I've done quite a lot of work with ClearPass, and not a lot with FortiNAC/Bradford. ClearPass incorporates a number of different functions including ClearPass Guest for creating complex wireless guest networks, ClearPass Onboard for automating the configuration of wireless devices, ClearPass OnGuard for checking system posture (AV, OS Updates, etc.). But the core of this is a very advanced RADIUS server, ClearPass Policy Manager. This allows configuration of policies to support WPA2-Enterprise deployments, wired 802.1x, MAC authentication, etc. and allows integration of multiple lists of MAC addresses, connection to external servers such as Google Admin Console and JAMF for Apple deployments, etc.
FortiNAC, formerly Bradford, is a Network Access Control system, which maintains a list of MAC addresses of permitted devices on the network and can modify switch port configurations to move devices into either a quarantine VLAN or DeadEnd VLAN based on various things that it checks - AV posture, OS updates, etc.
One thing of note is that FortiNAC must be used with a separate RADIUS server if you wish to deploy WPA2-Enterprise for wireless devices. While this could be Microsoft's NPS (free) running on a Windows server, I don't believe there is any way to integrate Google Admin Console (Chromebooks) or JAMF (Apple).
So essentially ClearPass incorporates all of the functionality of FortiNAC/Bradford, plus many other functions. Which product is right for your environment largely depends on what problem you are trying to solve.
We've deployed both over the years and we find ClearPass to be more flexible, much easier to configure and far better at Radius. Overall, we believe ClearPass is a more rounded product.
If you haven't engaged anyone to help in your configuration, we have someone working for us that's been configuring ClearPass since before it was called ClearPass (Avenda previously) and would be more than happy to assist.
Product Manager at a energy/utilities company with 10,001+ employees
Real User
2020-02-17T16:37:55Z
Feb 17, 2020
I am not familiar with FortiNAC. We don’t use it. We use Aruba ClearPass and have been very satisfied with its functionality, simplicity, and security. We are also evaluating Cisco ISE but it is very expensive and works with a limited set of new Cisco switches only. My recommendation is to pick a hardware vendor-agnostic NAC solution like Aruba.
Aruba ClearPass and Fortinet FortiNAC compete in the network security category. Based on feature comparison, Aruba ClearPass seems to have the upper hand due to its robust integration capabilities with third-party solutions.Features: Aruba ClearPass excels in policy management, guest onboarding, and BYOD support while offering advanced policy enforcement. Its open standard approach provides flexibility and robust NAC solutions. In comparison, Fortinet FortiNAC emphasizes user account...
I've done quite a lot of work with ClearPass, and not a lot with FortiNAC/Bradford. ClearPass incorporates a number of different functions including ClearPass Guest for creating complex wireless guest networks, ClearPass Onboard for automating the configuration of wireless devices, ClearPass OnGuard for checking system posture (AV, OS Updates, etc.). But the core of this is a very advanced RADIUS server, ClearPass Policy Manager. This allows configuration of policies to support WPA2-Enterprise deployments, wired 802.1x, MAC authentication, etc. and allows integration of multiple lists of MAC addresses, connection to external servers such as Google Admin Console and JAMF for Apple deployments, etc.
FortiNAC, formerly Bradford, is a Network Access Control system, which maintains a list of MAC addresses of permitted devices on the network and can modify switch port configurations to move devices into either a quarantine VLAN or DeadEnd VLAN based on various things that it checks - AV posture, OS updates, etc.
One thing of note is that FortiNAC must be used with a separate RADIUS server if you wish to deploy WPA2-Enterprise for wireless devices. While this could be Microsoft's NPS (free) running on a Windows server, I don't believe there is any way to integrate Google Admin Console (Chromebooks) or JAMF (Apple).
So essentially ClearPass incorporates all of the functionality of FortiNAC/Bradford, plus many other functions. Which product is right for your environment largely depends on what problem you are trying to solve.
We've deployed both over the years and we find ClearPass to be more flexible, much easier to configure and far better at Radius. Overall, we believe ClearPass is a more rounded product.
If you haven't engaged anyone to help in your configuration, we have someone working for us that's been configuring ClearPass since before it was called ClearPass (Avenda previously) and would be more than happy to assist.
We are using Aruba ClearPass in CCHE.
We use a Cisco-based solution.
I am not familiar with FortiNAC. We don’t use it. We use Aruba ClearPass and have been very satisfied with its functionality, simplicity, and security. We are also evaluating Cisco ISE but it is very expensive and works with a limited set of new Cisco switches only. My recommendation is to pick a hardware vendor-agnostic NAC solution like Aruba.