Fortinet FortiNAC Reviews

You can simply control whole network even you can check your switches configuration

Compliance checks are a good feature. Compliance check is for windows updates and for antivirus updates, etc. 

Security is also good. No guest can enter without credentials, such as usernames and passwords. You have full visibility, which is very good.

The implementation process needs improvement. Right now, it's somewhat complicated. They could create some templates to facilitate implementation. Right now everything is done manually, and it just takes a really long time at the initial setup.  

I've been using the solution for three years.

The solution is stable.

The solution is easily scalable. Once you have one working correctly, you can expand easily to make it as big as you want. However, setting up the first properly takes time.

I've contacted technical support three or four times. They have been very good.

We didn't previously use a different solution.

The initial setup is complex. How long it takes to deploy depends on the complexity of the project, for example, if you are setting up the solution at branches or just at one location. So long as the team is cooperating and coordinating, it shouldn't take more than three months. You only need one to two engineers to deploy the solution. Afterward, you may only need one person for maintenance.

You need professional engineers to set up the solution. Only trained and experienced people will be able to handle the implementation.

We use the on-premises deployment model.

In terms of advice I'd give to others, I'd say the most important thing to worry about is organizing the network, like active directory groups and groups of users, etc. Organize the groups with VLAN IDs that are not too specific and the VLANs should be on all company switches.

I'd rate the solution eight out of ten.

The solution is generally used for compliance and other related items such as network visibility. 

The most valuable features of the solution are the user-friendliness, the graphical interface, and the technical support. The interface is very nice and the customization is good.

Overall, our clients seem to be quite pleased with the product.

For our organization and our clients, the price is the main concern. They should work to make it more competitive.

Customization could be improved in future releases.

I recently deployed the product. I've been using it for about a year.

Regarding scaling, I don't believe I would know about the requirements related to scaling the product. However, in terms of the device itself, my client is fully sufficient with the license. He has the number of devices he needs in order to monitor everything. I don't believe our client has scaled it, so I don't know how easy or difficult scaling is.

Our clients are largely medium-sized enterprises and may have up to about 400 devices on site. 

I've never reached out to technical support myself and have never opened a support ticket, but I have heard that the solution is quite good at handling customer queries.

We've used community support and it's been quite good. We've found most of the answers to our queries using it.

The initial setup is quite straightforward. We didn't run into any complexities during the implementation.

We're a Fortinet partner.

I would recommend the product to others. Usability is a crucial thing for networking and this product offers that. I'm not familiar with other NAC products. However, I think every organization should be implementing NAC. That does not always mean just FortiNAC products. There are other NAC products as well. We are very fortunate to have access to such products that continue to help our customers.

Overall, I'd rate the solution eight out of ten.

I don't exactly remember the version our clients are using currently, however, and I believe it is vm based for 2000 devices.

We don't actually use the solution in our own organization, but we have deployed it and we provide service, support, and monitoring on the devices to our clients.

I'm a senior network architect and our company is a reseller of FortiNAC. This is a new product for me and we'll be starting implementation shortly. We've been testing the product and I'm just finishing the course. I'll be implementing for our client which is a medium-size company.

The interface is good and simple to use. Some of the ideas presented on the online course could be clearer, like policy creation. But the interface and other features are very good. 

I think that the course content could be improved, it's not that simple to work through. I'm an expert on Cisco ISE. And also I have CCIE on Cisco. I made a comparison between Cisco ISE and FortiNAC. Cisco ISE has full integration but FortiNAC doesn't.

I've been using FortiNAC for just one month.

I'll have a better idea next week about the stability, once it's been tested in the production environment.

The communication with customer support is fine from an administration perspective. But it's lacking documentation on the concept of how the technology works. There are no documents in the FortiNAC library relating to network function. 

I would rate this product an eight out of 10. 

We are only consultants, so we implement FortiNAC for our customers. The good part about FortiNAC is that it works seamlessly across either public cloud, private cloud, a hybrid one or on premises. So, depending on the client's requirements, I usually suggest that they go for public cloud where they have remote locations, and that they go for an application where they have a large deployment, adequate network and technical staff to support the requests.

The features we generally propose is basically agent-based authentication and the agent case solution product for wireless endpoints, which allow them to do automatic registration, and the third would be the health checks.

Something that the developers of FortiNAC might look at to improve, is more integration with third-party products. The dashboard also needs to improve.

FortiNAC is quite a stable solution. 

FortiNAC is a highly scalable product. The licenses remain unlimited. It's a subscription-based license, which is based on the usage and number of concurrent users. So the good part is that it can be deployed out of any environment.

The technical support for us has been extremely good and the local support is excellent. 

The initial setup was easy and straightforward. The deployment can be done within a day.

The good thing about FortiNAC is that it's more vendor agnostic. And then we have the deployed FortiNAC activate solution, which are different kinds of firewalls, which works perfectly fine. 

On a scale from one to 10, my rating for this program will be a nine. Additional features that I would like to see included in the next release of this solution is more integration with third-party products and probably some improvements on the dashboard.

The solution is good at giving a deep dive into each product. It tells you, for example, what is connected to the network. It gives us good reporting tools.

I think the network devices need to give more information.

In the next release, we'd like to see more information on controlling, for example, adding more policies etc. We should get more information about IoT devices, and have more information available for the users.

Scalability can be improved.

The solution is good, so I've had no reason to contact Technical Support.

This is the first product we have used.

The initial setup was straightforward. You only need one person for deployment and maintenance.

We used a consultant to assist with implementation. They were good. We didn't have a problem with them.

We evaluated so many other products but we found the features of this solution to be the most valuable.

I would rate this solution at a seven or eight out of 10. If they improved their network devices and their IoT product I would rate them higher. The solution is pretty inexpensive. That's why we are using it. I am satisfied with the interface, the dashboard, and the overall support.

The primary use case is that we are using it as a network access control (NAC), preventing external devices from plugging into the network or foreign computers from joining the network.

We are using the latest version.

When it works, it's great. It keeps things off the network which are supposed to be off the network.

When it works, doing what it's supposed to.

Not using a Java front-end would be fantastic. It takes forever to load the system up and get in there to configure everything. It is too slow to do anything at all.

The stability is relatively poor, as it has taken us roughly 12 months to get the network access control to be functional. It took us six months to get the USB lockdown to work appropriately. It still false flags mice, etc. On top of it, it broke once we finally got the network access control working. It literally took us 12 months for people to be blocked on an Ethernet connection, and it takes about 90 seconds to knock them off. Even then, it's only 50/50. We have escalated this every week for 12 months, and I'm not sure we'll be renewing this contract.

The technical support is bad. We've had to escalate to Tier 2 and Tier 3. My customer relationship manager on the other side of this has stopped returning phone calls and emails, because there has been such a constant back and forth.

We didn't have something prior. We had someone do a security audit on us, and they made some recommendations of things that we were missing. We contacted a managed service provider to recommend things to fix these issues, and this was one of those things. We went with what the managed service provider recommended as a solution along with having a short timeframe.

The initial setup was highly complex. Every time you get one piece to work, everything else breaks. We have not been able to get a full solution in place.

We used a managed service provider to help get everything up and running.

The process was frustrating. The managed a lot of our network as is, and they've done several of these setups. They moved from the previous version to the newest version, and they have even stopped recommending it as a solution because they don't want to do this again with another customer.

Look into the complexity of using tools. Anything that is difficult to manage will probably be painful to maintain.

We have a very aggressive roadmap with a fairly mature security posture. 

It’s a unified place where we can manage campus onboarding/BYOD NAC security.

It has provided port/wireless security to all devices trying to connect to our campus network.

Interaction with other vendors switches & APs should be more thoroughly tested as integration between Networks Sentry and other networking equipment needs to be seamless for this product to work.

I've been using it for five years.

We had no issues with deployment.

We had no issues with the stability.

We had no issues with the scalability.

Customer Service leaves a lot to be desired. Most times the engineers blame the customer’s network even even before they collect the necessary data regarding an issue. We’ve discovered several flaws and bugs with the system in various occasions, only to have Bradford support deny there’s a problem or make fun of the customer. Also, response time on cases has been terrible. After opening a case, it could take days before an initial response from TAC is performed. Even after that... cases can linger open for weeks or months before any feasible solution is found. We had a case regarding integration with Aerohive open for over a year. Furthermore, case resolution follows very non-standard Practices in the industry. In many instances, TAC engineers close the cases without notice or without asking the customer if it's OK to close the case or if the issue has been resolved.

This is the first NAC appliance we ever used on-campus.

Initial set-up required engineers to be on-site to configure the box to work with our network. Thus, I would say it was complex (this was in 2010; it might be different now).

We implemented through a team provided by the vendor. I would advise to test implementation in a small building before make a campus-wide deployment.

Pricing & Licensing are fair as far as we can tell.

I would make sure this product integrates well with the customer’s network before deployment. We had to move away from this product recently on the Wireless side of the network as the Sentry would not integrate well with our Aerohive Wireless Infrastructure. We had an issue where the Sentry would not properly communicate with the APs and thus would let customers blocked from our network for no particular reason. Since this issue went unresolved for over three years, we decided to implement a different Wireless NAC solution and cut back our Bradford licenses to less than half of the original (we’re now using Bradford only to secure our wired network).

Auto Switch port Tagging – Allows for easy management without using consoles.

Currently this product manages access to our Wi-Fi network, it also us used to prevent rouge devices from gaining access to our LAN.

I've used it for one and a half years.

It deployed just fine for us.

Issues with polling switches, hosts not being updated with accurate host names affected its stability.

It scaled well enough for us.

As there is currently not any UK based support – Poor.

Personally did not set up the product but rather complex overhearing conversations.

This is a very complex product which is very good when used correctly, it has control over fundamental parts of your network so correct configuration and implementation strategy is a must.