Fortinet FortiNAC Reviews

It is mainly used when we integrate the solution with Fortinet firewalling, sandboxing, and the security fabric of Fortinet. In an all-out implementation where we implement different solutions, FortiNAC is one of the components in the entire ecosystem.

Its deployment is virtualized but on-prem.

The network segmentation is the most important part of the solution. The integration with the Zero Trust Access solution is a crucial part of segmenting your network.

There could be better integration with legacy equipment. It integrates perfectly with all Fortinet solutions, but if you look at other third-party integrations—not on the networking part; but more on the security infrastructure part—it's more limited.

Its stability and scalability can be better. Aruba ClearPass is better in these aspects.

I have used it only in the last few years. I had to do a few propositions. It has been only two or three years since I have been familiar with the FortiNAC solution.

Its stability and scalability are slightly lower than Aruba. I have a personal preference for Aruba ClearPass, so I would rate FortiNAC a seven out of 10 in these aspects.

We have internal support, so I don't have any issues with it.

It is pretty easy and straightforward. A default implementation can take two days. It is not that complex, but it also depends on the use cases that you have for the FortiNAC solution. So, it can be a really simple implementation, but it can also be months of implementation depending on the use case.

I would advise really considering the use cases that you want to implement. That's because Fortinet has multiple license models. There are Base, Plus, and Pro licenses, and depending on the license model, you have more possibilities for integration. If you want to implement something like a premium device or guest management, you can't take the Base model. You have to directly go to the Plus model or even Pro. Similarly, if you want incident correlations and incident management, you have to go to the higher license version. So, you must consider all the use cases that you want to implement before you make a decision so that you take the correct version.

I would rate it a seven out of 10.

We installed Fortinet FortiNAC in a large company in a VM environment. They have a lot of end-users and complex user account needs. For example, some of the VIPs and different guests all need different access permissions and some of them are connected through the Active Directory credentials which we have to have a portal page for them to gain access. 

Another layer of complexity is different users are receiving accounts from many departments. For example, the customer's IT department gives them access and they send the credentials to the guest by email. The IT department can limit their account in different ways, such as only allowing the account access for a period of time.

Fortinet FortiNAC has good user account customization. 

We can change the logo for the portals to meet the customer's needs. The portal default language is English but it supports all languages, such as Turkish. The portal can be optimized very easily. 

Device profiling is a good feature, we can block devices, such as iOS or Android.

Endpoint compliance is a great feature that allows us to restrict and quarantine devices. For example, if a device is not using the latest version of an operating system or antivirus program we can detect it and prohibit their access. If certain conditions are met with the customer's policies, we can let them have access. Otherwise, our endpoints compliance rules block or quarantine their devices on the network.

Integration is hard in Fortinet FortiNAC, but they are evolving and getting better. For example, with Cisco, Aruba, Huawei, and Extreme devices, Fortinet FortiNAC is working properly, but some other devices have problems.

I have been using Fortinet FortiNAC for a couple of months.

The solution is stable.

Fortinet FortiNAC can extend your existing network. For example, if you have to put another switch, access point, or another networking device to complete the site we can with one or two clicks add these devices and the same rules and policies. It is highly scalable and can extend your infrastructure.

We currently have two customers using Fortinet FortiNAC

The installation is not straightforward, it can be hard.  The documentation should be better in explaining to process in more detail. The installation requires too much experience and knowledge about network infrastructure. It's not easy, you have to be an expert.

The difficulty level of the installation and time depends on many factors. For example, one of our customer's installations was simple because they only had to block one site and only had one hardware vendor, such as Cisco. 

Our second installation was more difficult because the customer had many different hardware vendors, such as Cisco, Huawei, Aruba, and Extreme as part of their infrastructure. This requires configuring different settings on every device, it can be complicated. This can take a lot of time.

We do the implementation and the amount of staff needed depends on the size of the infrastructure and hardware vendors involved. If it is a smaller environment with a single vendor then the process could take two to three days.

If the customer size is very large and they are using the different sites and cities, and many different network infrastructures, the implementation would take time and you would have to manage everything well. When you have a complex network, it can take approximately15 days to implement. The number of vendors they're working with can increase the implementation time duration. If companies only have one vendor, it's easy, but two or three different vendor integration is a little bit harder and takes time. 

Customer's needs are very important, because some customers, only want that 1x configuration. However, other customers want 1x configuration, custom portal pages, and many endpoint compliance rules. The more features the more time it will take.

The price of the license required is based on how many users are going to be using the solution. If you want more users you can upgrade your license.

I have evaluated other NAC solutions.

I would recommend Fortinet FortiNAC to others because we did evaluate other NAC solutions and this solution is very good compared to the others. The best benefit of Fortinet FortiNAC is the stability and it can work with other vendors. Some NAC products only work with their products and do not support other vendors.

The major benefit I have found is that this solution can work with other products. A customer typically has more than one vendor, such as access points, printers, and other network products. A lot of the other vendors only are working with their products. It's very important for me that Fortinet FortiNAC can work with the other vendors properly and can integrate easily. When I check the Fortinet website, it shows every vendor's details with an explanation about the integration of the Fortinet FortiNAC. For example, you can find out how to integrate the Fortinet FortiNAC with the Cisco wireless controller. I can find the documents, turn to the pages and find all the information I need. I can find it very easily.

I rate Fortinet FortiNAC a nine out of ten.

The product offers good profiling features and can support various vendor products.

FortiNAC could improve integration with other vendors and enhance stability to compete more effectively with solutions like Cisco ISE.

We've been using both FortiNAC for about four years.

We contacted Fortinet's technical support, who helped resolve our issues.

Positive

Cisco ISE is more stable but comes at a higher cost than FortiNAC.

Deploying FortiNAC can be time-consuming, especially considering the integration challenges with other vendors.

Integrating FortiNAC with other vendors can be challenging, especially for Ruckus and Intelisys. We find Cisco ISE more comfortable for vendor integration.

I recommend FortiNAC, but with the caveat that users may encounter challenges with integration and stability.

I rate it a seven out of ten.

We use Fortinet FortiNAC for network access and identity protection.

The product's most valuable feature is its ability to protect devices connected to network service.

The product could be more user-friendly in terms of GUI than HPE. The configuration needs improvement as well.

We have been using Fortinet FortiNAC for two years.

It is a stable platform. I rate its stability a ten out of ten.

I rate the product’s scalability an eight out of ten. We have 100 users for it.

The product’s technical support services are good. Although sometimes, they respond slowly.

Neutral

I rate Fortinet FortiNAC’s initial setup process a seven out of ten. It takes two days to complete. The deployment process involves configuring the network access policies within the Azure environment.

It is a reasonable product.

It is a good product considering network security. It supports multiple devices and is easy to use. I can repair the box quickly in case of some failure. I rate it an eight out of ten.

It’s a unified place where we can manage campus onboarding/BYOD NAC security.

It has provided port/wireless security to all devices trying to connect to our campus network.

Interaction with other vendors switches & APs should be more thoroughly tested as integration between Networks Sentry and other networking equipment needs to be seamless for this product to work.

I've been using it for five years.

We had no issues with deployment.

We had no issues with the stability.

We had no issues with the scalability.

Customer Service leaves a lot to be desired. Most times the engineers blame the customer’s network even even before they collect the necessary data regarding an issue. We’ve discovered several flaws and bugs with the system in various occasions, only to have Bradford support deny there’s a problem or make fun of the customer. Also, response time on cases has been terrible. After opening a case, it could take days before an initial response from TAC is performed. Even after that... cases can linger open for weeks or months before any feasible solution is found. We had a case regarding integration with Aerohive open for over a year. Furthermore, case resolution follows very non-standard Practices in the industry. In many instances, TAC engineers close the cases without notice or without asking the customer if it's OK to close the case or if the issue has been resolved.

This is the first NAC appliance we ever used on-campus.

Initial set-up required engineers to be on-site to configure the box to work with our network. Thus, I would say it was complex (this was in 2010; it might be different now).

We implemented through a team provided by the vendor. I would advise to test implementation in a small building before make a campus-wide deployment.

Pricing & Licensing are fair as far as we can tell.

I would make sure this product integrates well with the customer’s network before deployment. We had to move away from this product recently on the Wireless side of the network as the Sentry would not integrate well with our Aerohive Wireless Infrastructure. We had an issue where the Sentry would not properly communicate with the APs and thus would let customers blocked from our network for no particular reason. Since this issue went unresolved for over three years, we decided to implement a different Wireless NAC solution and cut back our Bradford licenses to less than half of the original (we’re now using Bradford only to secure our wired network).

The customer required centralizing control to control access, detection, and network control. He requested processing a simple management point, the access, the devices, and distribution, and wanted to manage all the customer devices. He had a history of working with FortiNAC devices and wanted us to do the same. So I installed the product to understand it. 

The features are more expandable. 

The interface works fine, but it could be better.

It was for a one-time product solution for a customer for about one year, and I'm still maintaining it. So far, we've had one client for it.

The solution is stable.

The product is scalable.

We never had to use customer service or support, so it expired.

Neutral

It was easy to set up the product. 

I would rate this solution seven out of ten.

FortiNAC provides authentication services for clients.

The users say that FortiNAC is configurable and easy to use. 

I've been using FortiNAC for about three years.

FortiNAC's performance is excellent.

FortiNAC could be more scalable. 

Setting up FortiNAC is straightforward, and it takes about a week to deploy. 

I rate Fortinet FortiNAC seven out of 10. It's a configurable product that integrates well with the other Fortinet products. It's easy to use and has a lot of features. It's tough for me to give a product a perfect 10. It must be simple, scalable, stable, and have excellent features covering almost all our technological needs. 

Out of 6500 wireless devices we see issues with less than 0.5% of clients. Though the product has many features we only utilize a fraction of them. We use the product for registration and management of our wireless network (NAC). The most valuable asset is visibility in to what a client is and who is using it. By forcing guests/users to register their BYOD devices we know who they are and can then apply appropriate web filtering policies to them based on a number of factors. We can then use that data to export reports etc on usage of our wireless network as a whole and troubleshoot as needed.

Prior to using the product we had a fully open wireless network. This means anyone could come in off the street and connect to our wifi. We would not have knowledge of who they are if the did something illegal or wrong. Our level of security has increase greatly as well as our knowledge of who is on our network.

We have had issues with certain Windows 10 devices not being able to register which requires manual intervention to fix. I think they are working on this issue. As Windows 10 devices grow this issue will become greater.

Another major pain point is management of existing and new wireless access points. You must import the Aps into Network Sentry every time you put them on the network. Its also advised to use DHCP reservations for each AP. The system does not delete APs if you remove them from production as well. This means you must remove the APs from Sentry each time its stake out of production or placed in a new building etc. The initial setup of an AP doubled as a result of using this product. There are steps that must be performed and if any are missed, the AP becomes a black hole resulting in zero connectivity for clients connecting to it.

We’ve used this solution for two years.

Their technical support is a 8/10. They are responsive and have the ability (if you allow) to log into your equipment remotely and fix problems or perform upgrades. They are helpful in answering questions and configuration assistance is always available as this product is complex at first.

The initial deployment took three days however we encountered many issues. The main factor was our network set-up was not fully understood by Bradford prior to purchase and deployment. This created many issues while we were in production with 10-15% of our users having connectivity problems every day. We were not fully operational until 3 months after deployment.

Initial set-up was done via a “Quick Start” where the bare bones are implemented by and on site tech. This is not meant to be a full implementation but to get the foundation in place. The on-site tech was knowledgeable but again, we had issues with understanding out network set-up and its complexity which were not discovered in the quick start.

Vendor team on site, which we paid for. In house is available but would have been very time consuming to learn and implement. I would not recommend quick start but instead have a tech on site for a minimum of 5-7 business days to fully understand the product. Its not until you are in full production will you see issues and have questions. As questions, learn how the product works deep down.

Pricing is expensive but cheaper than some other solutions out there. Licensing is based on number of concurrent devices and a number of other factors depending on implementation type. Yearly maintenance fees are very reasonable and highly recommended. ROI is immediate for us in terms of visibility.

We did not evaluate other solutions other than on a cost basis.

Explain you network set-up in full detail with diagrams. VLANs, SSIDs, switch vendors, wireless vendors, subnets. What methods do you use today for wireless authentication (802.1x/WPA2-PSK/Open). Show them everything and what it looks like to be a client on your network today and the process to get on-line. This product manages both wired and wireless network is you choose both options. This product can also do posturing of devices to ensure they meet criteria like current updates and Antivirus etc. We are not using that functionality yet however.