Fortinet FortiNAC Reviews

I use FortiNAC to limit access to our network; it's our firewall. We are customers of Fortinet and I'm a technical manager. 

The solution provides good performance, is easy to use and easy to configure.

The technical support could improve; the response time is quite slow. 

I've been using this solution for two years. 

The solution is stable. 

The solution is scalable, we have 100 users. 

Customer support could be improved as their response times can be quite slow. 

Neutral

We pay an annual licensing fee; this is quite an expensive solution. 

I rate this solution seven out of 10. 

We use Fortinet FortiNAC for network access and identity protection.

The product's most valuable feature is its ability to protect devices connected to network service.

The product could be more user-friendly in terms of GUI than HPE. The configuration needs improvement as well.

We have been using Fortinet FortiNAC for two years.

It is a stable platform. I rate its stability a ten out of ten.

I rate the product’s scalability an eight out of ten. We have 100 users for it.

The product’s technical support services are good. Although sometimes, they respond slowly.

Neutral

I rate Fortinet FortiNAC’s initial setup process a seven out of ten. It takes two days to complete. The deployment process involves configuring the network access policies within the Azure environment.

It is a reasonable product.

It is a good product considering network security. It supports multiple devices and is easy to use. I can repair the box quickly in case of some failure. I rate it an eight out of ten.

I was a distributor and system integrator of FortiNAC. We were opening a lot of tickets and there were lots of bugs, so I replaced it with Forescout very easily. Within two days, I replaced everything. With FortiNAC, I was just doing the implementation, making things work properly, and beginning testing after five days.

FortiNAC is deployed on-prem. They're not major enough to be on cloud. Even on-prem is not doing good.

Version 9.1 has been an improvement on previous versions. It's a good solution for SMB.

Any NAC solution has three to four phases. The first phase is discovery and classification. They do discovery, but they are lacking a lot of features in terms of classification. Also, they don't do a lot of classifications. They cannot help you if, for example, you're classifying Windows, and you want to check which Windows version it is, like Windows 7, Windows 8, Windows 10. It's a little bit difficult. It's not easy like the other products. 

Classifications and visibility need to be improved a lot. They have to start work on being agentless. Agentless means they need to have strong integration with Windows. They need to use the RTC. They cannot force people to have an agent for people who are going to the domain. There needs to be compatibility with switches. For any NAC solution, all the inputs will be through switches. So if it is not compatible with switches, this is a big disaster. When I was doing their switches, there were a lot of customers whose switches were not compatible with FortiNAC.

If these things are well-designed, then they can compete in the NAC market. And also in terms of IOT, they cannot discover the IOT things perfectly or the OT, operation technology, things.

In terms of HA, they're having a lot of problems. You just need to put the HA between two clients, and you have a lot of problems. There are problems with the classifications. In terms of control, they're not doing well. They cannot do integration with SCCM, for example. They have a lot of things missing.

I started using FortiNAC since Fortinet bought it in 2018. They bought it with Bradford, and I was one of the few people in Saudi who knows FortiNAC. I have known FortiNAC since it was 7.2, and there were a lot of bugs. Even now, 8 has a lot of bugs.

Now they have jumped to 9.1 and 9.2. I used version 9.1.2. They just changed the dashboard, but it's still agent based. I deeply know what FortiNAC is doing, and it's not doing good. I used to work with them, and then I left. Now, I'm purely working with Forescout technology.

It's not a stable solution. If you want to do the HA, suddenly both appliances will be gone. Both FortiNAC and Forescout are being built on CentOS Linux. Doing HA with FortiNAC, which should be very simple, is just a disaster. I know three customers who are complaining.

I have switched to Forescout because in regards to technology, application, visibility, and control, Forescout is unbelievable. Forescout is a great platform for OT things.

I would rate this solution 5 out of 10. 

It's a difficult solution. I used to be the FortiNAC guy, so I will be tough on them. In Saudi, I was the number three FortiNAC guy.

I can recommend FortiNAC for SMBs: small and medium businesses, but they will still suffer. I would recommend Forescout more.

We use Fortinet FortiNAC to control user access and enforce system policies.

Fortinet FortiNAC helps add an extra layer of security.

The ease of deployment is valuable.

Fortinet FortiNAC's device compatibility could be improved, particularly for VoIP devices.

I have been using Fortinet FortiNAC for two years.

We have experienced stability issues, particularly with the latest firmware versions. The extended development cycle for these updates makes us hesitant to adopt new products immediately upon their release.

I would rate the stability of Fortinet FortiNAC a seven out of ten.

Fortinet FortiNAC is scalable.

When I compare the support of Fortinet to Cisco, I find it to be good but not as good as Cisco's.

Neutral

We previously used Cisco ISE and switched to Fortinet FortiNAC because the users found it more user-friendly and it was cheaper.

The deployment is straightforward and takes around 60 days to complete.

Fortinet FortiNAC is reasonably priced.

I would rate Fortinet FortiNAC a seven out of ten.

Fortinet FortiNAC is a network address control solution that we use as an identity and access management server. We integrate it with network devices and workstations to create policies and privileges for network access and device management. It also performs posture checks on Windows workstations to ensure compliance with security policies before granting network access. Essentially, it profiles endpoints and workstations, and checks for security compliance (such as updated patches, enabled firewall, and vulnerability compliance) before granting network access.

The most valuable feature of Fortinet FortiNAC is its integration with all other Fortinet solutions.

The GUI and network visibility in Fortinet FortiNAC could improve.

Integration with 3rd-party devices can be improved.

I rate Fortinet FortiNAC for approximately two years.

Fortinet FortiNAC is stable.

We have one customer using this solution.

We have approximately 20 users using the solution.

The solution is scalable.

I have contacted the support from Fortinet FortiNAC. The response time could be quicker.

I rate the support from Fortinet FortiNAC a seven out of ten.

Neutral

I have used Cisco ISE and Aruba ClearPass, and Fortinet FortiNAC is a lot easier to set up.

The initial setup of Fortinet FortiNAC is easy. The time it took to set up was approximately five hours.

The solution is expensive. However, it is not as expensive as other solutions, such as Cisco ISE.

If people are looking for a smooth operation and don't want the trouble of using Cisco ISE or Aruba ClearPass, Fortinet FortiNAC is a great solution to consider. It's easy to set up, especially if you have an all-Fortinet environment with FortiSwitches, FortiGate Firewall, and FortiAPs. It can make your life much easier.

I rate Fortinet FortiNAC a seven out of ten.

The customer required centralizing control to control access, detection, and network control. He requested processing a simple management point, the access, the devices, and distribution, and wanted to manage all the customer devices. He had a history of working with FortiNAC devices and wanted us to do the same. So I installed the product to understand it. 

The features are more expandable. 

The interface works fine, but it could be better.

It was for a one-time product solution for a customer for about one year, and I'm still maintaining it. So far, we've had one client for it.

The solution is stable.

The product is scalable.

We never had to use customer service or support, so it expired.

Neutral

It was easy to set up the product. 

I would rate this solution seven out of ten.

I was certified in FortiNAC (Part of Fortinet-NSE6) last year and I've personally implemented FortiNAC in three organizations. We work as a team with people who have expertise in different areas and Vendors and have exposure to different infrastructures.

FortiNAC scans your network to discover every user, application, and device (IOT), With up to 18 different techniques, it can then profile each element based on observed characteristics and responses for granular visibility - We then apply state-based control(eth0 VLAN switching) and Policy based control rules for access control and response.

Anyone (Domain users, Contractors, guests, etc) wanting to connect to the network has to be accessed by the NAC. Users come in at different times and some may be working from branches or home through a VPN and they will be authenticated in the same way with different privileges on the Network.

So it has to run 24/7. It's authenticating users all the time. We are gold partners with FortiNac. 

There are quite a number of things that are valuable about this solution. Having dealt with Cisco ISE, I realize that FortiNAC is different in a way that gives you granular visibility of the entire network infrastructure related to IOT devices (Who, What, When, Which information). It's helpful that you can know what's going on from your phone, your tablet, and from home. The solution provides containment, reporting and security event-alarm mapping and saves log and carries out further analysis for cyber thefts. It really is a good solution.

I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via FSSO or Certificate management he has to have a persistent agent.

The admin UI is not that good. It could be better matched and more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a FortiAuthenticator to build it.

The other thing would probably be the visibility granular. For example, when I have a user at a particular branch, I can't tell what SSIDs they are connected to. I only have the IP addresses so if the wireless controller is integrated with FortiNAc, you're going to realize that you won't be able to know whether a particular person is connected, that an AP is connected to a particular SSID, is connected to. . .  etc. It only gives you the IP addresses, Host names, etc. That has to be improved and am sure it will be in the next build version. 

Additional features, would be an agentless link and adopters - online, offline adopters - it picks the IP's, the host names, the layer 3 information, layer 2 information, what's connected. And also to give different privileges, best rule privileges to users. 

VLAN Interswitching (state based controls) could be quicker when doing the process flow from different sorts of authentication. When it comes to guests or contractors, you don't want to use a dissolvable agents. It dissolves in the process of downloading, but it takes longer and that could be improved.

I've been using the solution for a year and a half. 

FortiNAC is Pretty stable. We initially had a couple of troubleshooting issues in the deployments but we worked them out and it's fine now and has pretty good Visibility across the Network for every device, application and user, extend Control of the Network to third-party products and automated responsiveness.

You won't find so many NAC solutions like it. I mean it's granular, you will see a lot that you need to ask. It will give you all the controls you need and it has event alarm mapping, - I mean "you can't control what you can't see"

It is very scalable, you can have as many features and access points as you want. as you have. It depends on the licenses, but you can have as many IoT devices (Switches, routers, Firewals, WLC, etc) as you want and as many features as you want. You can have visibility to all the ports of the switches on the NAC, you can easily see  Who, What, When, Which information then control and respond

Technical support is good. You create a ticket and within that ticket you explain what challenges you're facing. They assign you an engineer who'll help solve the issue. It's pretty easy and straight forward and they're always there to help. 

Initial setup is pretty easy. If you're doing a VM setup, you do the registration on the Fortinet portal, and then you set the IP addresses. I think it's pretty good when you're implementing it the first time, it's very easy but when you get to tests, which are the UAT's, you're most likely to have a few issues that you need to be aware of.

Deployment time depends on the kind of customer. For example, the current implementation I'm doing has an assessing vendor. 90% of the network is wireless and 10% is cabled in network. They have more than 80 access features, more than 80 routers, and two wireless controllers. They have a number of databases and different firewalls - to use that fountain it slows things down. You're also dealing with Domain users, contractors and Guests in different locations. Obviously this will take more time than a project with less infrastructure devices. It really depends on the nature of the infrastructure.

There is a base license level which pretty much gives you topologies and groupings automation/control, etc. When it comes to policies, it's only going to give you user host profiling and network access. If you're looking for endpoint compliance, integrations, Incidence response and reporting, then you have to go for an Plus or PRO license.

You need to think about what you need as a company. There are so many government institutions, so many corporate institutions in the world that want to protect their networks. People have different privileges within a network, an instructor cannot have the same privileges as a normal user and the guest. We have guests coming onto our network, contractors coming to work at different times on the network, the main users who are working in different departments and who shouldn't have access to some platforms. When it comes to authentication you need to make sure you're protected from all kinds of threats. You have different products, Vendors and divices that all need to be controlled. If something goes off you need to know where and why. 

I would rate this product a eight out of 10. It's still evolving. 

We use this solution to control the network.

With FortiNAC, we don't need to configure the mass client site or access points. For example, we don't need to configure the switching site for a client's site. With Persistent Agent, it makes it much easier.

I would like to be able to compare the configuration backup before and after.

After version nine, the solution has been stable. There were some issues with stability in the previous versions.

It is a scalable solution. Some of my customers have nearly 100 endpoints. I use sync topology with my customer who has over 2000 clients or endpoints.

The technical support is fast, and I would rate them at nine out of ten for speed.

I would rate the documentation in relation to problem solving at seven out of ten.

Fortinet FortiNAC is easier to deploy than Cisco ISE or Aruba ClearPass. However, you have to know authentication systems and requirements when implementing on NAC devices.

FortiNAC's price has gone up in the last year. However, compared to other solutions, such as Cisco ISE, it is cheaper.

If you're considering implementing FortiNAC, I recommend determining which type of implementation is suitable for your needs.

FortiNAC can handle most configurations easily, but Cisco ISE works with only Cisco devices. Thus, FortiNAC is suitable for multivendor topologies, whereas Cisco ISE is not. Overall, I would rate FortiNAC at eight out of ten.