Practice Director & Technologies Advisory at Happiest Minds Technologies
Real User
Top 20
2024-09-30T09:09:00Z
Sep 30, 2024
Fortinet needs to look for integration with all the OEMs. Cisco ISE is integrated with multiple OEMs, whereas FortiNAC is still lacking in that aspect. Integration with multiple OEMs is required to improve the solution.
The platform must enable troubleshooting. We can connect with CLI, but the interface is missing things. We need visibility and troubleshooting features to solve problems as quickly as possible. We can integrate the product with Active Directory to bundle and manage users. However, the product does not have much space to record logs for troubleshooting and analyzing. We need FortiAnalyzer to troubleshoot and analyze the logs.
Software Development Specialist at Unicomp Information Co. Ltd.
Reseller
Top 5
2024-01-05T08:10:00Z
Jan 5, 2024
Our users have been asking for simpler documentation and training materials to facilitate the deployment process. I would suggest focusing on enhancing essential features, as our customers typically need to implement basic scenarios rather than advanced functionalities.
The user interface and the product's intuitiveness could be improved. In future releases, it would be great if they could improve the usability of the solution, particularly for SaaS environments.
Fortinet FortiNAC's documentation should be improved because there's not much debugging or troubleshooting documentation for the Fortinet FortiNAC. We had to open a ticket with Fortinet for an issue we faced on the FortiNAC. During this ticket handling, we were able to learn a lot of troubleshooting comments which are not properly documented. If it is documented, it's only internally on Fortinet, not as a public document. Fortinet FortiNAC must work around this and allow partners access to those troubleshooting documents. I would like to see a more refined way to customize the portals. We are not able to do a lot of customization on the Fortinet FortiNAC portals. We cannot change anything or create a title for the Fortinet FortiNAC portal as we can on other portals.
Technology Consultant Team Head at Ignite Solutions
Real User
2022-10-20T20:05:00Z
Oct 20, 2022
I have 20 years of experience working with these kinds of products with no issues. Any graphical user interface was very easy to use. Now, everything is new. For future releases, I recommend that Fortinet make more series with a hard disk. We have customers who request a hard disk. On the one series, 21.101, we can see it has an internal hard disk. The 101 and 201 have a hard disk, however, the 100 and 200 do not. Keeping the hard disk on the one series will be easier for the distributor and will keep the prices lower for the customer.
Security Solutions Architect at a manufacturing company with 1,001-5,000 employees
Real User
2022-09-06T11:56:00Z
Sep 6, 2022
When you compare the solution to other NAC solutions like ISE and Portnox, you realize that it is not able to work as a single sign-on device. You need to use it with FortiAuthenticator. If you want to use certificate management, and two-factor authentication, you have to buy a FortiAnalyzer, which is different from ISE. I would like to see these features included with the solution. The reporting can also use improvement.
Head Of Information Technology at Zambia National Building Society
Real User
2022-07-05T14:36:00Z
Jul 5, 2022
I hope that Fortinet can add a feature with a remediation mechanism when you find a broken piece so that you can click on something and download the needed update or resolve the firewall issue more easily. Currently, we have to use an external remediation server to download updates. For example, the Kaspersky antivirus was originally built just for threat detection and prevention. Still, they've gone to another level where the solution can point to a vulnerability, and you can click a button to remediate it, and the solution goes and pulls the download and fixes it.
We have tried to do a small POC and it failed. I had a bad experience with FortiNAC. The customer was asking for a NAC solution. I suggested FortiNAC. The switch with the customer was Cisco and it was not integrated with Cisco. We tried to provide him with a FortiSwitch as the core switch and the solution worked. It's working, however, not the expected way for the customer. The issue is it just doesn't integrate with Cisco switches. They need to change or upgrade the technology in the product. The solution is not stable. We have not been able to scale the product. It's very hard to set up.
Any NAC solution has three to four phases. The first phase is discovery and classification. They do discovery, but they are lacking a lot of features in terms of classification. Also, they don't do a lot of classifications. They cannot help you if, for example, you're classifying Windows, and you want to check which Windows version it is, like Windows 7, Windows 8, Windows 10. It's a little bit difficult. It's not easy like the other products. Classifications and visibility need to be improved a lot. They have to start work on being agentless. Agentless means they need to have strong integration with Windows. They need to use the RTC. They cannot force people to have an agent for people who are going to the domain. There needs to be compatibility with switches. For any NAC solution, all the inputs will be through switches. So if it is not compatible with switches, this is a big disaster. When I was doing their switches, there were a lot of customers whose switches were not compatible with FortiNAC. If these things are well-designed, then they can compete in the NAC market. And also in terms of IOT, they cannot discover the IOT things perfectly or the OT, operation technology, things. In terms of HA, they're having a lot of problems. You just need to put the HA between two clients, and you have a lot of problems. There are problems with the classifications. In terms of control, they're not doing well. They cannot do integration with SCCM, for example. They have a lot of things missing.
Integration is hard in Fortinet FortiNAC, but they are evolving and getting better. For example, with Cisco, Aruba, Huawei, and Extreme devices, Fortinet FortiNAC is working properly, but some other devices have problems.
Technology Consultant Team Head at Ignite Solutions
Real User
2020-04-26T06:32:39Z
Apr 26, 2020
The problem with Fortinet is that if you want to be 100% secure then you have to buy other products. It should support better integration with third-party solutions. The reporting capability needs to be improved.
Cyber Security Specialist at a tech services company with 51-200 employees
Real User
2020-04-02T07:00:12Z
Apr 2, 2020
I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via FSSO or Certificate management he has to have a persistent agent. The admin UI is not that good. It could be better matched and more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a FortiAuthenticator to build it. The other thing would probably be the visibility granular. For example, when I have a user at a particular branch, I can't tell what SSIDs they are connected to. I only have the IP addresses so if the wireless controller is integrated with FortiNAc, you're going to realize that you won't be able to know whether a particular person is connected, that an AP is connected to a particular SSID, is connected to. . . etc. It only gives you the IP addresses, Host names, etc. That has to be improved and am sure it will be in the next build version. Additional features, would be an agentless link and adopters - online, offline adopters - it picks the IP's, the host names, the layer 3 information, layer 2 information, what's connected. And also to give different privileges, best rule privileges to users. VLAN Interswitching (state based controls) could be quicker when doing the process flow from different sorts of authentication. When it comes to guests or contractors, you don't want to use a dissolvable agents. It dissolves in the process of downloading, but it takes longer and that could be improved.
Technical Presales Engineer at Dristi Tech Pvt.ltd
Real User
2020-02-20T06:38:00Z
Feb 20, 2020
For our organization and our clients, the price is the main concern. They should work to make it more competitive. Customization could be improved in future releases.
Senior Cybersecurity Solution Architect at Dimension Data
Real User
2019-11-21T07:12:00Z
Nov 21, 2019
Something that the developers of FortiNAC might look at to improve, is more integration with third-party products. The dashboard also needs to improve.
Sr. Network Architect at a manufacturing company with 10,001+ employees
Reseller
2019-11-18T07:22:00Z
Nov 18, 2019
I think that the course content could be improved, it's not that simple to work through. I'm an expert on Cisco ISE. And also I have CCIE on Cisco. I made a comparison between Cisco ISE and FortiNAC. Cisco ISE has full integration but FortiNAC doesn't.
System Security Engineer at a tech services company with 11-50 employees
Real User
2019-11-04T06:14:00Z
Nov 4, 2019
The implementation process needs improvement. Right now, it's somewhat complicated. They could create some templates to facilitate implementation. Right now everything is done manually, and it just takes a really long time at the initial setup.
Senior Information Technology Officer at a financial services firm with 501-1,000 employees
Real User
2019-07-08T07:42:00Z
Jul 8, 2019
I think the network devices need to give more information. In the next release, we'd like to see more information on controlling, for example, adding more policies etc. We should get more information about IoT devices, and have more information available for the users.
Fortinet's FortiNAC is a network access control solution that provides visibility, control, and automated response for everything that connects to the network, enhancing the security fabric. FortiNAC protects against Internet of Things (IoT) threats, extends control to third-party devices, and orchestrates automated responses to a variety of networking events.
Using many information and behavior sources, FortiNAC delivers extensive profiling of even headless devices on your network, allowing...
Fortinet needs to look for integration with all the OEMs. Cisco ISE is integrated with multiple OEMs, whereas FortiNAC is still lacking in that aspect. Integration with multiple OEMs is required to improve the solution.
The solution needs to improve its AI capabilities.
The product's pricing and configuration process needs improvement.
FortiNAC could improve integration with other vendors and enhance stability to compete more effectively with solutions like Cisco ISE.
The platform must enable troubleshooting. We can connect with CLI, but the interface is missing things. We need visibility and troubleshooting features to solve problems as quickly as possible. We can integrate the product with Active Directory to bundle and manage users. However, the product does not have much space to record logs for troubleshooting and analyzing. We need FortiAnalyzer to troubleshoot and analyze the logs.
The training documentation needs to be more transparent.
Fortinet's local support could be improved.
Fortinet FortiNAC's device compatibility could be improved, particularly for VoIP devices.
Our users have been asking for simpler documentation and training materials to facilitate the deployment process. I would suggest focusing on enhancing essential features, as our customers typically need to implement basic scenarios rather than advanced functionalities.
The product could be more user-friendly in terms of GUI than HPE. The configuration needs improvement as well.
The product must try to streamline the user interface. The product must make its UI similar to other Fortinet products.
The user interface and the product's intuitiveness could be improved. In future releases, it would be great if they could improve the usability of the solution, particularly for SaaS environments.
The solution's technical support needs improvement.
Fortinet FortiNAC's documentation should be improved because there's not much debugging or troubleshooting documentation for the Fortinet FortiNAC. We had to open a ticket with Fortinet for an issue we faced on the FortiNAC. During this ticket handling, we were able to learn a lot of troubleshooting comments which are not properly documented. If it is documented, it's only internally on Fortinet, not as a public document. Fortinet FortiNAC must work around this and allow partners access to those troubleshooting documents. I would like to see a more refined way to customize the portals. We are not able to do a lot of customization on the Fortinet FortiNAC portals. We cannot change anything or create a title for the Fortinet FortiNAC portal as we can on other portals.
I would like to be able to compare the configuration backup before and after.
The GUI and network visibility in Fortinet FortiNAC could improve. Integration with 3rd-party devices can be improved.
I have 20 years of experience working with these kinds of products with no issues. Any graphical user interface was very easy to use. Now, everything is new. For future releases, I recommend that Fortinet make more series with a hard disk. We have customers who request a hard disk. On the one series, 21.101, we can see it has an internal hard disk. The 101 and 201 have a hard disk, however, the 100 and 200 do not. Keeping the hard disk on the one series will be easier for the distributor and will keep the prices lower for the customer.
The technical support could improve; the response time is quite slow.
When you compare the solution to other NAC solutions like ISE and Portnox, you realize that it is not able to work as a single sign-on device. You need to use it with FortiAuthenticator. If you want to use certificate management, and two-factor authentication, you have to buy a FortiAnalyzer, which is different from ISE. I would like to see these features included with the solution. The reporting can also use improvement.
The interface works fine, but it could be better.
I hope that Fortinet can add a feature with a remediation mechanism when you find a broken piece so that you can click on something and download the needed update or resolve the firewall issue more easily. Currently, we have to use an external remediation server to download updates. For example, the Kaspersky antivirus was originally built just for threat detection and prevention. Still, they've gone to another level where the solution can point to a vulnerability, and you can click a button to remediate it, and the solution goes and pulls the download and fixes it.
The automation in Fortinet FortiNAC could improve.
We have tried to do a small POC and it failed. I had a bad experience with FortiNAC. The customer was asking for a NAC solution. I suggested FortiNAC. The switch with the customer was Cisco and it was not integrated with Cisco. We tried to provide him with a FortiSwitch as the core switch and the solution worked. It's working, however, not the expected way for the customer. The issue is it just doesn't integrate with Cisco switches. They need to change or upgrade the technology in the product. The solution is not stable. We have not been able to scale the product. It's very hard to set up.
Any NAC solution has three to four phases. The first phase is discovery and classification. They do discovery, but they are lacking a lot of features in terms of classification. Also, they don't do a lot of classifications. They cannot help you if, for example, you're classifying Windows, and you want to check which Windows version it is, like Windows 7, Windows 8, Windows 10. It's a little bit difficult. It's not easy like the other products. Classifications and visibility need to be improved a lot. They have to start work on being agentless. Agentless means they need to have strong integration with Windows. They need to use the RTC. They cannot force people to have an agent for people who are going to the domain. There needs to be compatibility with switches. For any NAC solution, all the inputs will be through switches. So if it is not compatible with switches, this is a big disaster. When I was doing their switches, there were a lot of customers whose switches were not compatible with FortiNAC. If these things are well-designed, then they can compete in the NAC market. And also in terms of IOT, they cannot discover the IOT things perfectly or the OT, operation technology, things. In terms of HA, they're having a lot of problems. You just need to put the HA between two clients, and you have a lot of problems. There are problems with the classifications. In terms of control, they're not doing well. They cannot do integration with SCCM, for example. They have a lot of things missing.
Fortinet FortiNAC could further improve its network visibility.
Integration is hard in Fortinet FortiNAC, but they are evolving and getting better. For example, with Cisco, Aruba, Huawei, and Extreme devices, Fortinet FortiNAC is working properly, but some other devices have problems.
Overall, it's a great product. The GUI is a little bit strange — different than other Fortinet products. It could be more user-friendly.
This solution could be more agile. The technical support is in need of improvement.
The response and resolution time for technical support issues need to be improved. Support overall needs to be a little faster.
The problem with Fortinet is that if you want to be 100% secure then you have to buy other products. It should support better integration with third-party solutions. The reporting capability needs to be improved.
I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via FSSO or Certificate management he has to have a persistent agent. The admin UI is not that good. It could be better matched and more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a FortiAuthenticator to build it. The other thing would probably be the visibility granular. For example, when I have a user at a particular branch, I can't tell what SSIDs they are connected to. I only have the IP addresses so if the wireless controller is integrated with FortiNAc, you're going to realize that you won't be able to know whether a particular person is connected, that an AP is connected to a particular SSID, is connected to. . . etc. It only gives you the IP addresses, Host names, etc. That has to be improved and am sure it will be in the next build version. Additional features, would be an agentless link and adopters - online, offline adopters - it picks the IP's, the host names, the layer 3 information, layer 2 information, what's connected. And also to give different privileges, best rule privileges to users. VLAN Interswitching (state based controls) could be quicker when doing the process flow from different sorts of authentication. When it comes to guests or contractors, you don't want to use a dissolvable agents. It dissolves in the process of downloading, but it takes longer and that could be improved.
For our organization and our clients, the price is the main concern. They should work to make it more competitive. Customization could be improved in future releases.
Something that the developers of FortiNAC might look at to improve, is more integration with third-party products. The dashboard also needs to improve.
I think that the course content could be improved, it's not that simple to work through. I'm an expert on Cisco ISE. And also I have CCIE on Cisco. I made a comparison between Cisco ISE and FortiNAC. Cisco ISE has full integration but FortiNAC doesn't.
The implementation process needs improvement. Right now, it's somewhat complicated. They could create some templates to facilitate implementation. Right now everything is done manually, and it just takes a really long time at the initial setup.
I think the network devices need to give more information. In the next release, we'd like to see more information on controlling, for example, adding more policies etc. We should get more information about IoT devices, and have more information available for the users.