Fortinet FortiAuthenticator Reviews

One of the most valuable features is the simple FSSO (Fortinet Single Sign-On) configuration that helps to manage user-based security rules.

It is a cool security product. It's easy to use, implement and maintain, but there is room for improvement.

When we came across access management, we required several technical features to help manage user access to critical systems and remote access. That’s why we always go for a SSO two-factor authentication server. FortiAuthenticator is a bundle of these features. It has its own hardware and software token for two-factor authentication. It supports single sign-on and seamless integration with user-based web filtering, without any prior authentication. It can act as a Radius server to support other systems for Radius authentication. One of the common practices is using FortiAuthenticator with Dot1.X network access control.

The GUI is not fancy enough and some of the settings are difficult to access.

Part of the configuration has to be done by CLI, which is not friendly for security administrators.

Integration with other firewalls may not be as good as expected.

I have used it for two years, mostly implementation for clients.

No stability issues so far, as long as the number of users is not too large.

No issues for scalability: It is easy to add new resources as we deploy virtual machines.

FortiCare can provide prompt replies. They have basic knowledge on every single product in the Fortinet family. They have a standard protocol to response to support cases which is great. They are willing to accept RMA for technical difficulties that cannot be solved in a short period of time.

I have tried Cisco ISE as a NAC solution. Cisco ISE is the "Terminator" of NAC solutions, which has numerous features to prevent unauthorized access. However, its integration with FortiGate firewall is not great. When I use the SSLVPN service from FortiGate, it fails to authenticate with two-factor authentication. For this, using FortiAnthenticator would be a good choice for its genuine integration.

It is quite straightforward to set up the FortiAuthenticator. We mainly deploy as a virtual machine. An OVF file is provided by Fortinet and you just simply compile the file in the VMware environment. Upon simple configuration, such as IP address and default gateway, you can access the web GUI and do any configuration, as you like.

Licensing is straightforward, as Fortinet provides stackable licenses for FortiAuthenicator. Count the number of users and select sufficient licenses. Pricing is acceptable; much cheaper than Cisco ISE.

I have tried Cisco ISE. For state-of-the-art features, I would recommend Cisco ISE because of its brilliant features. But I would recommend FortiAuthenticator, if you are currently using FortiGate firewall and you seek a well-suited, complimentary NAC solution.

The need for a NAC solution depends on your infrastructure. If you are a Fortinet user, FortiAuthenticator would be a nice choice to enhance security on VPN and web access. However, there are many other choices, such as ForeScout, which is vendor-neutral, to support different systems from different vendors.

The valuable features are:

• Two-factor authentication
• User ID with our LDAP service
• Integration with our other FortiGates

By using one of our units as a load-balancing slave, we were able to roll out location-based VPNs that created quicker connections to local servers for our end users. Furthermore, incorporating a LBS unit has provided preventative measures and ensured that our remote users can still connect if a failure occurs on our master authentication unit.

It was initially difficult to sync our high availability, load-balancing slave (LBS) to our master unit. There were some initial issues connecting it and syncing with our master FortiAuthenticator unit. After reaching out to Fortinet support, it turned out that the unit needed a software update.

I would like to see the following:

• Creating an easier implementation of software patches.
• Designing the admin profiles to sync across, instead of having to recreate them. (I see how this could be problematic with security measures.)

We've been using our master unit for about a year and our LBS for about six months.

We had some stability issues. Our first LBS unit wouldn't work properly the first time and that wasted a lot of time. Eventually, it died and we had to RMA the unit.

We didn't have any issues with scalability.

The technical support we received from Fortinet was responsive. When we experienced problems, they were able to fix our issues.

Before implementing our FortiAuthenticators, we used our main FortiGate as a way to push out two-factor codes to our users. After a while, this option was not working. As we continued to grow, we needed something more substantial and manageable.

The initial setup was somewhat difficult in syncing our LDAP service to our main FortiGate.

Before using the FortiAuthenticator, we pushed out tokens via our main FortiGate.

If you want a more efficient way to manage two-factor authentication for your users, or implement the unit as a cluster member role, the FortiAuthenticator can be incorporated very well into your environment.

We connect FortiAuthenticator to different servers' active directories and use it for value authentication and VPN client authentication.

We use FortiAuthenticator for server login, terminal servers, Windows servers, and Linux servers. We have configured the solution for SSL VPN authentication with a Fortinet token.

The UI is user-friendly.

I've used the solution for three or four years.

Fortinet FortiAuthenticator is highly stable.

I rate Fortinet FortiAuthenticator's scalability a ten out of ten. Our clients are typically medium or enterprise-sized. Small customers typically don't use FortiAuthenticator.

We haven't raised tickets for FortiAuthenticator, but Fortinet's support is very good. We found a block in FortiGate, and I had to open a ticket in FortiMail, but the public documentation is very helpful.

Positive

The initial setup is easy. Only the Fortinet Access Control is difficult. The network access control solution is a difficult topic as well. It's not that the product is difficult. It's the environment, connecting to the switches, the firewalls, the zones, and the difficult appliances. FortiAuthenticator is easy to use and install.

However, I know FortiAuthenticator, so the initial setup was easy when I saw this product. The initial setup for all of the Fortinet products is typically easy.

The deployment time depends on the difficulty of the destination environment. Our last installation took four days. After that, we created the system's documentation, which took one day.

I rate Fortinet FortiAuthenticator a nine out of ten.

As a customer I’m currently testing the solution.

The solution's most valuable feature is its authentication capabilities.

You don't get a free version to automate alerts and access all features. For additional features, you will need to buy or sync it with other solutions.

I have been using the solution for approximately two to three years. I’m currently using version 6.4.6.

The solution is stable.

The product is scalable as it operates on the cloud.

The technical support is good.

Positive

The initial setup is straightforward. I deployed the product to test it.

The product is affordable.

It’s a good product for small and large enterprises. Overall, I rate it a nine out of ten.