN and receive reports like IBS and IDS. Every VLAN has specific information to share some, but not all, of the files, because there are restrictions in the banking and financial systems. 

All the features of Fortinet FortiNAC are valuable. We find it beneficial to apply the permission rules. 

I have 20 years of experience working with these kinds of products with no issues. Any graphical user interface was very easy to use. Now, everything is new.

For future releases, I recommend that Fortinet make more series with a hard disk. We have customers who request a hard disk. On the one series, 21.101, we can see it has an internal hard disk. The 101 and 201 have a hard disk, however, the 100 and 200 do not. Keeping the hard disk on the one series will be easier for the distributor and will keep the prices lower for the customer. 

I have been using Fortinet FortiNAC for eight years.

The stability of this product is very good. With FortiNAC you have protection for each of your services.

Technical support from Fortinet can be slow as there are some delays. Just like most service providers, the first line of support is the least knowledgeable, so they refer you to the second or third level of support, which causes delays.

However, to activate the license or extend the warranty, they are fast.

We are able to do all of our projects without support. The stability is good. Therefore, I would rate customer service and support a nine out of ten.

Positive

Deployment of Fortinet FortiNAC took no more than three days. One day for analysis, the second day to implement, and the last day to transfer the implementation documents to the end user and to test it.

We implemented this solution by ourselves. The solution requires one or two engineers to deploy and maintain it.

We evaluated Palo Alto, it is very good, however, it is difficult to transfer knowledge for the end user. Palo Alto also does not have email protection.

Fortinet performs all the services we require from them. The implementation of the solution is easy. 

Overall, I would rate Fortinet FortiNAC a nine out of ten. 

I use the tool to maintain strict network control. It blocks suspicious connections and only allows specified access. You can control it through MAC addressing. It's all about managing the network so it's not accessible to any unauthorized user or machine.

What I like best about Fortinet FortiNAC's solution is its strong security measures. They're very strong compared to other firewalls. It has good threat detection and strong protection features.

The tool is effective because it won't give access to any unregistered equipment. If a laptop isn't registered, it can't just plug in and get access. It blocks any unregistered company or network device.

I haven't personally used the AI capabilities, but I know they're used in the security risk process. In threat detection, AI can automate incident management and handle suspicious cases automatically.

The solution needs to improve its AI capabilities. 

I have been using the product for one year. 

So far, we haven't had any stability or performance issues. It's been stable.

The solution is scalable and my company has 50 endpoints. 

The initial setup process wasn't too difficult. It's been okay so far, though there might be ways to make it a bit easier. 

During implementation, we faced some minor issues, like trying to get firmware when there was no internet, but nothing I'd call a real problem.

When deploying Fortinet FortiNAC, we first register the budget and understand the client's design. This matters because we need to know what the client wants to protect and where exactly. The scope comes from the design.

For the deployment I was involved in, we only needed two people. It didn't require a big team. The deployment took less than 30 minutes, which was very fast.

Maintenance is pretty normal. There haven't been any specific maintenance requirements beyond normal admin activities.

I would recommend the solution to others and rate it a nine out of ten. 

Fortinet FortiNAC is very easy to use, and we can run the proof of concept in one day. The main part of the configuration is to create the policies. We can present more of the solution and protect more clients with it.

One of our customers had a network segmentation project on which they were going to segment their network with new VLANs. They would have to spend a lot of time configuring around 500 switches if the segmentation was done without a NAC. We presented Fortinet FortiNAC to them, and we were able to help them with the VLAN segmentation project. With the Fortinet FortiNAC, you don't need to do the segmentation because the solution helps with the VLAN micro-segmentation. We could do all the segmentation they were planning by creating policies on the Fortinet FortiNAC. They only had to create the VLANs on all the 500 switches, which was easy because they have their network management solution and Aruba switches. All they needed to do was create the SNMP configuration. We had to discover all the switches because NAC has this feature on which you discover all the network devices, point the IP range, and then the NAC tries to find network devices in the environment. We created the policies the way they wanted. For instance, if it is an IP phone, it should go to the IP VLAN; if it is a Windows desktop, it should go to the desktop VLAN; and if it is a Windows server, it should go to the server VLAN. We created such policies using Fortinet FortiNAC, and we were able to help our customers reduce their expenses with their network project.

The most valuable feature of Fortinet FortiNAC is compliance, which we can do with the clients and the endpoints on the network. We can specify many rules to check if the device is on the domain and if there is any allowed process running on the endpoint. We can use the Fortinet FortiNAC to monitor if the antivirus is working and is up-to-date on the endpoint. If there is something wrong with the endpoint, we can quarantine it so that the endpoint won't have access to the internet or will only have access to the NAC portal that tells the user what is wrong with their endpoint.

Fortinet FortiNAC's documentation should be improved because there's not much debugging or troubleshooting documentation for the Fortinet FortiNAC. We had to open a ticket with Fortinet for an issue we faced on the FortiNAC. During this ticket handling, we were able to learn a lot of troubleshooting comments which are not properly documented. If it is documented, it's only internally on Fortinet, not as a public document. Fortinet FortiNAC must work around this and allow partners access to those troubleshooting documents.

I would like to see a more refined way to customize the portals. We are not able to do a lot of customization on the Fortinet FortiNAC portals. We cannot change anything or create a title for the Fortinet FortiNAC portal as we can on other portals.

I have been using Fortinet FortiNAC since 2018.

I rate Fortinet FortiNAC an eight out of ten for stability because I had issues with its previous versions.

I rate Fortinet FortiNAC a ten out of ten for scalability. We have plans to use Fortinet FortiNAC even more in the future. We have three ongoing projects, two projects that we just closed, and ongoing proof of concepts for another project.

Fortinet FortiNAC's technical support is very good. There are not a lot of Fortinet technicians enabled to troubleshoot FortiNAC. However, when we find one, they are very helpful.

It is straightforward to deploy Fortinet FortiNAC until you reach the compliance part. If you have a simple compliance rule, you have just one policy. However, with Fortinet FortiNAC, we can create layers of compliance, and that's when it gets complicated since there is no visual way to see those layers. You need to know your configuration to understand the layers. If someone new accesses the Fortinet FortiNAC solution and tries to look through your policies, they will need time and training to understand how the layers of compliance work.

One of our customers was going to spend more than 100 hours with technical people to configure all the segmentation they were planning for their network project. With the help of Fortinet FortiNAC, we reduced it from 100 hours to 10 hours of effort.

We are using the Fortinet FortiNAC 9.2 version. Since Fortinet FortiNAC is a network access control solution, it is better to have it on-premises, and closer to the devices it will manage.

Sometimes we have a lot of issues either because of the old models of switches the customers are using, or the customer is using a type of switch that is not manageable. However, that's more of a design issue.

You must have a good network for you to be able to use Fortinet FortiNAC. If you don't have a full network project with new devices and router switches, you must first fix your network.

Overall, I rate Fortinet FortiNAC a nine out of ten.

We use the solution for network access control and endpoint profiling.

Compared to other NAC vendors, Fortinet’s user interface is more user-friendly. The UI of other NAC products is very complex. We can customize the dashboard.

The product must try to streamline the user interface. The product must make its UI similar to other Fortinet products.

I have been using the solution for two years.

I rate the tool’s stability a nine out of ten. The product was a bit unstable for the first few days, but it stabilized eventually.

I rate the tool’s scalability a nine out of ten.

Support is amazing. The team is knowledgeable and has a quick response time.

Positive

I rate the ease of setup an eight out of ten.

The deployment took a month because we had some dependencies on the client. That's why it was delayed a bit. Only one person is needed to deploy the solution.

I would definitely recommend the product to others, but it is always good to do a POC first. Overall, I rate the solution a nine out of ten.

I was a distributor and system integrator of FortiNAC. We were opening a lot of tickets and there were lots of bugs, so I replaced it with Forescout very easily. Within two days, I replaced everything. With FortiNAC, I was just doing the implementation, making things work properly, and beginning testing after five days.

FortiNAC is deployed on-prem. They're not major enough to be on cloud. Even on-prem is not doing good.

Version 9.1 has been an improvement on previous versions. It's a good solution for SMB.

Any NAC solution has three to four phases. The first phase is discovery and classification. They do discovery, but they are lacking a lot of features in terms of classification. Also, they don't do a lot of classifications. They cannot help you if, for example, you're classifying Windows, and you want to check which Windows version it is, like Windows 7, Windows 8, Windows 10. It's a little bit difficult. It's not easy like the other products. 

Classifications and visibility need to be improved a lot. They have to start work on being agentless. Agentless means they need to have strong integration with Windows. They need to use the RTC. They cannot force people to have an agent for people who are going to the domain. There needs to be compatibility with switches. For any NAC solution, all the inputs will be through switches. So if it is not compatible with switches, this is a big disaster. When I was doing their switches, there were a lot of customers whose switches were not compatible with FortiNAC.

If these things are well-designed, then they can compete in the NAC market. And also in terms of IOT, they cannot discover the IOT things perfectly or the OT, operation technology, things.

In terms of HA, they're having a lot of problems. You just need to put the HA between two clients, and you have a lot of problems. There are problems with the classifications. In terms of control, they're not doing well. They cannot do integration with SCCM, for example. They have a lot of things missing.

I started using FortiNAC since Fortinet bought it in 2018. They bought it with Bradford, and I was one of the few people in Saudi who knows FortiNAC. I have known FortiNAC since it was 7.2, and there were a lot of bugs. Even now, 8 has a lot of bugs.

Now they have jumped to 9.1 and 9.2. I used version 9.1.2. They just changed the dashboard, but it's still agent based. I deeply know what FortiNAC is doing, and it's not doing good. I used to work with them, and then I left. Now, I'm purely working with Forescout technology.

It's not a stable solution. If you want to do the HA, suddenly both appliances will be gone. Both FortiNAC and Forescout are being built on CentOS Linux. Doing HA with FortiNAC, which should be very simple, is just a disaster. I know three customers who are complaining.

I have switched to Forescout because in regards to technology, application, visibility, and control, Forescout is unbelievable. Forescout is a great platform for OT things.

I would rate this solution 5 out of 10. 

It's a difficult solution. I used to be the FortiNAC guy, so I will be tough on them. In Saudi, I was the number three FortiNAC guy.

I can recommend FortiNAC for SMBs: small and medium businesses, but they will still suffer. I would recommend Forescout more.

We use Fortinet FortiNAC to control user access and enforce system policies.

Fortinet FortiNAC helps add an extra layer of security.

The ease of deployment is valuable.

Fortinet FortiNAC's device compatibility could be improved, particularly for VoIP devices.

I have been using Fortinet FortiNAC for two years.

We have experienced stability issues, particularly with the latest firmware versions. The extended development cycle for these updates makes us hesitant to adopt new products immediately upon their release.

I would rate the stability of Fortinet FortiNAC a seven out of ten.

Fortinet FortiNAC is scalable.

When I compare the support of Fortinet to Cisco, I find it to be good but not as good as Cisco's.

Neutral

We previously used Cisco ISE and switched to Fortinet FortiNAC because the users found it more user-friendly and it was cheaper.

The deployment is straightforward and takes around 60 days to complete.

Fortinet FortiNAC is reasonably priced.

I would rate Fortinet FortiNAC a seven out of ten.

The primary use case is for the visibility of the entire network architecture. It provides visibility to the switches, and routers to see the domain users, contractors, and guest users. It provides network access control, to be able to tell what endpoints are running on the machine, and what windows updates are on the machine. It is also used for cyber threat control.

The most valuable feature of the solution is having visibility over the IoT devices on the network. It allows the organization to see all the machines on the network, who is accessing what at which time, and what they are doing.

When you compare the solution to other NAC solutions like ISE and Portnox, you realize that it is not able to work as a single sign-on device. You need to use it with FortiAuthenticator. If you want to use certificate management, and two-factor authentication, you have to buy a FortiAnalyzer, which is different from ISE. I would like to see these features included with the solution.

The reporting can also use improvement. 

I have been using the solution for three years.

The latest version of the solution is stable.

The scalability is good. You can control as many users as you want.

The support is useful. They are usually able to log on and resolve the issues.

Neutral

The initial setup is straightforward on VMware, but it gets complex if you try to set up for example on Hypervisor. You need to have advanced knowledge to have a successful setup.

We implement the solution for other clients.

I rate the solution a seven out of ten.

If the deployment is strictly on a wired network it takes about a week however, if it is primarily on a wireless network it can take about three weeks.

Maintaining the solution is easy. The only area that may require additional support is if there is a large number of new guest users on the network. That requires admin approval for each user individually and takes time.

I would say it is a good solution, especially if you have IOT onboarding with a sponsor. You will be able to manage your users in a seamless way.

We use the tool to support critical systems in sectors like energy and water companies.

The integration between switches, access points, management, analyzer, and other components is excellent. Everything is stable and can be managed from one place.

The tool's usability isn't very comfortable, and there’s a gap between what we need and what it currently offers.

I rate the tool's stability an eight out of ten. 

I rate Fortinet FortiNAC's scalability an eight out of ten. My company has 250 users. 

My impressions about Fortinet FortiNAC's support are not good. 

The solution's deployment is complex. Deployment typically took around three weeks with two people involved. We had to open several tickets with Fortinet for support, but not all issues were resolved, so the system isn't fully optimized.

I rate the overall solution a four out of ten. Its integration with existing infrastructure is easy.