Cisco ISE (Identity Services Engine) vs Fortinet FortiNAC comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Oct 3, 2022

We compared Cisco Identity Services Engine and Fortinet FortiNA (ISE)C based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of both solutions find them to be relatively difficult to deploy.
  • Features: Users of both products feel that they are stable and scalable.

    Users of Cisco ISE find its integration capabilities to be valuable. However, they feel that its web interface could be easier to use.

    Reviewers of Fortinet FortiNAC find it easy to use. However, they feel its integration capabilities could be improved.
  • Pricing: Users of both solutions find them to be expensive.
  • Service and Support: For the most part, users of both products find their technical support to be effective.

Comparison of Results: Based on the parameters we compared, Cisco ISE seems to be the slightly superior solution because of its expansive integration capabilities.

To learn more, read our detailed Cisco ISE (Identity Services Engine) vs. Fortinet FortiNAC Report (Updated: May 2023).
709,643 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The return on investment we have seen is related to time in terms of troubleshooting. The logs, such as the security logs, inform us of the issues that people have had. ISE has been very instrumental in helping isolate those issues. We've seen a lot of cost savings because we don't have to pay an IT person to waste time doing something that should be instantaneous.""Cisco offers automation, visibility, and control as well as third party integration capabilities.""It does a good job of establishing trust for each access request, no matter the source. It's also very effective at helping with the distributed network and at securing access.""Among the most valuable features is TACACS.""The most valuable feature is the ASDM - the user interface makes it very easy to configure the firewall.""[One of the most valuable features] is just the ease of use. It's pretty simple to set up certs that we can add to our clients to make sure that they connect properly, [as is] whitelisting Mac addresses.""It's easy to change and add policies.""The most valuable feature is 801.1x and another very good feature is the TACACS."

More Cisco ISE (Identity Services Engine) Pros →

"The most valuable feature of Fortinet FortiNAC is its integration with all other Fortinet solutions.""The network segmentation is the most important part of the solution. The integration with the Zero Trust Access solution is a crucial part of segmenting your network.""The FortiNAC features I found the most valuable are security and the ability to consolidate wireless networks.""With FortiNAC, we don't need to configure the mass client site or access points. For example, we don't need to configure the switching site for a client's site. With Persistent Agent, it makes it much easier.""There are some features that are working well.""The features are more expandable.""All the features of Fortinet FortiNAC are valuable.""It's a very good solution and one thing I have noted is its simplicity and the ease of the set-up process."

More Fortinet FortiNAC Pros →

Cons
"In an upcoming release, it would be nice to have NAC already standard in the solution.""Documentation is probably the worst part of the software.""With the recent release of the solution, we had a bunch of bugs and we had to delay our deployment. Other than that, the solution is good.""In the next release, I would want to see this kind of solution in the cloud as opposed to on prem because when enhancements are made to the software, if it's in the cloud, it's overnight. I mean you're not going to have to respin the servers that the license sits on, it's all microservices kinds of things in the cloud. That would be my recommendation. If I'm a customer, that's what I'm looking at - for cloud based software subscriptions.""Automation [is an area for improvement]. It seems like everywhere I look, automation is super important. Automation and integrations. That's the area it could be improved...""If you have someone taking care of it, it can be quite easy to manage the solution. Otherwise, if you don't look after it and take care of it day-to-day, then it will become more complex to run.""The interface could be more user-friendly and the ability to apply rules to MAC addresses, for example, if I wanted to allow a certain MAC address access at a particular time I cannot make this adjustment.""It would be ideal if Cisco could provide some short training videos or documentation to customers to help them understand how to use the product."

More Cisco ISE (Identity Services Engine) Cons →

"The training from Fortinet FortiNAC could improve. Fortinet has to plan for better training for its partners. Additionally, device management should have more integration with other devices, such as new and third-party devices.""Integration is hard in Fortinet FortiNAC, but they are evolving and getting better. For example, with Cisco, Aruba, Huawei, and Extreme devices, Fortinet FortiNAC is working properly, but some other devices have problems.""I would like to be able to compare the configuration backup before and after.""The interface works fine, but it could be better.""FortiNAC could be more scalable.""The GUI in Fortinet FortiNAC could improve.""The automation in Fortinet FortiNAC could improve.""I hope that Fortinet can add a feature with a remediation mechanism when you find a broken piece so that you can click on something and download the needed update or resolve the firewall issue more easily. Currently, we have to use an external remediation server to download updates."

More Fortinet FortiNAC Cons →

Pricing and Cost Advice
  • "The price of the solution is price fair for the features you receive."
  • "The price is a bit on the high side."
  • "I believe I have paid around $1,000 in licensing fees. The license is annual."
  • "The technology is good, but to use some of the other features, and capabilities, they request that we purchase the Cisco DNA Center. As a result, the bundled price is a little high."
  • "It would be beneficial to have a single license that included all of the features."
  • "The price of Cisco ISE (Identity Services Engine) is expensive and we are thinking about changing to FortiGate."
  • "There is a license to use this solution and the price is reasonable."
  • "It costs around 50,000 baht in the first year, but I'm unsure about the second year."
  • More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →

  • "The price of the license required is based on how many users are going to be using the solution. If you want more users you can upgrade your license."
  • "For the projects that we do the Fortinet FortiNAC is affordable."
  • "It's a pricey solution."
  • "The solution is expensive. However, it is not as expensive as other solutions, such as Cisco ISE."
  • "The price of Fortinet FortiNAC is less than Cisco's solution. However, the price could improve by being reduced."
  • "FortiNAC's price has gone up in the last year. However, compared to other solutions, such as Cisco ISE, it is cheaper."
  • More Fortinet FortiNAC Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
    709,643 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can… more »
    Top Answer:OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers… more »
    Top Answer:Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user… more »
    Top Answer:I've done quite a lot of work with ClearPass, and not a lot with FortiNAC/Bradford. ClearPass incorporates a number of different functions including ClearPass Guest for creating complex wireless… more »
    Top Answer:Hi, The NAC can operate without the 802.1x mechanism on the switch side. Also, I think you are making a very wrong comparison on the basis of the class it belongs to(FortiNac vs FortiAuthenticator).… more »
    Top Answer:The most valuable feature of Fortinet FortiNAC is compliance, which we can do with the clients and the endpoints on the network.
    Ranking
    Views
    36,619
    Comparisons
    25,360
    Reviews
    53
    Average Words per Review
    656
    Rating
    8.1
    Views
    12,344
    Comparisons
    8,213
    Reviews
    15
    Average Words per Review
    483
    Rating
    7.7
    Comparisons
    Also Known As
    Cisco ISE
    FortiNAC, Bradford Networks, Bradford Networks Sentry, Network Sentry Family
    Learn More
    Overview

    Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

    Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

    Features of Cisco ISE

    • Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
    • Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
    • Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
    • Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
    • Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
    • Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
    • Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
    • Device profiling: ISE features predefined device templates for different types of endpoints.
    • Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

    Benefits of Cisco ISE

    Cisco’s holistic approach to network access security has several advantages:

    • Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
    • Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
    • Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
    • Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
    • Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.

    Support

    You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.

    Licensing

    Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

    Reviews from Real Users

    "The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

    Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

    “Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

    Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."




    Fortinet's FortiNAC is a network access control solution that provides visibility, control, and automated response for everything that connects to the network, enhancing the security fabric. FortiNAC protects against Internet of Things (IoT) threats, extends control to third-party devices, and orchestrates automated responses to a variety of networking events.

    Using many information and behavior sources, FortiNAC delivers extensive profiling of even headless devices on your network, allowing you to precisely identify what's on your network.

    You can change the configurations of switches and wireless equipment from more than 70 vendors to implement micro-segmentation regulations. You can also extend the security fabric's reach in diverse contexts.

    With FortiNac, you can respond in seconds to events in your network to stop attacks from spreading. When the relevant behavior is seen, FortiNAC offers a rich and customized set of automation policies that can rapidly trigger configuration changes.

    Fortinet FortiNAC Features

    Fortinet FortiNAC has many valuable key features. Some of the most useful ones include:

    • Agent or agentless (automated) scanning of the network for device detection and classification
    • Generates a list of all the devices on the network.
    • Evaluates the risk of each network endpoint.
    • Consolidates the architecture to make deployment and management easier
    • Gives wide support for third-party network devices to maintain compatibility with current network infrastructure,
    • Automates the process of onboarding a large number of endpoints, users, and visitors.
    • Enables network segmentation and enforces dynamic network access restriction.
    • Reduces the time it takes to contain a problem from days to seconds.
    • Reduces investigation time by reporting events to SIEM with detailed contextual data.

    Fortinet FortiNAC Benefits

    There are many benefits to implementing DX Spectrum. Some of the biggest advantages the solution offers include:

    • Automatic response: FortiNAC will continuously monitor the network, analyzing endpoints to ensure they meet their profile. FortiNAC will rescan devices to verify that MAC-address spoofing does not compromise the security of your network access. FortiNAC can also keep an eye out for unusual traffic patterns. The FortiGate appliances are used in conjunction with this passive anomaly detection. When a compromised or vulnerable endpoint is identified as a threat, FortiNAC initiates a real-time automatic response to confine the endpoint.

    • Total device visibility: FortiNAC monitors the entire network and provides total visibility. FortiNAC searches your network for users, applications, and devices. FortiNAC may then profile each element based on observed attributes and reactions, as well as drawing on FortiGuard's IoT Services, a cloud-based database for identification look-ups, using up to 21 distinct techniques.
    • Dynamic network management: Once the devices and users have been identified, FortiNAC allows for extensive network segmentation to allow devices and users access to critical resources while preventing unauthorized access. FortiNAC employs dynamic role-based network access control to conceptually establish network segments by grouping similar applications and data together to restrict access to a certain set of users and/or devices. If a device is compromised in this way, its capacity to travel through the network and target other assets is constrained. FortiNAC assists in the protection of sensitive data and assets while maintaining compliance with internal, industry, and government standards and directives. Assuring the integrity of devices before they join the network reduces the chance of malware spreading.

    Reviews from Real Users

    Fortinet FortiNAC stands out among its competitors for a number of reasons. Two major ones are its robust network segmentation and its device visibility. PeerSpot users take note of the advantages of these features in their reviews:

    A Senior Proposal Manager at a tech services company writes of the solution, “The network segmentation is the most important part of the solution. The integration with the Zero Trust Access solution is a crucial part of segmenting your network.”

    Eranjaya K., Security Engineer at Eguardian lanka, notes, “We use Fortinet FortiNAC to receive excellent visibility of our network for traffic and what devices are connected to prevent attacks.” He adds, “I have found Fortinet FortiNAC to be scalable.”

    Offer
    Learn more about Cisco ISE (Identity Services Engine)
    Learn more about Fortinet FortiNAC
    Sample Customers
    Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
    Isavia, Pepperdine University, Medical University of South Carolina, Columbia University Medical Center, Utah Valley University
    Top Industries
    REVIEWERS
    Comms Service Provider15%
    Financial Services Firm11%
    Government10%
    Computer Software Company10%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Educational Organization15%
    Government10%
    Comms Service Provider7%
    REVIEWERS
    Comms Service Provider25%
    Manufacturing Company19%
    Educational Organization13%
    Financial Services Firm13%
    VISITORS READING REVIEWS
    Educational Organization22%
    Computer Software Company15%
    Comms Service Provider10%
    Government6%
    Company Size
    REVIEWERS
    Small Business27%
    Midsize Enterprise23%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise25%
    Large Enterprise58%
    REVIEWERS
    Small Business48%
    Midsize Enterprise32%
    Large Enterprise19%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise33%
    Large Enterprise44%
    Buyer's Guide
    Cisco ISE (Identity Services Engine) vs. Fortinet FortiNAC
    May 2023
    Find out what your peers are saying about Cisco ISE (Identity Services Engine) vs. Fortinet FortiNAC and other solutions. Updated: May 2023.
    709,643 professionals have used our research since 2012.

    Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 59 reviews while Fortinet FortiNAC is ranked 4th in Network Access Control (NAC) with 18 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while Fortinet FortiNAC is rated 7.6. The top reviewer of Cisco ISE (Identity Services Engine) writes "Secures devices and has good support, but needs a better interface". On the other hand, the top reviewer of Fortinet FortiNAC writes "Easy to use and monitors the antivirus performance". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Forescout Platform, CyberArk Privileged Access Manager, Fortinet FortiAuthenticator and Microsoft Enterprise Mobility + Security, whereas Fortinet FortiNAC is most compared with Aruba ClearPass, Forescout Platform, Fortinet FortiClient, Portnox CORE and macmon Network Access Control. See our Cisco ISE (Identity Services Engine) vs. Fortinet FortiNAC report.

    See our list of best Network Access Control (NAC) vendors.

    We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.