Fortinet FortiNAC Reviews

I was certified in FortiNAC (Part of Fortinet-NSE6) last year and I've personally implemented FortiNAC in three organizations. We work as a team with people who have expertise in different areas and Vendors and have exposure to different infrastructures.

FortiNAC scans your network to discover every user, application, and device (IOT), With up to 18 different techniques, it can then profile each element based on observed characteristics and responses for granular visibility - We then apply state-based control(eth0 VLAN switching) and Policy based control rules for access control and response.

Anyone (Domain users, Contractors, guests, etc) wanting to connect to the network has to be accessed by the NAC. Users come in at different times and some may be working from branches or home through a VPN and they will be authenticated in the same way with different privileges on the Network.

So it has to run 24/7. It's authenticating users all the time. We are gold partners with FortiNac. 

There are quite a number of things that are valuable about this solution. Having dealt with Cisco ISE, I realize that FortiNAC is different in a way that gives you granular visibility of the entire network infrastructure related to IOT devices (Who, What, When, Which information). It's helpful that you can know what's going on from your phone, your tablet, and from home. The solution provides containment, reporting and security event-alarm mapping and saves log and carries out further analysis for cyber thefts. It really is a good solution.

I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via FSSO or Certificate management he has to have a persistent agent.

The admin UI is not that good. It could be better matched and more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a FortiAuthenticator to build it.

The other thing would probably be the visibility granular. For example, when I have a user at a particular branch, I can't tell what SSIDs they are connected to. I only have the IP addresses so if the wireless controller is integrated with FortiNAc, you're going to realize that you won't be able to know whether a particular person is connected, that an AP is connected to a particular SSID, is connected to. . .  etc. It only gives you the IP addresses, Host names, etc. That has to be improved and am sure it will be in the next build version. 

Additional features, would be an agentless link and adopters - online, offline adopters - it picks the IP's, the host names, the layer 3 information, layer 2 information, what's connected. And also to give different privileges, best rule privileges to users. 

VLAN Interswitching (state based controls) could be quicker when doing the process flow from different sorts of authentication. When it comes to guests or contractors, you don't want to use a dissolvable agents. It dissolves in the process of downloading, but it takes longer and that could be improved.

I've been using the solution for a year and a half. 

FortiNAC is Pretty stable. We initially had a couple of troubleshooting issues in the deployments but we worked them out and it's fine now and has pretty good Visibility across the Network for every device, application and user, extend Control of the Network to third-party products and automated responsiveness.

You won't find so many NAC solutions like it. I mean it's granular, you will see a lot that you need to ask. It will give you all the controls you need and it has event alarm mapping, - I mean "you can't control what you can't see"

It is very scalable, you can have as many features and access points as you want. as you have. It depends on the licenses, but you can have as many IoT devices (Switches, routers, Firewals, WLC, etc) as you want and as many features as you want. You can have visibility to all the ports of the switches on the NAC, you can easily see  Who, What, When, Which information then control and respond

Technical support is good. You create a ticket and within that ticket you explain what challenges you're facing. They assign you an engineer who'll help solve the issue. It's pretty easy and straight forward and they're always there to help. 

Initial setup is pretty easy. If you're doing a VM setup, you do the registration on the Fortinet portal, and then you set the IP addresses. I think it's pretty good when you're implementing it the first time, it's very easy but when you get to tests, which are the UAT's, you're most likely to have a few issues that you need to be aware of.

Deployment time depends on the kind of customer. For example, the current implementation I'm doing has an assessing vendor. 90% of the network is wireless and 10% is cabled in network. They have more than 80 access features, more than 80 routers, and two wireless controllers. They have a number of databases and different firewalls - to use that fountain it slows things down. You're also dealing with Domain users, contractors and Guests in different locations. Obviously this will take more time than a project with less infrastructure devices. It really depends on the nature of the infrastructure.

There is a base license level which pretty much gives you topologies and groupings automation/control, etc. When it comes to policies, it's only going to give you user host profiling and network access. If you're looking for endpoint compliance, integrations, Incidence response and reporting, then you have to go for an Plus or PRO license.

You need to think about what you need as a company. There are so many government institutions, so many corporate institutions in the world that want to protect their networks. People have different privileges within a network, an instructor cannot have the same privileges as a normal user and the guest. We have guests coming onto our network, contractors coming to work at different times on the network, the main users who are working in different departments and who shouldn't have access to some platforms. When it comes to authentication you need to make sure you're protected from all kinds of threats. You have different products, Vendors and divices that all need to be controlled. If something goes off you need to know where and why. 

I would rate this product a eight out of 10. It's still evolving. 

We use the tool to support critical systems in sectors like energy and water companies.

The integration between switches, access points, management, analyzer, and other components is excellent. Everything is stable and can be managed from one place.

The tool's usability isn't very comfortable, and there’s a gap between what we need and what it currently offers.

I rate the tool's stability an eight out of ten. 

I rate Fortinet FortiNAC's scalability an eight out of ten. My company has 250 users. 

My impressions about Fortinet FortiNAC's support are not good. 

The solution's deployment is complex. Deployment typically took around three weeks with two people involved. We had to open several tickets with Fortinet for support, but not all issues were resolved, so the system isn't fully optimized.

I rate the overall solution a four out of ten. Its integration with existing infrastructure is easy. 

We use the tool to ensure that we have network access. It also helps us avoid stranger devices getting into the LAN or Wi-Fi. 

The tool provides us with a list of devices that tries to connect to our network. It offers us a lot of network visibility.

The solution's licensing price should be improved. 

I have been using the product for three years. 

I would rate Fortinet FortiNAC's stability a ten out of ten. 

I would rate the product's scalability a ten out of ten. 

Fortinet FortiNAC's setup is straightforward. 

We have seen ROI with the tool's use and it is high. 

I would rate the product an eight out of ten. 

We use the solution as a firewall to protect the network.

The solution's technical support needs improvement.

We have been using the solution for two or three years.

It is a scalable solution. Our organization has more than 200 users and plans to increase its usage.

The solution's technical support could be better.

I have used Sophos, CyberArk, and Palo Alto solutions earlier.

We require two executives for the deployment and maintenance of the solution.

The solution generates a return on investment for us. 

I rate the solution a nine out of ten. It is a good product.

We use this solution to control the network.

With FortiNAC, we don't need to configure the mass client site or access points. For example, we don't need to configure the switching site for a client's site. With Persistent Agent, it makes it much easier.

I would like to be able to compare the configuration backup before and after.

After version nine, the solution has been stable. There were some issues with stability in the previous versions.

It is a scalable solution. Some of my customers have nearly 100 endpoints. I use sync topology with my customer who has over 2000 clients or endpoints.

The technical support is fast, and I would rate them at nine out of ten for speed.

I would rate the documentation in relation to problem solving at seven out of ten.

Fortinet FortiNAC is easier to deploy than Cisco ISE or Aruba ClearPass. However, you have to know authentication systems and requirements when implementing on NAC devices.

FortiNAC's price has gone up in the last year. However, compared to other solutions, such as Cisco ISE, it is cheaper.

If you're considering implementing FortiNAC, I recommend determining which type of implementation is suitable for your needs.

FortiNAC can handle most configurations easily, but Cisco ISE works with only Cisco devices. Thus, FortiNAC is suitable for multivendor topologies, whereas Cisco ISE is not. Overall, I would rate FortiNAC at eight out of ten.

I use FortiNAC to limit access to our network; it's our firewall. We are customers of Fortinet and I'm a technical manager. 

The solution provides good performance, is easy to use and easy to configure.

The technical support could improve; the response time is quite slow. 

I've been using this solution for two years. 

The solution is stable. 

The solution is scalable, we have 100 users. 

Customer support could be improved as their response times can be quite slow. 

Neutral

We pay an annual licensing fee; this is quite an expensive solution. 

I rate this solution seven out of 10. 

The primary use case is for the visibility of the entire network architecture. It provides visibility to the switches, and routers to see the domain users, contractors, and guest users. It provides network access control, to be able to tell what endpoints are running on the machine, and what windows updates are on the machine. It is also used for cyber threat control.

The most valuable feature of the solution is having visibility over the IoT devices on the network. It allows the organization to see all the machines on the network, who is accessing what at which time, and what they are doing.

When you compare the solution to other NAC solutions like ISE and Portnox, you realize that it is not able to work as a single sign-on device. You need to use it with FortiAuthenticator. If you want to use certificate management, and two-factor authentication, you have to buy a FortiAnalyzer, which is different from ISE. I would like to see these features included with the solution.

The reporting can also use improvement. 

I have been using the solution for three years.

The latest version of the solution is stable.

The scalability is good. You can control as many users as you want.

The support is useful. They are usually able to log on and resolve the issues.

Neutral

The initial setup is straightforward on VMware, but it gets complex if you try to set up for example on Hypervisor. You need to have advanced knowledge to have a successful setup.

We implement the solution for other clients.

I rate the solution a seven out of ten.

If the deployment is strictly on a wired network it takes about a week however, if it is primarily on a wireless network it can take about three weeks.

Maintaining the solution is easy. The only area that may require additional support is if there is a large number of new guest users on the network. That requires admin approval for each user individually and takes time.

I would say it is a good solution, especially if you have IOT onboarding with a sponsor. You will be able to manage your users in a seamless way.

I'm a senior network architect and our company is a reseller of FortiNAC. This is a new product for me and we'll be starting implementation shortly. We've been testing the product and I'm just finishing the course. I'll be implementing for our client which is a medium-size company.

The interface is good and simple to use. Some of the ideas presented on the online course could be clearer, like policy creation. But the interface and other features are very good. 

I think that the course content could be improved, it's not that simple to work through. I'm an expert on Cisco ISE. And also I have CCIE on Cisco. I made a comparison between Cisco ISE and FortiNAC. Cisco ISE has full integration but FortiNAC doesn't.

I've been using FortiNAC for just one month.

I'll have a better idea next week about the stability, once it's been tested in the production environment.

The communication with customer support is fine from an administration perspective. But it's lacking documentation on the concept of how the technology works. There are no documents in the FortiNAC library relating to network function. 

I would rate this product an eight out of 10.