Fortinet FortiNAC Reviews

We are using Fortinet FortiNAC as a competitive solution to Cisco. We are doing a POC for the solution.

The most valuable features of Fortinet FortiNAC are user device management and there are plenty of policies.

The training from Fortinet FortiNAC could improve. Fortinet has to plan for better training for its partners. Additionally, device management should have more integration with other devices, such as new and third-party devices.

I have been using Fortinet FortiNAC for approximately four years.

I rate the stability of Fortinet FortiNAC an eight out of ten.

The solution is highly scalable and can be done with ease. The solution is suitable for small to large enterprises.

I rate the scalability of Fortinet FortiNAC a nine out of ten.

The support from Fortinet FortiNAC needs to be improved around the world. The response time is too long. The support from other vendors is a lot better, such as Cisco. 

I rate the support from Fortinet FortiNAC a six out of ten.

I have used Cisco solutions and Fortinet FortiNAC has better performance. Additionally, I have used Huawei, Palo Alto, and Juniper.

The initial setup of Fortinet FortiNAC is easy.

The price of Fortinet FortiNAC is less than Cisco's solution. However, the price could improve by being reduced.

The main competitors for Fortinet FortiNAC are Forcepoint and ClearPath. The main diffidence is Fortinet FortiNAC is more expensive but has better stability.

I rate Fortinet FortiNAC nine out of ten.

The primary use case that I have with the FortiNAC is allowing non-domain machines onto the domain Wi-Fi. Windows machines are easy to get onto a secured internal network because we control them, but for other devices such as Macintosh devices, TVs, and printers that we need to get access to the network, we want to be able to do that without having to hand out a password.

I also use it to condense my SSIDs down to one. We have a number of different wireless devices that require their own separate network, and instead of having three or four, or even five different SSIDs, one for each use, I am able to have a single SSID for all of them. This means I can have four or five different devices all with four to five different internal networks, but they all connect to the same wireless network. That has been helping me clean the air and also secure the connection with non-Windows devices into the internal domain.

The FortiNAC features I found the most valuable are security and the ability to consolidate wireless networks.

One of the biggest issues with Fortinet FortiNAC is that it is not intuitive and has a high learning curve.

I have been using Fortinet FortiNAC for a year.

I did not have any issues with the stability of this solution. I have a single instance that is pushed out across 20+ campuses and some use it more while others use it less. Once a device has been connected, set up, and programmed for, I've got little to no complaints about it. So, once it's up and running and set up correctly, I have had no issues with it.

My impression is that it is a scalable solution, but you have to either plan it or pay for it. You can buy additional instances and scale out more that way. The scalability becomes more of a network-wide logistical issue.

This product is quite complex to set up and you have to purchase two or three days' worth of professional installation, which is an added initial expense. This is understandable because it is not something you can pick up and just run with.

I can do the maintenance and updates myself, but I have been able to push some of the basic deployment tasks down to local technicians. I am able to do everything else on my own.

The biggest return on investment has been the security part of the solution. I can be sure that no one gets on my wireless internal network except for the devices IT people add on there because you can't add it with a password.

The other point on ROI is that it saves us time and money by enabling us to not have to come up with alternate solutions and other specialized hardware if I need to connect anything that does not easily fit in.

We have limited the licenses to only specific users and specific roles. We are using around 250, but we have a license for up to a thousand, and I am hoping to be able to expand that at some point.

When you buy the initial product, you pay for a license per device. They are perpetual licenses, so once you purchase them, you are good. Support after that is optional. When we got support, we got it for the appliance. There are hardware appliances, but we just went with a virtual appliance. A thousand licenses for up to a thousand users and three years of support, all came out to around $22,000.

I would rate FortiNAC a nine out of ten.

Our customers are from the security and financial services industries. 

FortiNAC is a network access control. In banking systems and in terminals, we need to manage VLAN and receive reports like IBS and IDS. Every VLAN has specific information to share some, but not all, of the files, because there are restrictions in the banking and financial systems. 

All the features of Fortinet FortiNAC are valuable. We find it beneficial to apply the permission rules. 

I have 20 years of experience working with these kinds of products with no issues. Any graphical user interface was very easy to use. Now, everything is new.

For future releases, I recommend that Fortinet make more series with a hard disk. We have customers who request a hard disk. On the one series, 21.101, we can see it has an internal hard disk. The 101 and 201 have a hard disk, however, the 100 and 200 do not. Keeping the hard disk on the one series will be easier for the distributor and will keep the prices lower for the customer. 

I have been using Fortinet FortiNAC for eight years.

The stability of this product is very good. With FortiNAC you have protection for each of your services.

Technical support from Fortinet can be slow as there are some delays. Just like most service providers, the first line of support is the least knowledgeable, so they refer you to the second or third level of support, which causes delays.

However, to activate the license or extend the warranty, they are fast.

We are able to do all of our projects without support. The stability is good. Therefore, I would rate customer service and support a nine out of ten.

Positive

Deployment of Fortinet FortiNAC took no more than three days. One day for analysis, the second day to implement, and the last day to transfer the implementation documents to the end user and to test it.

We implemented this solution by ourselves. The solution requires one or two engineers to deploy and maintain it.

We evaluated Palo Alto, it is very good, however, it is difficult to transfer knowledge for the end user. Palo Alto also does not have email protection.

Fortinet performs all the services we require from them. The implementation of the solution is easy. 

Overall, I would rate Fortinet FortiNAC a nine out of ten. 

We use the tool to ensure that we have network access. It also helps us avoid stranger devices getting into the LAN or Wi-Fi. 

The tool provides us with a list of devices that tries to connect to our network. It offers us a lot of network visibility.

The solution's licensing price should be improved. 

I have been using the product for three years. 

I would rate Fortinet FortiNAC's stability a ten out of ten. 

I would rate the product's scalability a ten out of ten. 

Fortinet FortiNAC's setup is straightforward. 

We have seen ROI with the tool's use and it is high. 

I would rate the product an eight out of ten. 

Fortinet FortiNAC is very easy to use, and we can run the proof of concept in one day. The main part of the configuration is to create the policies. We can present more of the solution and protect more clients with it.

One of our customers had a network segmentation project on which they were going to segment their network with new VLANs. They would have to spend a lot of time configuring around 500 switches if the segmentation was done without a NAC. We presented Fortinet FortiNAC to them, and we were able to help them with the VLAN segmentation project. With the Fortinet FortiNAC, you don't need to do the segmentation because the solution helps with the VLAN micro-segmentation. We could do all the segmentation they were planning by creating policies on the Fortinet FortiNAC. They only had to create the VLANs on all the 500 switches, which was easy because they have their network management solution and Aruba switches. All they needed to do was create the SNMP configuration. We had to discover all the switches because NAC has this feature on which you discover all the network devices, point the IP range, and then the NAC tries to find network devices in the environment. We created the policies the way they wanted. For instance, if it is an IP phone, it should go to the IP VLAN; if it is a Windows desktop, it should go to the desktop VLAN; and if it is a Windows server, it should go to the server VLAN. We created such policies using Fortinet FortiNAC, and we were able to help our customers reduce their expenses with their network project.

The most valuable feature of Fortinet FortiNAC is compliance, which we can do with the clients and the endpoints on the network. We can specify many rules to check if the device is on the domain and if there is any allowed process running on the endpoint. We can use the Fortinet FortiNAC to monitor if the antivirus is working and is up-to-date on the endpoint. If there is something wrong with the endpoint, we can quarantine it so that the endpoint won't have access to the internet or will only have access to the NAC portal that tells the user what is wrong with their endpoint.

Fortinet FortiNAC's documentation should be improved because there's not much debugging or troubleshooting documentation for the Fortinet FortiNAC. We had to open a ticket with Fortinet for an issue we faced on the FortiNAC. During this ticket handling, we were able to learn a lot of troubleshooting comments which are not properly documented. If it is documented, it's only internally on Fortinet, not as a public document. Fortinet FortiNAC must work around this and allow partners access to those troubleshooting documents.

I would like to see a more refined way to customize the portals. We are not able to do a lot of customization on the Fortinet FortiNAC portals. We cannot change anything or create a title for the Fortinet FortiNAC portal as we can on other portals.

I have been using Fortinet FortiNAC since 2018.

I rate Fortinet FortiNAC an eight out of ten for stability because I had issues with its previous versions.

I rate Fortinet FortiNAC a ten out of ten for scalability. We have plans to use Fortinet FortiNAC even more in the future. We have three ongoing projects, two projects that we just closed, and ongoing proof of concepts for another project.

Fortinet FortiNAC's technical support is very good. There are not a lot of Fortinet technicians enabled to troubleshoot FortiNAC. However, when we find one, they are very helpful.

It is straightforward to deploy Fortinet FortiNAC until you reach the compliance part. If you have a simple compliance rule, you have just one policy. However, with Fortinet FortiNAC, we can create layers of compliance, and that's when it gets complicated since there is no visual way to see those layers. You need to know your configuration to understand the layers. If someone new accesses the Fortinet FortiNAC solution and tries to look through your policies, they will need time and training to understand how the layers of compliance work.

One of our customers was going to spend more than 100 hours with technical people to configure all the segmentation they were planning for their network project. With the help of Fortinet FortiNAC, we reduced it from 100 hours to 10 hours of effort.

We are using the Fortinet FortiNAC 9.2 version. Since Fortinet FortiNAC is a network access control solution, it is better to have it on-premises, and closer to the devices it will manage.

Sometimes we have a lot of issues either because of the old models of switches the customers are using, or the customer is using a type of switch that is not manageable. However, that's more of a design issue.

You must have a good network for you to be able to use Fortinet FortiNAC. If you don't have a full network project with new devices and router switches, you must first fix your network.

Overall, I rate Fortinet FortiNAC a nine out of ten.

Fortinet FortiNAC is a network address control solution that we use as an identity and access management server. We integrate it with network devices and workstations to create policies and privileges for network access and device management. It also performs posture checks on Windows workstations to ensure compliance with security policies before granting network access. Essentially, it profiles endpoints and workstations, and checks for security compliance (such as updated patches, enabled firewall, and vulnerability compliance) before granting network access.

The most valuable feature of Fortinet FortiNAC is its integration with all other Fortinet solutions.

The GUI and network visibility in Fortinet FortiNAC could improve.

Integration with 3rd-party devices can be improved.

I rate Fortinet FortiNAC for approximately two years.

Fortinet FortiNAC is stable.

We have one customer using this solution.

We have approximately 20 users using the solution.

The solution is scalable.

I have contacted the support from Fortinet FortiNAC. The response time could be quicker.

I rate the support from Fortinet FortiNAC a seven out of ten.

Neutral

I have used Cisco ISE and Aruba ClearPass, and Fortinet FortiNAC is a lot easier to set up.

The initial setup of Fortinet FortiNAC is easy. The time it took to set up was approximately five hours.

The solution is expensive. However, it is not as expensive as other solutions, such as Cisco ISE.

If people are looking for a smooth operation and don't want the trouble of using Cisco ISE or Aruba ClearPass, Fortinet FortiNAC is a great solution to consider. It's easy to set up, especially if you have an all-Fortinet environment with FortiSwitches, FortiGate Firewall, and FortiAPs. It can make your life much easier.

I rate Fortinet FortiNAC a seven out of ten.

I use FortiNAC to limit access to our network; it's our firewall. We are customers of Fortinet and I'm a technical manager. 

The solution provides good performance, is easy to use and easy to configure.

The technical support could improve; the response time is quite slow. 

I've been using this solution for two years. 

The solution is stable. 

The solution is scalable, we have 100 users. 

Customer support could be improved as their response times can be quite slow. 

Neutral

We pay an annual licensing fee; this is quite an expensive solution. 

I rate this solution seven out of 10. 

The primary use case is for the visibility of the entire network architecture. It provides visibility to the switches, and routers to see the domain users, contractors, and guest users. It provides network access control, to be able to tell what endpoints are running on the machine, and what windows updates are on the machine. It is also used for cyber threat control.

The most valuable feature of the solution is having visibility over the IoT devices on the network. It allows the organization to see all the machines on the network, who is accessing what at which time, and what they are doing.

When you compare the solution to other NAC solutions like ISE and Portnox, you realize that it is not able to work as a single sign-on device. You need to use it with FortiAuthenticator. If you want to use certificate management, and two-factor authentication, you have to buy a FortiAnalyzer, which is different from ISE. I would like to see these features included with the solution.

The reporting can also use improvement. 

I have been using the solution for three years.

The latest version of the solution is stable.

The scalability is good. You can control as many users as you want.

The support is useful. They are usually able to log on and resolve the issues.

Neutral

The initial setup is straightforward on VMware, but it gets complex if you try to set up for example on Hypervisor. You need to have advanced knowledge to have a successful setup.

We implement the solution for other clients.

I rate the solution a seven out of ten.

If the deployment is strictly on a wired network it takes about a week however, if it is primarily on a wireless network it can take about three weeks.

Maintaining the solution is easy. The only area that may require additional support is if there is a large number of new guest users on the network. That requires admin approval for each user individually and takes time.

I would say it is a good solution, especially if you have IOT onboarding with a sponsor. You will be able to manage your users in a seamless way.