I've done quite a lot of work with ClearPass, and not a lot with FortiNAC/Bradford. ClearPass incorporates a number of different functions including ClearPass Guest for creating complex wireless guest networks, ClearPass Onboard for automating the configuration of wireless devices, ClearPass OnGuard for checking system posture (AV, OS Updates, etc.). But the core of this is a very advanced RADIUS server, ClearPass Policy Manager. This allows configuration of policies to support WPA2-Enterprise deployments, wired 802.1x, MAC authentication, etc. and allows integration of multiple lists of MAC addresses, connection to external servers such as Google Admin Console and JAMF for Apple deployments, etc.
FortiNAC, formerly Bradford, is a Network Access Control system, which maintains a list of MAC addresses of permitted devices on the network and can modify switch port configurations to move devices into either a quarantine VLAN or DeadEnd VLAN based on various things that it checks - AV posture, OS updates, etc.
One thing of note is that FortiNAC must be used with a separate RADIUS server if you wish to deploy WPA2-Enterprise for wireless devices. While this could be Microsoft's NPS (free) running on a Windows server, I don't believe there is any way to integrate Google Admin Console (Chromebooks) or JAMF (Apple).
So essentially ClearPass incorporates all of the functionality of FortiNAC/Bradford, plus many other functions. Which product is right for your environment largely depends on what problem you are trying to solve.
We've deployed both over the years and we find ClearPass to be more flexible, much easier to configure and far better at Radius. Overall, we believe ClearPass is a more rounded product.
If you haven't engaged anyone to help in your configuration, we have someone working for us that's been configuring ClearPass since before it was called ClearPass (Avenda previously) and would be more than happy to assist.
Product Manager at a energy/utilities company with 10,001+ employees
Real User
2020-02-17T16:37:55Z
Feb 17, 2020
I am not familiar with FortiNAC. We don’t use it. We use Aruba ClearPass and have been very satisfied with its functionality, simplicity, and security. We are also evaluating Cisco ISE but it is very expensive and works with a limited set of new Cisco switches only. My recommendation is to pick a hardware vendor-agnostic NAC solution like Aruba.
Aruba ClearPass and Fortinet FortiNAC are key players in network access control solutions. FortiNAC holds an advantage with stronger features, while ClearPass leads in pricing and support.Features: Aruba ClearPass offers flexible policy management, scalability, and adaptable user authentication. FortiNAC provides comprehensive threat detection, advanced integration with security tools, and a robust feature set that ensures detailed monitoring.Room for Improvement: Aruba ClearPass could...
I've done quite a lot of work with ClearPass, and not a lot with FortiNAC/Bradford. ClearPass incorporates a number of different functions including ClearPass Guest for creating complex wireless guest networks, ClearPass Onboard for automating the configuration of wireless devices, ClearPass OnGuard for checking system posture (AV, OS Updates, etc.). But the core of this is a very advanced RADIUS server, ClearPass Policy Manager. This allows configuration of policies to support WPA2-Enterprise deployments, wired 802.1x, MAC authentication, etc. and allows integration of multiple lists of MAC addresses, connection to external servers such as Google Admin Console and JAMF for Apple deployments, etc.
FortiNAC, formerly Bradford, is a Network Access Control system, which maintains a list of MAC addresses of permitted devices on the network and can modify switch port configurations to move devices into either a quarantine VLAN or DeadEnd VLAN based on various things that it checks - AV posture, OS updates, etc.
One thing of note is that FortiNAC must be used with a separate RADIUS server if you wish to deploy WPA2-Enterprise for wireless devices. While this could be Microsoft's NPS (free) running on a Windows server, I don't believe there is any way to integrate Google Admin Console (Chromebooks) or JAMF (Apple).
So essentially ClearPass incorporates all of the functionality of FortiNAC/Bradford, plus many other functions. Which product is right for your environment largely depends on what problem you are trying to solve.
We've deployed both over the years and we find ClearPass to be more flexible, much easier to configure and far better at Radius. Overall, we believe ClearPass is a more rounded product.
If you haven't engaged anyone to help in your configuration, we have someone working for us that's been configuring ClearPass since before it was called ClearPass (Avenda previously) and would be more than happy to assist.
We are using Aruba ClearPass in CCHE.
We use a Cisco-based solution.
I am not familiar with FortiNAC. We don’t use it. We use Aruba ClearPass and have been very satisfied with its functionality, simplicity, and security. We are also evaluating Cisco ISE but it is very expensive and works with a limited set of new Cisco switches only. My recommendation is to pick a hardware vendor-agnostic NAC solution like Aruba.